Federal District Court clarifies what must be pled to establish liability for CCPA violation, including the timing of the breach

2021 case review: Lavarious Gardiner v. Walmart Inc. et al. case

Published on


Plaintiff in this case alleged that because he found his personally identifying information on the dark web, Walmart had suffered a data breach. Walmart argued that Plaintiff’s failure to allege the time the breach occurred was fatal because the CCPA could not apply to any breach occurring before January 1, 2020, the date it took effect. The Court also held that Plaintiff’s CCPA claim failed because Plaintiff did not sufficiently allege disclosure of his personal information. The Court found insufficient the Complaint’s allegation that the breach compromised the full names, financial account information, credit card information, and other PII of Walmart customers: “[a]lthough in the Complaint Plaintiff generally refers to financial information and credit card fraud, he does not allege the disclosure of a credit or debit card or account number, and the required security or access code to access the account.”