Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
The decision by the U.S. Judicial Panel on Multidistrict Litigation to consolidate the Anthem cyberbreach lawsuits to California surprised many but may prove to be an advantage for the plaintiffs.
In an order issued June 8, the MDL panel transferred all cases related to the cyber-attack on health insurance giant Anthem Inc. to the U.S. District Court for the Northern District of California. Although Anthem has its headquarters in Indianapolis, the panel noted Anthem is the largest for-profit health insurer in California and maintains several offices there.
“We’re disappointed the case didn’t come to the Southern District of Indiana given the vast majority of plaintiffs and defendant who wanted it to come here,” said Irwin Levin, managing partner of Cohen & Malad LLP. “The judges of the Southern District would have done an excellent job.”
The lawsuits stem from a massive data breach that Anthem experienced sometime between Dec. 10, 2014, and Feb. 4, 2015. Personal information, including Social Security and credit card numbers, were stolen from an estimated 80 million current and former customers.
A decision in this litigation could have a far-reaching impact, said William Riley of Price Waicukauski & Riley LLC.
“Because we have such an information-based economy, this case could very well shape how negligence is assigned to a corporation regarding information for the next 25 or 30 years,” he said.
Despite the alarming loss of private data, plaintiffs still face the difficult task of proving they have been harmed by the breach. Linking information believed to have been stolen in a cyberattack to a specific injury or an impending injury has been a high hurdle to clear.
However, a 2014 ruling from U.S. District Court for the Northern District of California lowered that hurdle a little. Federal Judge Lucy Koh, who will be handling the Anthem case, found the plaintiffs in the breach of Adobe Systems Inc. do have standing to sue.
In In re Adobe Sys., Inc Privacy Litig., No. 13-CV-05226-LHK (N.D. Cal. Sept. 4, 2014), she rejected the defendant’s argument that the plaintiffs could not show they had suffered any harm from the theft of their personal data.
Koh wrote in her 41-page order, “[T]o to require Plaintiffs to wait until they actually suffer identity theft or credit card fraud in order to have standing would run counter to the well-established principle that harm need not have already occurred or be ‘literally certain’ in order to constitute injury-in-fact.”
She also wrote in an accompanying footnote that making plaintiffs wait for the harm before suing would pose another kind of problem. The more time that passes between the data breach and an instance of identity theft, the greater the defendant’s ability to argue the injury is not “fairly traceable” to the cyberattack.
The issue of cause of action remains unsettled in the 7th Circuit Court of Appeals, which could have been a factor in dissuading the MDL panel to assign the Anthem case to Indiana. The Circuit Court is considering arguments regarding plaintiffs’ injuries following a data breach at Neiman Marcus but had not rendered a decision by the time the transfer order was issued.
The MDL panel declined to comment beyond what it said in the order. Laura Briggs, clerk for the Southern District of Indiana, said she has no record of whether the panel contacted one of the District’s judges to see if it could accept the case.
Levin described the Anthem lawsuits as a “step beyond data breach cases brought thus far.” This theft, he said, not only involves credit card numbers and personal information but also includes personal data on children and may include medical records.
LevinAlong with the size of the breach, Levin said Anthem charged customers for the protection of their personal data. Plaintiffs can now claim they did not get what they paid for, he said.
Anthem did not respond to a request for comment.
Cohen & Malad and Price Waicukauski & Riley are among the Indiana firms representing plaintiffs in suits against Anthem.
Prior to the MDL panel’s decision, Levin had said his firm would try to be lead counsel if the cases were consolidated in the Southern District of Indiana. Now, given the geographical distance to California, he does not anticipate Cohen & Malad will seek that position.
He does want his firm to remain involved. Riley, too, expects his firm will continue to do work on the case, possibly as a member of the plaintiffs’ steering committee.
As for the cost in terms of money, manpower and time to litigate this lawsuit against Anthem, Levin said that is difficult to determine. Class actions involving tens or hundreds of million of dollars are huge undertakings involving a high degree of risk, and they require serious commitments of resources in lawyer time and money spent on discovery, he said.•
Please enable JavaScript to view this content.