Skip to main content
Find a Lawyer
Please enter a legal issue and/or a location
Begin typing to search, use arrow keys to navigate, use enter to select

Find a Lawyer

More Options

P.F. Chang's Data Hack Case Revived by 7th Circuit

By Jonathan R. Tung, Esq. | Last updated on

A class action suit against ersatz-Chinese food chain P.F. Chang's is allowed to proceed, said the Seventh Circuit, because two separate plaintiffs had alleged "enough" to meet the Twombly standards of standing in this breach of data case.

The circuit's ruling upholds the 2014 finding that a breach and increased risk of identity theft is "injury" enough for justiciability.

Data Breaches Abound

P.F. Chang's was one of the many businesses that was afflicted in recent years by the 2014-2015 data hack attacks. Others include Target, Home Depot, and of course, Sony. In 2014, the company publicly announced that it had been hacked and that customers' personal credit card data was compromised. The breach occurred somewhere between late 2013 and mid 2014, and was first discovered by the U.S. Secret Service.

Two separate plaintiffs sued the restaurant, claiming that the hack presented an unreasonable and increased risk of future identify theft. Their cases were consolidated into Lewart v. P.F. Changs China Bistro, a case that also attempted to certify a class other customers whose data was compromised by the hack. But the district court dismissed the case because it opined that Lewart and others had failed to prove standing for lack of requisite injury.

Circuit Applies Another Hacking Case: Neiman Marcus

But the circuit disagreed. Fortunately, the very same court had earlier decided another data hacking case, Remijas v. Neiman Marcus. In there, substantially similar events took place. Hackers broke their way into the network, stole credit and debit card numbers and made off with the data. In that case, the court determined that standing existed because the plaintiffs had suffered a "real and immediate" increased risk of harm via identity theft. Though the hacking itself might not have been injurious to the plaintiffs, the increased risk was.

Indeed, Lewart alleged increased trouble with his account since 2013, about the time the P.F. Chang's attack took place. Though he could not prove that these attacks were causally linked with the original attack on the bistro, the court found that his allegations still passed the "plausible" standard outlined in Twombly. And besides, Lewart pushed the injury quite past the line when he alleged another injury he suffered: mitigation of loss. The poor guy went out, used his time, and bought a credit monitoring service to watch his accounts. His out-of-pocket expense for that service? About $100.

Related Resources:

Was this helpful?

You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help

Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.

Or contact an attorney near you:
Copied to clipboard