Reilly v. Ceridian Corp., No. 11-1738 (3d Cir. 2011)Annotate this Case
Defendant is a payroll processing firm that collects information about its customers' employees, which may include names, addresses, social security numbers, dates of birth, and bank account information. In 2009, defendant suffered a security breach. It is not known whether the hacker read, copied, or understood the data. Defendant sent letters to the potential identity theft victims and arranged to provide the potentially affected individuals with one year of free credit monitoring and identity theft protection. Plaintiffs, employees of a former customer filed a class action, which was dismissed for lack of standing and failure to
state a claim. The Third Circuit affirmed. Allegations of hypothetical, future injury do not establish standing under the "actual case of controversy" requirement of Article III.