Fortnite developer Epic Games Inc. won dismissal of a proposed class action over a 2018 data breach.
Named plaintiff Eric Krohm failed to allege that he was actually harmed by the breach, which he claimed allowed access to players’ personal information and credit card payment information, the U.S. District Court for the Eastern District of North Carolina said Oct. 1.
Krohm wanted the case returned to Illinois state court, arguing that he didn’t have standing in federal court because he hadn’t pleaded injury in fact, according to the opinion. Epic Games, which had removed the case to federal court, argued that Krohm alleged sufficient injury for standing but didn’t allege the economic damages needed for a claim under his causes of action, the court said.
It’s a case “in which the tables are turned with regard to the issue of standing,” Edward McAndrew, a partner at DLA Piper, said. Defendants in prior data breach cases commonly move to dismiss complaints in federal court by arguing that plaintiffs lacked standing, he said.
The court noted, too, that the case “involves a peculiar role reversal.”
Courts are split on the question of whether a risk of future injury is sufficient to confer standing, attorneys said.
Krohm’s case is interesting “because we’re always taking stock of where we are” in regards to the issues of standing, Tedrick Housh, a partner at Lathrop Gage LLP, said.
The complaint contains no facts suggesting that Krohm’s personal data was taken or used as a result of the breach, the court said.
Allegations that Fortnite had a cyber vulnerability that could have allowed hackers to access Krohm’s data aren’t enough to show injury, the court said. And anxiety and anguish resulting from a data breach, and the threat of future injury, aren’t enough to confer standing, it said.
The court therefore dismissed the suit without prejudice for lack of jurisdiction.
Fortnite is a popular video game with millions of players around the world. Players must create accounts, which requires them to provide personally identifiable information.
Krohm in his complaint alleged that Epic Games failed to take measures to cure the cyber vulnerability that permitted the breach and to alert customers that their information may have been compromised.
Judge Terrence W. Boyle issued the ruling.
Whitfield, Bryson & Mason LLP and McGuire Law PC represent Krohm. Drinker Biddle & Reath LLP and Kelley Drye & Warren LLP represent Epic Games.
The case is Krohm v. Epic Games, Inc., 2019 BL 374046, E.D.N.C., No. 19-CV-173, 10/1/19.