Litigating Data Breach Cases in 2025 (Presented by The Federal Bar Annual Meeting & Convention 2025 sponsor Lockridge Grindal Nauen PLLP)

This session explores the rise of hub and spoke litigation structures where breaches trace back to central software platforms affecting multiple downstream users. Practitioners will examine the evolving legal landscape, settlement dynamics, and critical distinctions between data breach and privacy tracking cases.

This session analyzes the Spokeo and TransUnion frameworks that govern concrete injury requirements for data breach plaintiffs in federal court. Attendees will learn how courts assess risk of future harm, common law analogies, and the procedural timing of standing challenges.

This session addresses the growing complexity of demonstrating causal connections when plaintiffs have experienced multiple data breaches. Participants will explore how courts apply traditional causation principles to modern multi-breach scenarios.

This session examines how transferee courts determine which state’s laws govern nationwide data breach class actions involving common law claims. Key focus areas include identifying where injury occurs and managing choice of law rules not designed for cases of this unprecedented scale.

This session addresses the complexity of applying differing state notification requirements across all 50 states in data breach litigation. Attendees will explore notification complications when third-party vendors are involved in the breach chain.

This session covers evolving case management strategies including leadership structures, document review protocols, and e-discovery challenges. Practitioners will learn about the application of bellwether processes and fact sheets adapted from mass tort litigation.

This session provides a deep dive into the In re MOVEit litigation structure before Judge Burrows, involving 190 million affected individuals and hundreds of defendants. Participants will examine the three-tier defendant categorization strategy and judicial management approaches for unprecedented scale.

This session highlights significant pending cases including Change Healthcare, University of Minnesota, NetGain, and the foundational Target breach. Attendees will learn about dual-track litigation structures and settlement developments in these regional matters.

This session surveys critical data breach cases across the country including AT&T, Fortinet, and Nelnet litigation. Practitioners will examine varying levels of public engagement and the factors driving different plaintiff responses to breach notifications.