Sony Breach Plaintiffs’ Green Light May Be Short-LivedOctober 15, 2012 – In The News
A California federal judge's decision to let Sony Corp. customers proceed with their putative data breach class action provides plaintiffs with a possible way to get past the motion-to-dismiss stage. The plaintiffs, however, will need to prove that a credible threat of real and immediate harm has taken place in the massive data breach, which allegedly failed to protect customers private information from hackers.
The dispute goes back to April 2011, when Sony discovered that hackers had broken into its network and obtained user data, such as credit and debit card information, for as many as 31 million customers. A week after the incident, Sony informed the public and admitted that its own failures “may have had a financial impact on our loyal customers,” the complaint said.
According to Al Saikali, the issue of whether consumers in data breach cases have suffered such injuries is “sort of a mixed bag right now,” although he noted that it tends to favor defendants, with notable exceptions including the Eleventh Circuit's Sept. 5 decision in Resnick v. AvMed Inc. and the First Circuit's October 2011 decision in Anderson v. Hannaford Brothers Co.
Fox Rothschild LLP partner Scott Vernick said that Hannaford case differed from the Sony class action because the Hannaford plaintiffs were able to demonstrate that they'd suffered out-of-pocket losses in having to pay for replacement credit cards. Likewise, in the Resnick ruling, the court revived a putative data breach class action after finding the plaintiffs had made an explicit connection between the stolen materials and the subsequent opening of bogus bank accounts.
While the plaintiffs attempted to demonstrate injury by arguing that their PlayStation consoles had diminished in value since the breach and that they had spent money attempting to reduce the risk of identity theft, Judge Battaglia concluded that these assertions proved insufficient to allow their seven causes of action.