Situation
Extortionists threatened to publicly release millions of patient records that they had accessed from the databases of our client, one of the largest pharmacy benefit managers. This led to a lawsuit that accused the company of negligence in its duty to protect customer records and sought certification of a nationwide class.
Result
Our attorneys moved to dismiss the case for lack of standing on the grounds that the plaintiff failed to allege his information was included in the data compromised or that he had sustained actual identity theft. The judge tossed out the lawsuit, ruling that “abstract injury is not enough to demonstrate injury in fact.”