Data Security, Privacy & Technology

Justin Boron, Kevin Ringel and Danielle Ocampo successfully obtained a dismissal on all counts in a data breach class action lawsuit. Plaintiffs alleged they suffered injuries as a result of a data breach incident and sought damages on behalf of a putative class of 284,443 individuals. The court granted our client’s motion to dismiss and dismissed Plaintiffs’ complaint in its entirety. The court agreed with our client’s arguments and ruled that Plaintiffs failed to allege that they had been actually harmed by the data breach in a way that is fairly traceable to our client, and, because of this, lacked standing to pursue the claims. 

Stern, et al. v. Academy Mortgage Corporation; District of Utah, Central Division; Case No. 2:24-cv-00015-DBB-DAO 

Danielle Ocampo and Chris Weber successfully defended a local medical clinic against a lawsuit brought by a self-represented attorney. The plaintiff, a patient of the clinic, claimed the clinic violated California’s privacy laws by using pixel tracking technology on its website to collect personal information about the plaintiff from use of the website. The plaintiff was trying to file an individual claim after opting out of a class action settlement. The court agreed with FMG’s argument that the plaintiff didn’t provide enough specific facts to support a wiretapping claim and dismissed the case.  

Michael S. Geller v. Riverside Medical Clinic; Superior Court for the State of California for the County of Riverside – Moreno Valley; Case No. CVMV2404340  

David Cole and Matt Foree won a motion to dismiss a class action lawsuit filed against Oklahoma City University over a July 2022 data breach. The proposed class action alleged the University failed to protect the personal information of more than 27,000 students and employees that was exposed in the incident. However, Mr. Cole and Mr. Foree argued the plaintiffs did not have standing to sue because there were no allegations of misuse of anyone’s information that actually resulted in harm, such as identity theft or fraudulent accounts or charges. Judge Timothy DeGiusti of the U.S. District Court for the Western District of Oklahoma agreed and dismissed the lawsuit in its entirety. In his opinion, Judge DeGiusti concluded that “Plaintiff has failed to plausibly allege an actual, present injury that would support her claims for damages, or an imminent threat of future harm that would warrant injunctive relief.”

This case represents a significant win not only for the University, but also for other businesses that are increasingly victimized by cybercriminal attacks, only to then find themselves also targeted by class action lawsuits seeking money damages, even without any evidence of harm. FMG’s Data Security & Privacy attorneys are at the forefront of this continually developing area of law, and zealously represent businesses and organizations of all kinds in data breach and privacy litigation around the country.