Blue Cross Blue Shield Identity Theft Suit Axed

     (CN) – With no evidence of injury stemming from a Blue Cross Blue Shield security breach, a federal judge threw out a consolidated class action in New Jersey.
     The lawsuit stems from the report by Horizon Healthcare Services Inc. dba Horizon Blue Cross Blue Shield of New Jersey that an unknown thief stole two password-protected laptops from its Newark headquarters in early November 2013.
     In addition to reporting the incident to the Newark Police Department, Horizon issued a press release and letters to members potentially affected by the theft on Dec. 6.
     That press release announced that the stolen computers may have contained files with various amounts of member information, including names, addresses, identification numbers, dates of birth, and in some cases, Social Security numbers.
     The breach implicated the personal and insurance information of more than 839,000 members of Horizon, out 3.7 million, but Horizon said that the computer’ configuration made it uncertain whether “all of the member information contained on the laptops is accessible.”
     Horizon offered free credit monitoring and identity-theft protection for members with Social Security numbers on the stolen laptops, but various members filed suit anyway.
     Claims by Courtney Diana, Karen Pekelney, Mark Meisel and Mitchell Rindner were consolidated before U.S. District Judge Claire Cecchi in Newark.
     They claimed that Horizon’s “wrongful actions and inaction” forced them to “mitigate the actual and potential impact of the data breach on their lives.”
     Though Rindner alone alleged actual misuse of his personal info, all claimed to have sustained “economic damages and other actual harm for which they are entitled to compensation,” and they asserted claims under the Fair Credit Reporting Act.
     Cecchi dismissed the action for lack of standing on March 31, relying on the 11th Circuit’s 2012 ruling in a similar case, Resnick v. AvMed Inc.
     In Diana, Pekelney and Meisel’s case, the plaintiffs failed to allege an “economic injury,” according to the unpublished ruling.
     “Neither Diana nor Pekelney nor Meisel allege that they were careful in guarding their sensitive information, that they suffered any monetary losses like those alleged in Resnick, or that they have sustained any other injuries such as identity theft, identity fraud, medical fraud, or phishing,” Cecchi wrote.
     The trio’s higher likelihood of future harm does not give them standing, the judge ruled.
     “Plaintiffs have not alleged any post-breach misuse of compromised data,” Cecchi wrote (emphasis in original).
     Rindner claimed that someone filed a fraudulent joint tax return under his and his wife’s names, and that someone tried to fraudulently use his credit card, but Horizon persuaded the court that the theft of its laptops did not necessarily cause these injuries.
     “While it is possible that the thief obtained Rindner’s wife’s information from another source and pooled it with Rindner’s information from the stolen laptops, the dearth of any other identity theft victims (out of 839,000 members) makes this an unlikely scenario,” Cecchi wrote (parentheses in original).
     Since Rindner also received a tax refund from the fraud in question, he does not have a claim for redress on that point, according to the ruling.

%d bloggers like this: