Samantha Bomkamp reports that the Seventh Circuit has done it again when it comes to allowing data breach lawsuits to go forward:
A lawsuit over a 2014 data breach at P.F. Chang’s has been revived by an appeals court, which said two plaintiffs have shown enough evidence to pursue their claim.
Two Illinois men, John Lewert and Lucas Kosner, filed suit against the restaurant chain after dining at the P.F. Chang’s in Northbrook in April 2014, paying with their debit cards, according to the filing. Kosner claimed that four fraudulent charges were made on his debit card in June 2014. Lewert didn’t have any fraudulent charges, the lawsuit said. The two men initially filed separate lawsuits that were consolidated, but their suit was dismissed by a lower court.
Read more on Chicago Tribune.
You can read Judge Wood’s opinion here. Relying on their previous opinion in Remijas v. Neiman Marcus to explain why the plaintiffs do have standing, the court writes:
In the present case, several of Lewert and Kosner’s alleged injuries fit within the categories we delineated in Remijas. They describe the same kind of future injuries as the Remijas plaintiffs did: the increased risk of fraudulent charges and identity theft they face because their data has already been stolen. These alleged injuries are concrete enough to support a lawsuit. P.F. Chang’s acknowledges that it experienced a data breach in June of 2014. It is plausible to infer a substantial risk of harm from the data breach, because a primary incentive for hackers is “sooner or later[] to make fraudulent charges or assume those consumers’ identities[.]” Id. at 693. Lewert is at risk for both fraudulent charges and identity theft. Kosner has already cancelled his debit card, but he is still at risk of identity theft. Other members of the would–be class will be in the same position as one or the other named plaintiff.
Similarly, Lewert and Kosner have alleged sufficient facts to support standing based on their present injuries. Kosner asserts that he already has experienced fraudulent charges. Even if those fraudulent charges did not result in injury to his wallet (he stated that his bank stopped the charges before they went through), he has spent time and effort resolving them. He also took measures to mitigate his risk by purchasing credit monitoring for $106.89. Lewert alleged that he has spent time and effort monitoring both his card statements and his other financial information as a guard against fraudulent charges and identity theft.