BreachExchange mailing list archives
Data-Breach Class Action Against Coca-Cola Survives
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Thu, 1 Oct 2015 18:23:46 -0600
http://www.thelegalintelligencer.com/id=1202738699309/DataBreach-Class-Action-Against-CocaCola-Survives?slreturn=20150901141026 Coca-Cola lost its bid to dismiss a proposed class action filed against it by a former employee who said his identity was stolen after 55 laptops with employee data went missing from the bottling company’s possession. U.S. District Judge Joseph F. Leeson Jr. of the Eastern District of Pennsylvania rejected Coke’s argument that plaintiff Shane K. Enslin’s potential future damages were speculative and that any injuries that have already occurred couldn’t be causally linked to Coke’s loss of the laptops. “Here, plaintiff’s harms are not ‘future harms,’ but ongoing, present, distinct and palpable harms,” Leeson said, noting Enslin has already suffered alleged theft of funds from his bank accounts, unauthorized use of credit cards and the unauthorized issuance of a new credit card in his name. Enslin, who worked as a service technician for Keystone Coca-Cola Bottling Co. in the Poconos region, also claimed that someone used his personally identifiable information (PII) to get a job with UPS. “Courts that have passed on claims arising out of the loss or theft of PII have hesitated to find the existence of a constitutional injury-in-fact before lost PII is actually misused, but a number of courts have found that plaintiffs who have already suffered identifiable identity attacks, by contrast, have standing to advance their claims,” Leeson said. Leeson further rejected Coke’s motion to dismiss Enslin’s claims based on damages he has suffered to prevent future harm. Leeson differentiated this case from others that have found the cost to protect against future events is no more of an actual injury than the alleged increased risk of an injury when PII is stolen. Leeson said the money and time Enslin has put out to stop future identity theft was to combat “actual, imminent and impending harms.” “Here, [Enslin] incurred an expense in connection with his action to close his bank account in response to unauthorized access,” Leeson said. “[Enslin] also expended time and effort protecting other credit cards and bank accounts from the identity thieves, which [Enslin] did in response to ongoing harms, not harms that were merely ‘hypothetical.’” Coke further argued the timeframe between when Enslin stopped working for Coke in 2007 and the time his PII was misused in 2014 was too great a span to show a causal connection. It also argued the information stolen couldn’t have given rise to the harm Enslin suffered. “Although seven years passed between [Enslin’s] employment and the misuse of his information, the chain linking the loss of [Enslin’s] SSN, credit cards, and banking information, and the subsequent identity attacks [Enslin] suffered, is plausible,” Leeson said.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- Data-Breach Class Action Against Coca-Cola Survives Audrey McNeil (Oct 02)