A trio of decisions illustrates the challenge of obtaining class certification in class actions based on data breaches. Relatively few courts have addressed the issue of class certification in data security and privacy lawsuits, but three of the courts to do so have refused to certify the classes.  Dolmage v. Combined Ins. Co. of Am., No. 14 C 3809, 2017 U.S. Dist. LEXIS 67555, at *7 (N.D. Ill. May 3, 2017); In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21, 33 (D. Me., 2013); and In re TJX Cos. Retail Sec. Breach Litig., 246 F.R.D. 389, 397-98 (D. Mass., 2007).  In denying certification, the courts reasoned that the data-breach actions involved individualized questions regarding causation or damages and therefore failed the commonality or predominance tests under Fed. R. Civ. P. 23(a) and 23(b)(3).  The decisions illustrate how the inherent aspects of a data-breach make class certification challenging for plaintiffs that bring actions premised on a data breach. In re TJX Cos. Retail Sec. Breach Litig. involved one of the largest retail security breaches in which criminals hacked the computer system of a retail company and compromised 45 million credit and debit accounts.  The plaintiffs, an association […]

The post Class Certification Proving Challenging in Data Breach Actions appeared first on Faruki PLL.