Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

In re Zappos.Com, Inc., Customer Data Security Breach Litigation

United States Court of Appeals, Ninth Circuit

April 20, 2018

In re Zappos.Com, Inc., Customer Data Security Breach Litigation,
v., Inc., Defendant-Appellee. Theresa Stevens; Kristin O'Brien; Terri Wadsworth; Dahlia Habashy; Patti Hasner; Shari Simon; Stephanie Priera; Kathryn Vorhoff; Denise Relethford; Robert Ree, Plaintiffs-Appellants,

          Argued and Submitted December 5, 2017 San Francisco, California

          Appeal from the United States District Court for the District of Nevada Robert Clive Jones, Senior District Judge, Presiding

          Douglas Gregory Blankinship (argued), Finkelstein Blankinship Frei-Pearson and Garber LLP, White Plains, New York; David C. O'Mara, The O'Mara Law Firm P.C., Reno, Nevada; Ben Barnow, Barnow and Associates P.C., Chicago, Illinois; Richard L. Coffman, The Coffman Law Firm, Beaumont, Texas; Marc L. Godino, Glancy Binkow & Goldberg LLP, Los Angeles, California; for Plaintiffs-Appellants.

          Stephen J. Newman (argued), David W. Moon, Brian C. Frontino, and Julia B. Strickland, Stroock & Stroock & Lavan LLP, Los Angeles, California; Robert McCoy, Kaempfer Crowell, Las Vegas, Nevada; for Defendant-Appellee.

          Before: John B. Owens and Michelle T. Friedland, Circuit Judges, and Elaine E. Bucklo, [*] District Judge.


         SUMMARY [**]

         Article III Standing

         The panel amended the opinion filed on March 8, 2018; and reversed the district court's dismissal, for lack of Article III standing, of plaintiffs' claims alleging that they were harmed by hacking of their accounts at the online retailer

         The panel held that under Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010), plaintiffs sufficiently alleged standing based on the risk of identity theft. The panel rejected Zappos's argument that Krottner was no longer good law after Clapper v. Amnesty International USA, 568 U.S. 398 (2013). The panel held that plaintiffs sufficiently alleged an injury in fact under Krottner, based on a substantial risk that the Zappos hackers will commit identity fraud or identity theft. The panel further held that plaintiffs sufficiently alleged that the risk of future harm they faced was "fairly traceable" to the conduct being challenged; and the risk from the injury of identity theft was also redressable by relief that could be obtained through this litigation.

         The panel addressed an issue raised by sealed briefing in a concurrently filed memorandum disposition.


         The opinion filed on March 8, 2018, and appearing at 884 F.3d 893, is amended as follows. On page 899:

         Replace <Zappos is mistaken . . . the present> with <Zappos initially contended on appeal that the relevant time at which to assess standing was the present. But it could not offer any support for that contention. After our opinion was initially filed, Zappos sought rehearing on this issue, urging us to read Rockwell International Corp. v. United States, 549 U.S. 457, 473 (2007), and Northstar Financial Advisors Inc. v. Schwab Investments, 779 F.3d 1036, 1044 (9th Cir. 2015), to require that we assess standing at the time Plaintiffs filed their operative Third Amended Complaint, rather than their original Complaints. But whether we look at the original Complaints or Plaintiffs' Third Amended Complaint, the allegations about the increased risk of harm Plaintiffs face are relevantly the same-in the Complaints, Plaintiffs allege that the Zappos data breach places them at imminent risk of identity theft. Zappos argues that this allegation is implausible, but it does so by relying on facts outside the Complaints (or contentions about the absence of certain facts), which makes its argument one that may be appropriate for summary judgment but not one that may support a facial challenge to standing at the motion to dismiss stage>.

         Following <rather than their original Complaints.> in the above replacement text, insert a footnote <Zappos's reliance on these cases is also unconvincing, as these cases do not actually address whether standing is measured at the time of an initial complaint or at the time of an amended complaint, as opposed to whether the allegations in an amended complaint may sometimes be considered in evaluating whether there was standing at the time the case was originally filed or whether an amended complaint may be considered a supplemental pleading under Federal Rule of Civil Procedure 15(d).>.

         Following <imminent risk of identity theft.> in the above replacement text, insert a footnote <Plaintiff Robert Ree does not clearly allege a risk of future identity theft. But even assuming Ree would not have had standing on his own based on his original Complaint, only one Plaintiff needs to have standing for a class action to proceed. See Bates v. United Parcel Serv., Inc., 511 F.3d 974, 985 (9th Cir. 2007) (en banc).>.

         In the current footnote 11, delete <; Mollan, 22 U.S. at 539.>.

         With these amendments, the panel has unanimously voted to deny appellee's petition for rehearing. Judge Owens and Judge Friedland have voted to deny the petition for rehearing en banc. Judge Bucklo recommends denial of the petition for rehearing en banc. The full court has been advised of the petition for rehearing en banc, and no judge has requested a vote on whether to rehear the matter en banc. Fed. R. App. P. 35.

         The petitions for rehearing and rehearing en banc are DENIED. No further petitions shall be entertained.


          FRIEDLAND, Circuit Judge:

         In January 2012, hackers breached the servers of online retailer, Inc. ("Zappos") and allegedly stole the names, account numbers, passwords, email addresses, billing and shipping addresses, telephone numbers, and credit and debit card information of more than 24 million Zappos customers. Several of those customers filed putative class actions in federal courts across the country, asserting that Zappos had not adequately protected their personal information. Their lawsuits were consolidated for pretrial proceedings.

         Although some of the plaintiffs alleged that the hackers used stolen information about them to conduct subsequent financial transactions, the plaintiffs who are the focus of this appeal ("Plaintiffs") did not. This appeal concerns claims based on the hacking incident itself, not any subsequent illegal activity.

         The district court dismissed Plaintiffs' claims for lack of Article III standing. In this appeal, Plaintiffs contend that the district court erred in doing so, and they press several potential bases for standing, ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.