Jessica Karmasek Aug. 13, 2015, 11:47am


CHICAGO (Legal Newsline) - Neiman Marcus has asked a federal appeals court to reconsider its decision to reverse the dismissal of a lawsuit brought against the luxury specialty department store after it suffered a data breach last year.

The U.S. Court of Appeals for the Seventh Circuit, in its July 20 ruling, found that the risk of harm to the 300,000-plus people whose credit card numbers were exposed was “very real and immediate.”

In response, Neiman Marcus filed a petition for rehearing en banc with the Seventh Circuit earlier this month.

The store contends the three-judge panel’s opinion “squarely conflicts” with decisions by the U.S. Supreme Court and various federal courts, and wants the full court to hear the case.

“The record before the district court made clear that there was no risk -- and the plaintiffs did not allege -- that they would be financially responsible for any fraudulent credit card charges,” lawyers for the store wrote in its Aug. 3 petition. “The panel ignored that evidence, and even twisted action by Neiman Marcus to protect its customers into actual harm suffered by the plaintiffs.

“The panel further ignored the fact that security incidents like this one involving payment card data -- not other personal data like Social Security numbers -- create no meaningful risk of identity theft. The panel instead relied on speculative and conjectural observations -- nowhere alleged by plaintiffs -- in an analysis that conflicts with two lines of Supreme Court precedent regarding Article III standing.”

Last year, the store announced that some of its customers’ payment cards were fraudulently used after making purchases at its stores.

About 350,000 payment card accounts used at certain Neiman Marcus stores between July 16 and Oct. 30, 2013 were potentially compromised.

As a result, four individual plaintiffs sued the store on behalf of a putative class.

Neiman Marcus filed a motion to dismiss, submitting evidence that all fraudulent charges that appeared on payment cards had been and would be reimbursed by the card issuers.

The U.S. District Court for the Northern District of Illinois granted the store’s motion, holding that none of the plaintiffs had shown either actual injury or imminent future injury.

The Seventh Circuit said in its ruling last month that the plaintiffs have standing to sue “based on at least some of the injuries they have identified.”

“Although some credit card companies offer some customers ‘zero liability’ policies, under which the customer is not held responsible for any fraudulent charges, that practice defeats neither injury?in-fact nor redressability. The ‘zero liability’ feature is a business practice, not a federal requirement,” the panel wrote.

“Debit cards (used by several of the named plaintiffs) receive less protection than credit cards; the former are covered under the Electronic Funds Transfer Act, and the latter under the Truth in Lending Act as amended by the Fair Credit Billing Act.

“If a person fails to report to her bank that money has been taken from her debit card account more than 60 days after she receives the statement, there is no limit to her liability and she could lose all the money in her account.”

Last year, a number of lawsuits were filed against companies over data breaches. In January, Michaels Stores Inc. also was accused of failing to take reasonable precautions to safeguard their customers’ credit and debit card data.

In June, a lawsuit was filed against P.F. Changs after customers claimed it failed to protect their data.

In December 2013, lawsuits were filed against Target following a major data breach that occurred during the Christmas-shopping period that year.

From Legal Newsline: Reach Jessica Karmasek by email at jessica@legalnewsline.com.

More News