A defendant moved to dismiss a negligence count related to a cyberattack by hackers who gained access to personally identifiable information and protected health information. The motion was denied, and the case was allowed to continue.
WHY THIS IS IMPORTANT… A primary reason cyber-attack litigation has been largely unsuccessful is that the courts have ruled that unless a plaintiff can show actual damages, there was no cause of action. In this case, the court ruled the plaintiffs did not need actual damages. They had standing to seek the cost of present and future account monitoring. They do not need to show actual damages from having their personal information stolen. If this rule takes hold, it will significantly expand exposure from cyber-attack litigation.
Comments