I Tan Tsao v. Captiva MVP Restaurant Partners, LLC, No. 18-14959 (11th Cir. 2021)Annotate this Case
Plaintiff filed suit against PDQ, a restaurant he patroned, after a data breach that exposed PDQ customers' personal financial information. The Eleventh Circuit affirmed the district court's dismissal without prejudice and held that plaintiff did not have standing to sue based on the theory that he and a proposed class of PDQ customers are now exposed to a substantial risk of future identity theft. The court explained that plaintiff failed to allege either that the data breach placed him in a "substantial risk" of future identity theft or that identity theft was "certainly impending." The court stated that evidence of a mere data breach does not, standing alone, satisfy the requirements of Article III standing, and thus plaintiff does not have standing here based on an "increased risk" of identity theft. In the alternative, the court held that plaintiff has not suffered actual, present injuries in his efforts to mitigate the risk of identity theft caused by the data breach.