Duane Morris Data Breach Class Action Review — 2024

I. Introduction The volume of data breach class actions exploded in 2023, and their unique challenges, including issues of standing and uninjured class members, continued to vex the courts, leading to inconsistent outcomes. Data breach has emerged as one of the fastest growing areas of class action litigation. After every major (and not-so-major report) of a data breach, companies now can expect the resulting negative publicity to prompt one or more class action lawsuits, saddling companies with the significant costs of responding to the data breach as well as the significant costs of dealing with high-stakes class action lawsuits on multiple fronts. Companies unfortunate enough to fall victim to data breaches in 2023 faced class actions, including copy- cat and follow-on class actions across multiple jurisdictions, at an increasing rate. In 2023, we saw a notable increase in data breach class actions as compared to 2022. Plaintiffs filed approximately 246 data breach class actions within the first half of 2023, roughly equivalent to the total number of filings for the entirety of 2022. On average, plaintiffs filed 44.5 data breach class actions per month during 2023 through the end of August, marking a significant increase from the average of 20.6 per month that we saw in 2022. From September 2023 to the end of the year, Plaintiffs filed over 450 additional data breach class actions (including those in privacy areas), for an average of over 125 a month.

Several factors likely contributed to this surge in data breach class actions in 2023, including the MOVEit data breach. The shift to remote work, rise of cloud-based storage, and the escalation of sophisticated cybercriminal activity has threatened data security like never before, giving rise to more large-scale data breaches across industries and thereby prompting more lawsuits. In 2023, the Judicial Panel on Multidistrict Litigation consolidated more than 100 class actions arising from an alleged Russian cybergang’s exploitation of a vulnerability in the file transfer software MOVEit. See In Re MOVEit Customer Data Security Breach Litigation , MDL No. 3083 (J.P.M.L. Oct. 4, 2023). Further, whereas data breach actions pursued a decade ago faced little prospect of success, recent court decisions provided a roadmap

1

© Duane Morris LLP 2024

Duane Morris Data Breach Class Action Review – 2024

Made with FlippingBook - professional solution for displaying marketing and sales documents online