Ohio resident Ralph Gibson has filed a lawsuit against Advance America, Cash Advance Centers, Inc., a Delaware corporation with its principal place of business in South Carolina. The complaint, filed on August 24, 2023, alleges that the company failed to secure and safeguard personally identifiable information (PII), allowing such information to be stolen during a data breach.
Gibson's PII, and that of many others, was compromised due to what the plaintiff alleges was the company's failure to implement adequate cybersecurity procedures and protocols. The data breach resulted in Gibson and other potential class members suffering injuries and ascertainable losses. These losses include the present and imminent threat of fraud and identity theft, loss of the benefit of their bargain, out-of-pocket expenses, and loss of value of their time.
"Defendant's network was accessed by an unauthorized third party, resulting in the Data Breach," the complaint reads. This breach, Gibson alleges, was due to Advance America's negligence and failure to fulfill its contractual obligations to keep PII confidential and secure.
The lawsuit alleges a specific delay in the defendant's response to the breach. "Defendant notified Plaintiff and Class Members about the Data Breach after a delay of over five months," the complaint states. This delay, Gibson argues, exacerbated the damage caused by the breach.
The lawsuit seeks to represent a class of individuals whose PII was accessed during the data breach. The class definition is broad, encompassing anyone affected by the breach, not just those who have already experienced identity theft or fraud.
The legal theories underpinning the lawsuit are twofold: negligence and breach of contract. In this context, negligence refers to the defendant's alleged failure to implement reasonable cybersecurity measures. On the other hand, breach of contract refers to the defendant's alleged failure to fulfill its contractual obligations to keep PII confidential and secure.
The damages sought by the plaintiff include compensatory damages, nominal damages, and reimbursement of out-of-pocket costs. Compensatory damages are intended to compensate the plaintiff for actual and anticipated losses due to the defendant's alleged negligence and breach of contract. On the other hand, nominal damages are a small sum awarded when a legal wrong occurs, but the plaintiff has not suffered substantial loss or injury. Reimbursement of out-of-pocket costs addresses actual expenses the plaintiff incurred due to the data breach. Gibson also seeks injunctive and equitable relief.
In light of these allegations, the case raises important questions about the obligations of corporations to protect customer data. The lawsuit's outcome could significantly affect data security practices in the financial services industry and beyond.