Future Risk Isn't a Concrete Injury, Says ESO Solutions' Motion to Dismiss in PII Case

A “mere risk of future harm” isn’t a concrete injury, and claims for diminished value of personally identifiable information (PII), mitigation expenses, lost time and actual misuse and theft of PII “are insufficient to establish an injury in fact,” said ESO Solutions' motion to dismiss (docket 1:23-cv-01557) a negligence class action Thursday in U.S. District Court for Western Texas in Austin. Essie Jones, one of about 2.7 million individuals whose PII was affected by a September data breach, sued ESO in December for failing to maintain proper safeguards in its computer systems (see 2312220025). Jones’ case was consolidated with five others arising from the same breach in January (see 2401100021). Plaintiffs fail to properly trace their alleged injuries to the data breach, so the court lacks subject-matter jurisdiction, said the motion. ESO owed no duty to plaintiffs, whose allegations don’t demonstrate proximate cause, and they haven’t alleged sufficient damages, the motion said. A plaintiff's obligation to provide grounds of his entitlement to relief requires "more than labels and conclusions," it said, citing Ashcroft v. Iqbal. “A formulaic recitation of the elements of a cause of action will not do.”