Yesterday, U.S. District Judge Paul Magnuson issued an order granting certification in the consolidated MDL proceeding brought on behalf of issuing banks claiming damages resulting from Target’s 2013 payment card hacking incident. Click Here for a copy of the order. The BakerHostetler Class Action Lawsuit Defense Blog will feature a more detailed write-up on the decision soon.
In the way of initial reaction, I don’t think the decision will be impactful in cases outside the specific context of issuing bank class actions against retailers in payment card breach cases because of unique issues having to do with common injury and causation of loss. In particular, in evaluating whether variations in injury and causation should prevent certification, Judge Magnuson distinguished the issuing bank case from the class actions brought on behalf of individual consumers arising from the same breach. Judge Magnuson observed that while the injuries alleged by consumers are largely potential future injuries that may or may not occur, the banks claimed to have already suffered concrete injuries in the form of the cost of reissuing cards to customers. Thus, he reasoned that the any individualized issues regarding causation and injury were not present with regard to the financial institutions’ claims, and any issues regarding variations in the amount of damages did not prevent class certification. This distinction means that the decision will be of limited value to plaintiffs in consumer data breach class actions.