On August 12, 2022, Judge Vincent L. Briccetti of the U.S. District Court for the Southern District of New York granted-in-part and denied-in-part insurance company United Services Automobile Association’s (“USAA”) motion to dismiss. This class action lawsuit arises from a massive data breach that occurred after USAA allowed unauthorized third parties to intentionally target and improperly obtain Plaintiffs’ and Class Members’ personally identifiable information, including Driver’s License numbers, through the use of USAA’s online insurance quote and/or policy process.
The Court allowed Plaintiffs’ Driver’s Privacy Protection Act (“DPPA”), negligence, negligence per se, and Declaratory Judgment Act claims to go forward. The Court also rejected USAA’s challenge to Plaintiffs’ standing holding that “because plaintiffs adequately plead an imminent risk of future identity theft, the costs plaintiffs allegedly incurred mitigating that risk (including fees for credit freezes, fees for credit monitoring services, and the time and resources spent monitoring credit and financial transactions), constitute[d] an independent injury-in-fact.” Op. at 11.
Significantly, the Court sustained Plaintiffs’ DPPA claim and found that “USAA’s voluntary decision to automatically pre-fill its quote forms with driver’s license numbers constitute[d] a ‘knowing disclosure’ of personal information,” under 18 U.S.C. § 2724(a). Op. at 13. The DPPA comes with statutory damages in the amount of $2,500 per violation. 18 U.S.C. § 2724(b)(1).
Lowey Dannenberg currently serves as Co-Lead Counsel in this ongoing class action. The case is In re USAA Data Security Litigation, No. 21-cv-05813-VB (S.D.N.Y.). You can downlaod a copy of the opinon here.
Please contact or Christian Levis (clevis@lowey.com), Anthony M. Christina (achristina@lowey.com), or Amanda G. Fiorilla (afiorilla@lowey.com) with any questions about the case, or submit them using the form below.