In re: Horizon Healthcare Inc. Data Breach Litigation, No. 15-2309 (3d Cir. 2017)Annotate this Case
Horizon Blue Cross Blue Shield provides health insurance products and services to approximately 3.7 million members. Two laptop computers, containing sensitive personal information about members, were stolen from Horizon. Four plaintiffs filed suit on behalf of themselves and other Horizon customers whose personal information was stored on those laptops, alleging willful and negligent violations of the Fair Credit Reporting Act (FCRA), 15 U.S.C. 1681, and numerous violations of state law. The district court dismissed the suit for lack of Article III standing. According to the court, none of the plaintiffs had claimed a cognizable injury because, although their personal information had been stolen, none of them had adequately alleged that the information was actually used to their detriment. The Third Circuit vacated. In light of the congressional decision to create a remedy for the unauthorized transfer of personal information, a violation of FCRA gives rise to an injury sufficient for Article III standing purposes. Even without evidence that the plaintiffs’ information was in fact used improperly, the alleged disclosure of their personal information created a de facto injury.