Class action lawsuits after data breaches are pretty standard, but they typically haven't amounted to much, until now.

Recently, a federal appeals court in Chicago dismissed the claims of a major retailers, in essence shifting liability in these cases to the company in question and making it easier for those affected to sue.

Neiman Marcus was sued in a class action lawsuit by a group of customers who claimed that the company was negligent and conducted deceptive business practices surrounding a data breach in January of 2014. The suit was dismissed by a U.S. district court on the grounds that the company had disclosed the breach to customers as soon as possible. 

Then, late last month, Insurance Journal reports that the three judge panel in the appeals court ruled that the suit was valid, overturning the previous dismissal, saying that Neiman Marcus must face the class action lawsuit.

The key to this case, according to The Wall Street Journal (WSJ), was that there was proof of financial hardship. The dismissal was made based on the 2013 case Clapper v. Amnesty International U.S.A., a case concerning surveillance which was dismissed because the action did not cause or result in harm for those under surveillance and that the fear of future harm was not enough to substantiate a case. 

However, this time around it was different. In the breach, 350,000 were compromised which resulted in at least 9,200 of them being used fraudulently. 

"For years, virtually all courts have said the mere risk of identity theft is not enough. You have to have an actual unreimbursed theft," Donna Wilson, a lawyer who specializes in privacy and data security, told WSJ. She continued, saying that this appeals ruling will likely mean more lawsuits for companies who have been breached in the future.

If your retail company in need of new credit card processing software, be sure to contact 911 Software today.