The past twenty years have seen an immense change in how individuals conduct their banking. More and more consumers are choosing to avoid physical branches, paper checks, and in-person deposits and are instead opting to conduct most of their banking online.

While online banking creates incredible convenience for consumers, it has also created new types of risks, including the hacking of personal information and rise of identity theft. For those banks operating in California, a recent decision from the Ninth Circuit Court of Appeals should create an even more heightened awareness and concern about online banking risks.

Identity Theft in the Inland Empire

Many consumers have had the experience of getting an email notice or letter in the mail letting them know that their personal information has been compromised due to an online hack. While such news may be frustrating and alarming, it rarely led to litigation. A new decision may change that.

In In re Zappos, a group of customers filed a class action lawsuit against Zappos after the Zappos website experienced a security breach that exposed the personal information, including credit and debit card numbers, of more than 24 million Zappos customers.

The plaintiffs in the case alleged that they had been harmed because Zappos had not adequately protected their financial information. However, unlike in other cases, the plaintiffs did not allege that they had already had their information stolen and used by the hackers, they argued that the breach put them at risk of future identity theft.

The federal district court granted Zappos motion to dismiss, finding that the plaintiffs did not have standing to sue Zappos because they could not show that they had already been harmed by the security breach. On appeal, the Ninth Circuit reversed this finding, holding that customers (including bank customers) at risk of identity theft due to a security breach, have standing to sue the company that experienced the breach.

The court noted that plaintiffs have standing to sue when they face a substantial risk of future harm, even if that harm has not occurred yet. The fact that their personal information had been stolen meant that, at any moment, hackers could attempt to use that information to steal money from existing credit card or bank accounts or compromise other online accounts.

This was enough to show a substantial risk of harm and allow the plaintiffs to proceed. This should get the attention of other businesses involved in ecommerce, online banking, or other activities where customers are likely to input sensitive personal information. Even if that information isn’t ultimately stolen, simply creating the possibility of identity theft may be enough for customers to bring suit.

California Attorneys Helping You Evaluate Your Online Practices

If you work for a bank, investment company, or other entity that relies heavily on online business transactions, maintaining your online security practices should be of the utmost importance.

At CKB Vienna, LLP, our banking attorneys frequently work with clients to evaluate their current practices, identify risks or areas where improvement may be necessary, and create a plan to address these issues. For more information, contact us online or at (909) 980-1040.

Comment