Venkat Balasubramani discusses the decision in Holmes v. Countrywide Financial Corp., et al.:
In August 2008, a Countrywide employee engaged in a scheme to steal confidential customer information from Countrywide. An investigation found that the employee gained access to data from 2.4 million loan customers, and sold this information to unknown third parties for the whopping amount of $70,000. Countrywide sent notification letters to affected customers and offered two years worth of free credit monitoring.
Countrywide was hit with several class action lawsuits as a result of this data breach. The lawsuits were consolidated and eventually settled. Holmes and some members of his proposed class objected to the settlement which the court approved, notwithstanding the objections. Eventually, Holmes and Stiers (and their spouses) filed their own non-class complaint against Countrywide. One of the plaintiffs purchased credit monitoring services. The other expended sums for changing their telephone numbers due to the increased volume of telemarketing calls they received.
Standing: The court says that plaintiffs have standing under Sixth Circuit law (also citing to Krottner v. Starbucks). The credit monitoring and money spent to change the telephone number were sufficient to satisfy injury for Article III standing purposes.
The Merits: Plaintiffs don’t fare so well on the merits.
Read more on Technology & Marketing Law Blog.
Given how data breach cases have fared in the courts, I’m not sure why plaintiffs keep bringing them if they don’t have a stronger case showing unreimbursed financial harm or other compensable injury. It may not seem fair or just that you can’t recover for time spent monitoring your credit, etc., but unless Congress changes some laws, the only ones who stand to benefit from these cases are lawyers.
via Eric Goldman