After three dismissals, a class-action consumer lawsuit filed against Barnes & Noble over a 2012 data breach has been sent back to the U.S. District Court for the Northern District of Illinois.
In September of 2012, Barnes & Noble became aware that their credit card scanners had been compromised by “skimmers” which would collect the data from the credit cards that were swiped and transfer them to a third party, which would then sell the information online. Barnes & Noble waited a month before alerting their customers to the data breach, so in addition to allegations that Barnes & Noble failed to properly protect its customers’ data, the class action lawsuit further alleged the bookstore had violated the California Security Breach Notification Act.
Nevertheless, the district court dismissed the case three times. The class of plaintiffs appealed to the Seventh Circuit Court of Appeals, which reversed the decision to dismiss it and sent the case back to the district court.
One plaintiff’s accounts were frozen for three days, meaning she had no access to her own funds in that time period. Another plaintiff had their credit card inactivated for a week, thereby denying them the use of that card. Yet another plaintiff reinstated credit monitoring on their card, which is an additional charge of $17.99 per month. Still another plaintiff was unable to receive the value of their Barnes & Noble’s bargain. Continue reading