Observers say the favorable ruling in financial institutions' Target Corp.'s data breach case will likely have no bearing on consumers' likely success in pleading their own case because different legal issues are involved.
Litigation filed by consumers in the case has been consolidated in U.S. District Court in St. Paul, Minnesota, along with the parallel litigation filed by the financial institutions, but is being considered separately.
“The first rule of attack in almost all consumer data breach allegations” is whether the consumers suffered an injury, and that was not an issue in the banks' case, where there was no question of this, said Barry Goheen, a partner with law firm King & Spalding L.L.P. in Atlanta.
But it is a question in the consumer case. Experts say based on other courts' rulings in other data breach litigation, consumer plaintiffs may have a harder time than the financial institutions in surviving a motion to dismiss, because they will have to establish they were harmed by the breach.
Most courts have said the risk of harm “is not an actual harm,” said Gary A. Kibel, a partner with law firm Davis & Gilbert L.L.P. in New York.
A federal judge's refusal to dismiss litigation brought by credit card issuers against Target Corp. in the wake of 2013's massive data breach is significant and could influence other courts to hold retailers liable in similar cases.