As cyber criminals continue to expand their illegal activities, the issue of real injury from a hacking event comes even more into focus in the ensuing court cases as damages are determined and millions of dollars are awarded to data breach plaintiffs.

In a recent decision, the Supreme Court could have completely altered the landscape of consumer privacy and data breach class action lawsuits in Spokeo, Inc. v. Robins, a closely watched case before the Court last term. Although the underlying dispute in Spokeo involved an alleged violation of the Fair Credit Reporting Act and not a data breach, the case presented a nagging question in privacy law: What kind of injury is sufficient for Article III standing?

While the law in data breach litigation in the electronic age continues to develop, plaintiffs can increasingly expect their claims to be dismissed for lack of standing if they are unable to credibly allege some sort of actual injury, as opposed to a mere increased risk of some hypothetical future harm, and that the injury is traceable to the theft of their data from the defendant. The Court in Spokeo was poised to draw the line between what is actual injury and what is hypothetical.

Recommended For You

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.