Login Register Subscribe
Current Issue

Woman seeks reinstatement of dismissed Michaels Stores hacking case

Reprints

A plaintiff in a purported class action suit stemming from a 2014 data breach at Michaels Stores Inc. is seeking reinstatement of her case, which was dismissed by a U.S. District Court last month.

In a ruling that has just been publicized, the U.S. District Court in Central Islip, New York, had dismissed the case filed against Irving Texas-based arts and crafts retailer Michaels last month by Mary Jane Whalen, holding Ms. Whalen had not suffered an actual injury.

Michaels Stores initially reported possible fraudulent activity Jan. 25, 2014, according to court papers in Mary Jane Whalen v. Michael Stores Inc.

Three months later, it reported that hackers had used malicious software to retrieve credit and debit card information, although there was no evidence that any other information, such as names, was retrieved. Michaels estimated that about 2.6 million cards had been affected between May 8, 2013 and Jan. 27, 2014.

Ms. Whalen, who used her credit card at a Michaels in Manhasset, New York, in December 2013, said her credit card was later presented at a gym and for payment to a concert ticket, both in Ecuador. “But Whalen does not allege that the attempted charges were approved or that she suffered any financial loss,” said the Dec. 28 ruling.

Ms. Whalen filed suit against Michaels Stores in December 2014, charging she had suffered actual damages and faces an increased risk of future harm.

“But Whalen has not alleged that she suffered any unreimbursed charges,” said the ruling, in dismissing the case. “There are no allegations that Whalen was required to pay the charges made in Ecuador.”

The ruling also refers to the U.S. Supreme Court's 2013 ruling in James R. Clapper Jr. v. Amnesty International USA et al., in which the court held that alleged injuries must be “concrete, particularized and actual or imminent.”

Ms. Whalen argues she has standing to file suit because of lost time and money associated with credit monitoring and other mitigating expenses, says the District Court ruling. But, “the Supreme Court has dismissed this type of argument, explaining that plaintiffs 'cannot manufacture standing' through credit monitoring.”

The court also held that Ms. Whalen did not face an increased risk of future harm. These “allegations of future harm are too remote to establish an injury-in-fact,” said the ruling.

Ms. Whalen filed notice with the court that she planned to appeal the ruling with the 2nd. U.S. District Court of Appeals in New York on Wednesday.

Commenting on the ruling, Matthew J. Siegel a member of law firm Cozen O'Connor in Philadelphia, said, “It's become increasingly difficult for plaintiffs to allege, really, any harm when all that's happened is credit card information in a vacuum has been taken,” if it is not combined with other stolen data, such as medical records or social security numbers.

“Courts are really picking up on the fact that you're not really harmed if someone just gets access to credit cards,” so long as there are remedial measures in place, such as being able to instantly cancel the cards, said Mr. Siegel, who added he does not believe the ruling will be successfully appealed.