Law School Case Brief
Ree v. Zappos.com, Inc. (In re Zappos.com, Inc.) - 888 F.3d 1020 (9th Cir. 2018)
To have U.S. Const. art. III standing, a plaintiff must show (1) it has suffered an injury in fact that is (a) concrete and particularized and (b) actual or imminent, not conjectural or hypothetical; (2) the injury is fairly traceable to the challenged action of the defendant; and (3) it is likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision. A plaintiff threatened with future injury has standing to sue if the threatened injury is certainly impending, or there is a substantial risk that the harm will occur.
In January 2012, hackers breached the servers of online retailer Zappos.com, Inc. (Zappos) and allegedly stole the names, account numbers, passwords, email addresses, billing and shipping addresses, telephone numbers, and credit and debit card information of more than 24 million Zappos customers. Several of those customers filed putative class actions in federal courts across the country, asserting that Zappos had not adequately protected their personal information. Their lawsuits were consolidated for pretrial proceedings. Although some of the plaintiffs alleged that the hackers used stolen information about them to conduct subsequent financial transactions, the plaintiffs who were the focus of the present appeal did not. The district court dismissed plaintiffs’ claims for lack of Article III standing. Plaintiffs here appealed, arguing that the district court erred in doing so since the Zappos data breach had and continued to put them at risk of identity theft.
Did the plaintiffs have Article III standing to institute the present complaint, notwithstanding the fact that they failed to allege that the hackers used their information in any financial transactions?
The Court of Appeals for the Ninth Circuit held that under Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010), plaintiffs sufficiently alleged standing based on the risk of identity theft. According to the Court, the plaintiffs sufficiently alleged an injury in fact under Krottner, based on a substantial risk that the Zappos hackers will commit identity fraud or identity theft. The Court further held that plaintiffs sufficiently alleged that the risk of future harm they faced was "fairly traceable" to the conduct being challenged; and the risk from the injury of identity theft was also redressable by relief that could be obtained through this litigation.
Access the full text case
Not a Lexis Advance subscriber? Try it out for free.
Be Sure You're Prepared for Class