On March 8, 2018, the Ninth Circuit overturned a Las Vegas federal court ruling and found that the threat of future harm related to identity theft was sufficient to allow the plaintiffs to have standing to sue. In this case, the plaintiffs were victims of identity theft after a 2012 data breach of the online retailer Zappos.com in which hackers stole names, account numbers, passwords, email addresses, and payment information. Some plaintiffs alleged that their information was used in actual identity theft or fraud after the breach while others did not experience those damages.
The court found that the allegations of increased risk of future identity theft posed a “credible threat of real and immediate harm.” Specifically, the court found that “the information taken in the data breach still gave hackers the means to commit fraud or identity theft.”
This case will assist Las Vegas and Henderson consumers by permitting their data breach related claims to move forward in the courts even if those consumers have not yet experienced identity theft or fraud as a result of the theft of their personal information.