by Jeff Sovern
Javelin Strategy & Research has issued its annual report on identity fraud (a free version is available here). Javelin reports that 12.6 million Americans–or more than 5%–were victims of identity fraud in 2012, an increase of a million from 2011. It also states that nearly a quarter of consumers who received data breach notices in 2012 were victims of identity fraud. This last may have implications for cases, like Reilly v. Ceridian Corp., 664 F.3d 38 (3d Cir. 2011), that say that consumers who have not yet been victims of identity theft (and may never be) cannot meet the Article III requirements for standing to bring claims against the companies that have experienced security breaches. Odds of nearly one chance in four of suffering losses sound like a real possibility of experiencing the loss (would courts deny standing to those who had been unintentionally exposed to a chemical that caused nearly a quarter of people exposed to it to suffer a serious disease?). In any event, this is an area where courts are split; for example, Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010), finds that the possibility of future identity theft when a laptop containing personal information is stolen is enough for Article III standing.