In a most recent case - Collin Green (a representative of the class action) v. eBay - a Federal Court dismissed a class action lawsuit filed against eBay as a result of a 2014 data breach that exposed encrypted passwords and personal information for 145 million users. As with certain other cases, the ruling demonstrates how failure to establish an injury-in-fact resulted in dismissal of data breach class actions.
In the case of eBay, after the company had discovered the cyber-attack - which occurred between February and March 2014 – it notified its users and advised them to change their passwords. The lawsuit argued that eBay’s breach was the outcome of the company's "inadequate security" for protecting the identity information of its millions of customers and consequently, caused "economic damage" for eBay users. As mentioned, the Court concluded that since there was no evidence that payment card data had been compromised, or users harmed, it seemed as if the plaintiff did not suffer any actual or potentially harm and dismissed the case for lack of standing (locus standi).