Court Dismisses Class Action Suit over Michaels Data Breach
A federal court has dismissed a class-action lawsuit stemming from a data breach that took place at Michaels in 2013 and 2014. The case sought damages for customers who were at risk of fraudulent card activity after the breach.
But District Court Judge Joanna Seybert said there was not enough proof of “substantial risk that the harm will occur.”
In early 2014, Michaels reported that up to 2.6 million customers could have been affected by a potential data breach occurring between May 8, 2013 and January 27, 2014. Customers were originally notified of the potential breach in January, followed by an official confirmation of the data compromise in April. Michaels said hackers were able to get into the company’s payment card system, but there was no evidence they took any personal data, such as PINs, addresses or names.
The plaintiff in the case, Mary Jane Whalen, cancelled her credit card shortly after the breach and had not experienced any fraudulent charges. Even if she had not cancelled her card, Seybert said the credit card company would have absorbed the costs of the fraudulent charges. Whalen would not have incurred any financial loss.