Orrick, Herrington & Sutcliffe LLP write:
On June 30, the U.S. Court of Appeals for the First Circuit overruled a district court’s dismissal of a putative class action against a home delivery pharmacy service for allegedly failing to prevent a 2021 data breach that exposed the personally identifiable information (PII) of over 75,000 patients. The class action complaint alleged state law claims for negligence, breach of implied contract, unjust enrichment, invasion of privacy, and breach of fiduciary duty, and sought damages and injunctive relief. The putative class was comprised of U.S. residents whose PII was compromised in the data breach. The two named plaintiffs were former or current patients whose PII were compromised in the data breach, and one of the two named plaintiffs had her stolen PII used to file a fraudulent tax return. The district court dismissed the lawsuit for lack of Article III standing.
Affirming in part and reversing in part, the 1st Circuit held that the complaint “plausibly demonstrates” the plaintiffs’ standing to seek damages, applying the principles articulated by the Supreme Court in TransUnion LLC v. Ramirez, which clarified the type of concrete injury necessary to establish Article III standing (covered by InfoBytes here).
Read more at JDSupra.