Much to the dismay of companies, on August 1, 2017, the U.S. Court of Appeals for the D.C. Circuit made it easier for plaintiffs, and their attorneys, to bring class action data breach cases. In Attias v. CareFirst, Inc., Case No. 16-7108, the Court concluded that the plaintiffs’ heightened risk of future identity theft was sufficient to show standing at the pleading stage. With CareFirst, the D.C. Circuit becomes the second U.S. Court of Appeals to reach this conclusion. The 7th Circuit, in Remijas v. Neiman Marcus Grp., 794 F.3d 688 (7th Cir. 2015), was the first.
D.C. Circuit Concludes Heightened Risk of Future Identity Theft Enough for Standing in Data Breach Class Action