Please E-mail suggested additions, comments and/or corrections to Kent@MoreLaw.Com.
Date: 07-18-2023
Case Style:
Case Number: 2:22-CV-728
Judge: Dale A. Kimball
Court: United States District Court for the District of Utah (Salt Lake County)
Plaintiff's Attorney: Jason Hull, Trevor Lang, Alex Phillips, Rains Borrelli
Defendant's Attorney: Douglas C. Smith and Jon Kardassakis
Description: Salt Lake City, Utah civil litigation lawyers represented Plaintiffs who sued Defendant on a breach of contract theory for damages sustained as a result of a data breach.
This case is a proposed class action pertaining to a data breach of Plaintiffs' work email accounts in 2021. Plaintiffs worked for a job skill training non-profit company, Defendant Easter-Seals-Goodwill, which had retail store locations in Idaho, Montana, Utah, and Wyoming.
They claim that their emails contained sensitive and confidential employee and client information. They further allege that when Defendant finally announced the Data Breach, it deliberately underplayed the severity of the breach and misrepresented that “we are not aware of any reports of improper use of information as a direct result of this incident,” even though Defendants knew cybercriminals had infiltrated its systems.
Plaintiffs contend that Defendant's failure to timely detect and report the Data Breach made victims vulnerable to identify theft without any warnings to monitor their financial accounts or credit reports to prevent unauthorized use of their personal identifiable information (“PII”). Thus, Plaintiffs and members of the proposed nationwide Class claim that they are victims of Defendant's negligence and inadequate cyber security measures.
Specifically, Plaintiffs and members of the proposed Class allege that they trusted Defendant with their PII but that Defendant betrayed that trust because it failed to properly use up-to-date security practices to prevent the Data Breach.
Ms. Kilgore's Claimed Injuries
Since the Data Breach, Ms. Kilgore alleges the following injuries resulting from the Data Breach:
• she has experienced fraudulent attempts to use her PayPal account to purchase firearms;
• she has received spam texts and phone calls;
• she has spent, and will have to spend, considerable time and effort over the coming years monitoring her accounts to protect herself from identity theft;
• her personal financial security has been jeopardized and there is uncertainty over what personal information was revealed in the Data Breach;
• she has suffered actual injury in the form of damages to and diminution in the value of her PII-a form of intangible property;
• her privacy has been invaded by the access to and exfiltration of her PII, which is now in the hands of third-parties not authorized to view or possess her PII;
• she has suffered imminent and impending injury arising from the substantially increased risk of fraud, identity theft, and misuse resulting from her PII, especially her Social Security number, being placed in the hands of criminals; and
• she has suffered and continues to suffer annoyance, interference, and inconvenience as a result of the Data Breach, as well as anxiety and stress caused by the loss of privacy, fraud that he suffered, and risk of future harm.
B.E.'s Claimed Injuries
Since the Data Breach, B.E. alleges the following injuries resulting from the Data Breach:
• he has experienced fraudulent attempts to use his Visa card and Costco membership to purchase products;
• he has spoken with all three major credit bureaus and frozen his credit. He has paid money to each of the bureaus for fraud protection services and continues to incur monthly expenses to try to protect his identity;
• he has received phishing emails since the Data Breach;
• he has spent, and will have to spend, considerable time and effort over the coming years monitoring his accounts to protect himself from identity theft. Plaintiff's personal financial security has been jeopardized and there is uncertainty over what personal information was revealed in the Data Breach;
• he has suffered actual injury in the form of damages to and diminution in the value of his PII;
• his privacy has been invaded by the access to and exfiltration of his PII, which is now in the hands of third parties not authorized to view or possess his PII;
• he has suffered imminent and impending injury arising from the substantially increased risk of fraud, identity theft, and misuse resulting from his PII, especially his Social Security number, being placed in the hands of criminals; and
• he has suffered and continues to suffer annoyance, interference, and inconvenience as a result of the Data Breach, as well as anxiety and stress caused by the loss of privacy, fraud that he suffered, and risk of future harm.
Claimed General Injuries Suffered by Plaintiffs and Proposed Class Members
• According to experts, one out of four data breach notification recipients become a victim of identity fraud;
• monetary losses and lost time; and
• they have also suffered or are at an increased risk of suffering:
a. the loss of the opportunity to control how their PII is used;
b. the diminution in value of their PII;
c. the compromise and continuing publication of their PII;
d. out-of-pocket costs associated with the prevention, detection, recovery, and remediation from identity theft or fraud;
e. lost opportunity costs and lost wages associated with the time and effort expended addressing and trying to mitigate the actual and future consequences of the Data Breach, including, but not limited to, efforts spent researching how to prevent, detect, contest, and recover from identity theft and fraud;
f. delay in receipt of tax refund monies;
g. unauthorized use of stolen PII; and h. the continued risk to their PII, which remains in the possession of Defendant and is subject to further breaches so long as Defendant fails to undertake the appropriate measures to protect the PII in its possession
Plaintiffs have asserted causes of action for negligence; negligence per se; breach of contract, including breach of the implied covenant of good faith and fair dealing; unjust enrichment; invasion of privacy; and requests for declaratory judgment and injunctive relief. Through the instant motion, Defendant has moved to dismiss the Complaint under FRCP 12(b)(1) for lack of Article III standing and under FRCP 12(b)(6) for failure to state a claim.
Outcome: Motion to dismiss denied.
Plaintiff's Experts:
Defendant's Experts:
Comments: