Since the Seventh Circuit revived the class action lawsuit, Remijas v. Neiman Marcus, there has been a lot of buzz about how the opinion will make it easier for consumers going forward. The opinion (appended to this file), addresses Article III standing, which has been a major stumbling block in the majority of lawsuits.
But skip on over to the Third Circuit for a minute, where it appears that the FTC submitted a filing on July 24th that tries to use the Neiman Marcus opinion to support its case against Wyndham. The FTC argues, in part:
… In Remijas v. Neiman Marcus Group, LLC, No. 14-3122 (July 20, 2015) (attached), the Seventh Circuit found that the victims of a breach of credit card data had alleged an injury-in-fact that gave them standing to sue the retailer from whose computers the data were stolen. The decision reverses a district court decision relied on by Wyndham in its opening and reply briefs (Br. at 48; Reply at 34) and supports the FTC’s argument in this case that the FTC’s complaint adequately alleged consumer harm. FTC Br. 52-61.
Wyndham has claimed that the FTC failed to plead facts showing consumer injury because credit card companies typically reimburse the victims of fraudulent charges. In response, the FTC has observed, inter alia, that even if Wyndham’s victims had been reimbursed, the complaint stated a valid cause of action by alleging that consumers spent “time and money resolving fraudulent charges and mitigating subsequent harm.” FTC Br. 58. Remijas supports that argument. The court there held that even though the victims were reimbursed for fraudulent charges, plaintiffs had alleged “identifiable costs associated with the process of sorting things out,” including “the aggravation and loss of value of the time needed to set things straight, to reset payment associations after credit card numbers are changed, and to pursue relief for unauthorized charges.” Slip Op. 7. Those alleged harms were sufficient to give plaintiffs standing.
Wyndham’s lawyers fired back that the FTC’s contention is incorrect:
As an initial matter, Remijas is inconsistent with other databreach cases, including this Court’s decision in Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011). More importantly, Remijas did not address the consumer-injury requirements of Section 5—only the less rigorous standing requirements of Article III.
While the test for constitutional standing is exceedingly low, see, e.g., Blunt v. Lower Marion Sch. Dist., 767 F.3d 247, 278 (3d Cir. 2014) (requiring only “some specific, identifiable trifle of injury”), the FTC Act contains two additional requirements: the injury must be (1) “substantial,” which, to have any meaning, must be something more than the injury required by Article III; and, (2) not “reasonably avoidable by consumers themselves.” 15 U.S.C. § 45(n). Those requirements mean that time and money spent resolving fraudulent charges cannot satisfy Section 5(n), even if they might confer standing under Article III.
As the Ninth Circuit explained in Davis v. HSBC Bank Nevada, an “injury” is not actionable under Section 5(n) “if consumers are aware of, and are reasonably capable of pursuing, potential avenues toward mitigating the injury after the fact.” 691 F.3d 1152, 1168-69 (9th Cir. 2012). Davis rejected the notion that avoiding injury is itself sufficient, framing the issue as “not whether subsequent mitigation was convenient or costless, but whether it was reasonably possible.” Id.; see also Reply Br. 31-35. The FTC’s claim here is classic bootstrapping that would eviscerate the “reasonably avoidable” requirement.
Finally, the FTC’s argument that Wyndham consumers suffered unreimbursed fraud loss is implausible because—after investigating the cyberattacks against Wyndham for nearly five years and contacting hundreds of consumers—the FTC admitted that it has not identified a single individual consumer who suffered unreimbursed fraud loss (let alone “substantial” loss that was “not reasonably avoidable”).
So will Remijas have any impact on FTC v. Wyndham? I guess we’ll have to see when we finally get an opinion from the Third Circuit.