In an opinion today, Judge Furman dismissed a putative class action against a retailer, Bonobos, whose customer data (names, addresses, emails, and the like) was stolen and posted online. Judge Furman found that the plaintiff, Bradley Cooper, did not allege a level of impending harm or risk that was sufficient to establish standing to sue. Judge Furman contrasted the facts at issue with those in other cases where more sensitive information was stolen (like Social Security numbers), giving rise to high risk of identity theft.
Cooper had sought to establish standing based on his alleged risk of “credential stuffing,” which is described in the opinion as a “technique in which [hackers] enter credentials gained from a hack into third-party websites, hoping that they will match an existing account because the consumer has reused the same password elsewhere,” but Judge Furman was not persuaded:
[C]onspicuously, Cooper does not allege that any of his accounts, or the accounts of other Bonobos consumers for that matter, were compromised in this manner. Nor does he allege that, in August 2020 when the Bonobos hack occurred, he even used the password that he had used for Bonobos in June 2013 [when he provided his data] on other websites.
Judge Furman likewise found that the exposure of Cooper’s contact information was not enough to establish standing, either:
[C]ontact information is generally publicly available and, thus, “does not pose the same risk of future identity theft or fraud to plaintiffs if exposed.” Indeed, as Bonobos notes, Cooper’s own contact information, including his email address and phone number, is publicly available on his employer’s website.