A Chicago appeals court has resurrected the Neiman Marcus data breach case that was dismissed a year ago.
350,000 customers’ credit card information was breached two years ago, and the luxury department store admitted that more then 9,000 of the accounts were used for fraudulent purposes. According to the Wall Street Journal, shortly after the attack “several customers filed a class-action lawsuit against the company seeking at least $5 million in damages.”
The case was tossed because Neiman Marcus stated that “there was no injury to the customers mainly because credit card companies later reimbursed them for fraudulent charges.” The plaintiffs countered by arguing that they were not compensated for the time and money they put forward to deal with problems related to the breach and that there was no guarantee that they would not be exposed to fraud in the future.
Recently, the Seventh U.S. Circuit Court of Appeals in Chicago agreed with the plaintiffs, stating that the case can move forward because there is a “substantial risk” to the victims.
Donna Wilson, a partner at Manatt, Phelps & Phillips LLP said, “For years, virtually all courts have said the mere risk of identity theft is not enough. You have to have an actual unreimbursed theft.” Wilson believes that companies will have to deal with more lawsuits related to data breaches.