The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

Cost of credit monitoring following data security breach not a cognizable injury in fact.

Leave a comment

In a negligence and breach of contract action alleging unauthorized access to personal information as the result of a data security breach, the cost of credit monitoring is not a cognizable injury in fact under Indiana law. Pisciotta v. Old National Bancorp, No. 05-668, 2007 U.S. App. LEXIS 20068 (7th Cir. Aug. 23, 2007). The appeals court affirmed the lower court’s dismissal of the putative class action against a financial services provider, ruling that in the absence of any specific evidence of identity theft resulting from the security breach, the plaintiffs suffered merely the anticipation of future injury. The court followed the general rule that an alleged increase of future injury is not a cognizable injury that can form the basis of a successful negligence claim. The court also commented that Indiana’s data notification law, which outlines narrow disclosure duties and provides only for state enforcement actions, strongly suggests that Indiana law would not recognize the costs of credit monitoring as compensable damages.

Author: ABA Antitrust

Learn more about the ABA Section of Antitrust Law:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s