Another potential class-action lawsuit has been filed in response to the MAPCO Express breach, reported previously on this blog. The suit also names the convenience chain’s parent company, Delek U.S. Holdings Inc., as defendants. Read more on Tuscaloosa News.
The complaint by Ian Yeager was filed on June 17, and an amended complaint (uploaded here) was filed July 1. But Yeager’s complaint was not the first lawsuit filed over this breach, and MAPCO has moved to dismiss Yeager’s complaint, or in the alternative, transfer and stay it in light of previous and almost identical complaints also filed in the Northern District of Alabama by other customers who are represented by other law firms.
It is not clear that any of the plaintiffs are claiming that they, personally, suffered any fraudulent charges or ID theft. The Burton complaint, for example, states:
As a direct and proximate result of Defendant’s conduct, the Class suffered damages including, but not limited to, loss of control of their credit card and other personal financial information; monetary loss for fraudulent charges incurred on their accounts; fear and apprehension of fraud, loss of money, and identify theft; the burden and cost of credit monitoring to monitor their accounts and credit history; the burden and cost of closing compromised accounts and opening new accounts; the burden of closely scrutinizing credit card statements for past and future transactions; damage to their credit history; loss of privacy; and other economic damages.
Sounds pretty generic to me, unless they can demonstrate that they had to pay for unreimbursed credit monitoring, or that they incurred unreimbursed fraudulent charges and/or their credit report actually shows decreased credit rating as a result of the breach.
The sole basis for their complaints seems to be negligence – that MAPCO did not provide adequate security and failed to notify them as soon as practical.
Unless they have some proof of actual damages, I expect that the suits will get consolidated and dismissed. But then, I am not a lawyer.