B&N: Plaintiffs Haven’t Shown Harm in Data Breach Class Action

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Barnes & Noble Inc. argued that a data breach class action lawsuit pending against the company should be dismissed in the wake of the recent Spokeo Inc. v. Robins decision that requires class action plaintiffs to show they’ve been harmed.

The Spokeo decision that was issued by the U.S. Supreme Court earlier this month states that plaintiffs must prove both “concrete and particularized” injury in cases alleging violations of the Fair Credit Reporting Act (FCRA) instead of focusing on technical violations of the law.

In the Spokeo class action lawsuit, plaintiff Thomas Robins accused Spokeo for posting false information about him. The Supreme Court found that the lower court had failed to consider whether the harm allegedly caused by the falsified data was both particularized and concrete. The 6-2 decision indicated that a statutory violation was not sufficient to bring a consumer protection class action lawsuit and ordered the Ninth Circuit to reconsider the case.

On May 18, Barnes & Noble filed a notice of supplemental authority with the court, claiming that the Supreme Court’s Spokeo decision supports its pending motion to dismiss the B&N data breach class action lawsuit “for lack of standing and failure to state a claim upon which relief may be granted.” The bookseller continues to assert that no consumers have actually suffered any harm from the 2012 data breach.

“It has now been three and a half years since Barnes & Noble announced in the fall of 2012 that it was the victim of the alleged security incident, and still no Plaintiff has come forward with any allegations that they have been impacted by the incident at all,” B&N wrote, echoing the language used last month in a motion urging dismissal of the data breach class action lawsuit.

After B&N announced in 2012 that it had been targeted by a PIN code skimming scheme that compromised thousands of its customers’ credit and debit card information, the bookseller was hit with several data breach class action lawsuits. These B&N class action lawsuits were consolidated in Illinois federal court as In re: Barnes & Noble Pin Pad Litigation.

According to the B&N class action lawsuit, the bookseller did not inform customers about the data breach until about six weeks after it had become aware of the PIN pad skimming scheme. The plaintiffs accuse the Barnes & Noble of violating the Illinois Consumer Fraud and Deceptive Business Practices Act, California Civil Code and unfair competition law.

At least one plaintiff has indicated that she had to cancel a credit card due to a fraudulent charge that occurred shortly after the B&N data breach was announced. The Barnes & Noble class action lawsuit also points to a New York Times article that reported an unnamed B&N executive had admitted that some of the stolen payment card data had been used by the hackers.

Attorneys representing the plaintiffs in the B&N data breach class action lawsuit have indicated that they will be filing a response that indicates the Spokeo decision actually favors the plaintiffs.

The plaintiffs are represented by Joseph J. Siprut of Siprut PC and Ben Barnow and Sharon Harris of Barnow & Associates PC.

The Barnes & Noble Data Breach Class Action Lawsuit is In re: Barnes & Noble Pin Pad Litigation, Case No. 1:12-cv-08617, in the U.S. District Court for the Northern District of Illinois.

UPDATE: On Nov. 30, 2016, Barnes & Noble pleaded with an Illinois federal court to once again dismiss a class action relating to a 2012 data breach, saying the plaintiffs still failed to allege facts plausibly showing that they were damaged as a result of the incident despite amending their claims numerous times.