Plaintiffs Seek Reconsideration of Court’s Decision in Excellus Data Breach Case
On February 22, 2017, Judge Elizabeth A. Wolford of the United States District Court for the Western District of New York issued a 90-page decision granting in part and denying in part Defendants’ Motions to Dismiss.
In her decision, she dismissed the claims brought by those plaintiffs who had not yet experienced any actual identity theft or fraud, including four of the twenty named plaintiffs. Among other things, she reasoned that these plaintiffs, and those others affected by the Excellus Data Breach, have not yet been legally injured until they experience actual fraud or identity theft.
On March 22, 2017, Plaintiffs’ Lead Counsel filed a Motion for Reconsideration with the Court. In the Motion, Plaintiffs asked the Court to reconsider its decision on a number of legal grounds, including newly discovered evidence found by their experts that shows that both those plaintiffs who have already experienced identity theft and those who have not face a substantial risk of harm in that certain plaintiffs’ information has been found for sale on the Dark Web.
The experts conducted these searches to see what information was actually available. In most instances, it was email addresses and passwords that were found, but in others, social security numbers and/or dates of birth were also found. Unfortunately, the purchase of sensitive information on the Dark Web does not protect victims. Individuals who sell this information can just turn around and sell it again in the future and, according to our experts, often do sell the information multiple times, which is why some of the plaintiffs have continued to experience more fraud.
The Excellus Defendants have until May 3, 2017 to respond to our Motion. Plaintiffs then have one more opportunity to submit papers due May 17, 2017.
It is not known when the Court will issue a decision on Plaintiffs’ Motion for Reconsideration, but expect it will be sometime this year.