On the heels of the Target settlement, another security data breach class action has been dismissed for lack of standing under Article III. In the lawsuit In re Horizon Healthcare Servs., Inc. Data Breach Litig., 2015 WL 1472483 (D.N.J. Mar. 31, 2015), a federal district court held that class plaintiffs alleged neither sufficient injury nor causation to establish standing.
In that case, an unknown thief stole from the company’s headquarters two password-protected laptop computers containing personal information of company members. Id. at *1. The company reported the theft to law enforcement the next day. A month later, it notified potentially affected members of the theft by letter and press release. Id. In its notification, the company informed members that “[d]ue to the way the stolen laptops were configured, we are not certain that all of the member information contained on the laptops is accessible.” It also offered credit-monitoring protection. Id.