DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Seventh Circuit revives data breach lawsuit against P.F. Chang’s

Posted on April 15, 2016 by Dissent

Samantha Bomkamp reports that the Seventh Circuit has done it again when it comes to allowing data breach lawsuits to go forward:

A lawsuit over a 2014 data breach at P.F. Chang’s has been revived by an appeals court, which said two plaintiffs have shown enough evidence to pursue their claim.

Two Illinois men, John Lewert and Lucas Kosner, filed suit against the restaurant chain after dining at the P.F. Chang’s in Northbrook in April 2014, paying with their debit cards, according to the filing. Kosner claimed that four fraudulent charges were made on his debit card in June 2014. Lewert didn’t have any fraudulent charges, the lawsuit said. The two men initially filed separate lawsuits that were consolidated, but their suit was dismissed by a lower court.

 

Read more on Chicago Tribune.

You can read Judge Wood’s opinion here.  Relying on their previous opinion in Remijas v. Neiman Marcus to explain why the plaintiffs do have standing, the court writes:

In the present case, several of Lewert and Kosner’s alleged injuries fit within the categories we delineated in Remijas. They describe the same kind of future injuries as the Remijas plaintiffs did: the increased risk of fraudulent charges and identity theft they face because their data has already been stolen. These alleged injuries are concrete enough to support a lawsuit. P.F. Chang’s acknowledges that it experienced a data breach in June of 2014. It is plausible to infer a substantial risk of harm from the data breach, because a primary incentive for hackers is “sooner or later[] to make fraudulent charges or assume those consumers’ identities[.]” Id. at 693. Lewert is at risk for both fraudulent charges and identity theft. Kosner has already cancelled his debit card, but he is still at risk of identity theft. Other members of the would–be class will be in the same position as one or the other named plaintiff.

Similarly, Lewert and Kosner have alleged sufficient facts to support standing based on their present injuries. Kosner asserts that he already has experienced fraudulent charges. Even if those fraudulent charges did not result in injury to his wallet (he stated that his bank stopped the charges before they went through), he has spent time and effort resolving them. He also took measures to mitigate his risk by purchasing credit monitoring for $106.89. Lewert alleged that he has spent time and effort monitoring both his card statements and his other financial information as a guard against fraudulent charges and identity theft.

Category: Business SectorU.S.

Post navigation

← IE: Personal details of almost 2,000 civil servants incorrectly ‘leaked’ – PSEU conference
VA physician leaves patient files in his car, and…. →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Credit Control Corporation data allegedly from 9.1 million consumers listed for sale on forum
  • Copilot AI Bug Could Leak Sensitive Data via Email Prompts
  • FTC Provides Guidance on Updated Safeguards Rule
  • Sentara Health terminates remote employees after realizing they couldn’t be sure who was doing the work.
  • Hackers Break Into Car Sharing App, 8.4 Million Users Affected
  • Cyberattack pushes German napkin company into insolvency
  • WMATA Train Operators Arrested in Health Care Fraud Scheme
  • Washington Post investigating cyberattack on journalists, WSJ reports
  • Resource: State Data Breach Notification Laws – June 2025
  • WestJet investigates cyberattack disrupting internal systems

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Vermont signs Kids Code into law, faces legal challenges
  • Data Categories and Surveillance Pricing: Ferguson’s Nuanced Approach to Privacy Innovation
  • Anne Wojcicki Wins Bidding for 23andMe
  • Would you — or wouldn’t you?
  • New York passes a bill to prevent AI-fueled disasters
  • Synthetic Data and the Illusion of Privacy: Legal Risks of Using De-Identified AI Training Sets
  • States sue to block the sale of genetic data collected by DNA testing company 23andMe

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.