Brian Jackson - Fotolia

Will the Neiman Marcus data breach lawsuit set a precedent?

The Neiman Marcus data breach lawsuit was appealed and it could set a precedent for the victims of data breach lawsuits in the future. Expert Mike O. Villegas explains.

The Neiman Marcus data breach lawsuit has brought up an interesting debate. Specifically, the company has argued that there was no harm to customers because the credit card companies reimbursed them for any fraudulent charges as a result of the breach. While the lawsuit was initially dismissed on these grounds, it's now back in court on appeal. Does Neiman Marcus' argument hold water? Or could this suit, if successful, set a precedent for corporate data breaches that may lead to more lawsuits?

In 2013, the Neiman Marcus Group experienced a breach that exposed credit card data for 350,000 customers. In 2014, the company found 9,200 of those accounts were used for fraud and shortly after, a class action lawsuit was filed for $5 million in damages. The case was dismissed in September 2014 because there was no injury to customers. However, on July 20, 2015, a U.S. Seventh District appeals court reinstated the case because the customers of as many as 350,000 cards had, in fact, suffered injuries, including the cost of credit monitoring services and replacement card fees.

Does this reversal set a precedent for corporate data breaches that may lead to more lawsuits? Lawyers associated with the case feel that this is a good starting point and expect other courts to follow suit, so it's possible that a new trend has begun. In addition to the Sony and Neiman Marcus breaches, this opens up the possibility that the ruling by the U.S. District Court for the District of Minnesota in Carlsen v GameStop could be overturned.

Customers want restitution whether or not the loss was monetary because after a hack, it's likely that not all of the affected customers' personal information is immediately used. Sometimes it's years before someone faces identity theft and then has to deal with the repercussions of a corporate breach. Stay tuned on this channel.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn some ways to improve corporate data protection

Find out how the Sony hack is different from other attacks

Discover when breach detections systems are better than IDS or NGFW

This was last published in May 2016

Dig Deeper on Information security laws, investigations and ethics