By: Zach Kaiser – Strategic Risk Advisor, McClone
This week I want to shed light on last week’s decision by the federal appeals court in the case pertaining to Neiman Marcus.
If you haven’t read about the case, let me give you a brief summary.
Neiman Marcus, a high-end retailer, was the victim of a cyber-attack which led to the theft of several customer credit cards. What followed was a class action lawsuit, with the victims of the breach claiming they would not have purchased items at the store if they had known about the company’s casual attitude toward cyber security.
The U.S. District Court in Chicago ruled the injured parties did not have the ground to sue; citing precedent established in Clapper v. Amnesty International. Previously, similar cases were dismissed if the plaintiffs were not found to have legal standing, defined by having concrete, particularized and actual or imminent injury. Because the plaintiffs in this case hadn’t suffered any actual damages at the hands of Neiman Marcus, the case was initially dismissed this past fall.
On July 20, the U.S. Court of Appeals ruled that retail customers have the right to proceed and file a class-action lawsuit against Neiman Marcus in the wake of last year's data breach. In the decision, the judges ruled that the breach posed a substantial risk of harm to the customer’s personal identities. It's a decision that should send major corporations to double-check their cyber security.
Although the case is not over yet, it will diminish the legal precedent set by Clapper v. Amnesty International in regard to cyber liability cases. This could mean that moving forward, if a company is breached, it may not be necessary for a hacker to use the information stolen to incite a lawsuit.
What does this mean for you? This court ruling presents an opportunity for all businesses to double-check their policies and procedures regarding cyber security. Neiman Marcus’s steps to prevent a breach will likely become critical in the case ahead. It’s vital now more than ever to take the necessary precautions to secure the personal and financial data of your customers.
Do you have any further questions regarding cyber risk? Contact one of our Strategic Risk Advisors today!