GRSM Cyber, Privacy & Data Security Team Achieves Dismissal on Motion to Dismiss Data Breach Class Action

September 2025

Gordon Rees Scully Mansukhani Partners Joseph Salvo and John Mills, with Associate Bianca Evans, successfully secured the early dismissal of a data breach class action filed in the Southern District of Florida against the firm’s client, a healthcare communications provider.

The lawsuit followed a notice of a potential data breach involving personally identifiable information and/or protected health information. The plaintiff, asserting claims on behalf of herself and a putative class of all individuals whose information was potentially impacted in the data breach, alleged inadequate cybersecurity protections. As is common in data breach litigation, the plaintiff alleged the future risk of harm, financial fraud, or identity theft to her information as a result of the incident.

In moving to dismiss, the team argued that the plaintiff’s alleged injuries were too speculative and generalized to establish a concrete injury under Article III standing requirements. The motion also pointed out that the claims were not fairly traceable to the defendant, relying on hypothetical links to the breach.

In its decision, the court agreed, finding that the plaintiff failed to allege any actual, concrete injury in fact that was fairly traceable to the data breach or any alleged conduct of the defendant, particularly as the plaintiff alleged no actual misuse or substantial risk of misuse of her information. The court noted that the post-breach notice specifically stated there was no evidence of misuse, only that data “could have been accessed,” underlining the allegations alleged in the complaint. The court also held that the plaintiff’s claims of diminished data value, lost benefits, mitigation costs, and emotional distress were too speculative to confer standing.

This ruling underscores the effectiveness of challenging standing in data breach cases and the importance of ensuring that an entity’s response to and notification of a data breach effectively mitigates the risk of putative class action litigation, which is a near certainty given the current litigation climate.

This outcome also reflects the strength of GRSM’s Cyber, Privacy & Data Security team, which handles complex data breach litigation in healthcare, finance, and other sectors. Often partnering with privacy counsel to mitigate litigation risks, the team combines regulatory expertise with strategic litigation experience to protect clients in evolving privacy and data security matters.

GRSM New York Team Flips Default into Client Win, Reduces Exposure to Five Figures

GRSM New York Team Flips Default into Trial Win, Reduces Exposure to Five Figures

Partners Brian Middlebrook and Justin Holmes Featured in Bloomberg Law Article on Rising Web Tracking Lawsuits and Insurance Challenges

GRSM California Team Authors Article on Passive Website Tracking under California Privacy Laws

GRSM Secures Dismissal of Breach of Contract Claim in Illinois for Texas-Based Software Company

GRSM Team Secures Dismissal in CIPA Invasion of Privacy Arbitration

GRSM Attorneys Reid Dammann and Kati Pimentel Vargas Secure Favorable Ruling in California Invasion of Privacy Case

Multi-State Cyber, Privacy & Data Security Team Secures Federal and State Court Dismissals in Case of First Impression

GRSM Cyber, Privacy & Data Security Team Secures Voluntary Dismissal in Texas Data Breach Class Action

New York Team Obtains Dismissal of Data Breach Class Action