The U.S. Supreme Court – in a short, concise, unanimous opinion – has ruled that to assert Section 11 claims against Slack in connection with the company’s June 2019 direct listing, the plaintiff must plead and prove that he purchased shares pursuant to Slack’s allegedly misleading registration statement. Slack had offered both registered and unregistered shares in the direct listing. Even though the plaintiff had not alleged that the shares he purchased were registered shares, the Ninth Circuit had allowed the plaintiff’s claims to stand. The Supreme Court vacated the Ninth Circuit’s order and remanded the case to the district court. At a minimum, the Supreme Court’s ruling means Section 11 plaintiffs must plead that their shares are traceable to the offering. The practical implication of the Court’s ruling may be that the companies conducting direct listings cannot be sued under Section 11. A copy of the Court’s June 1, 2023, opinion can be found here.
On December 13, 2022, the U.S. Supreme Court granted the petition of Slack Technologies to have the court take up the question of the plaintiff’s standing to pursue ’33 Act liability claims against the company. The standing question arises because the plaintiff bought his Slack shares in connection with the June 2019 transaction in which Slack went public through a direct listing rather than through a traditional IPO. Though the standing questions arises in the relatively narrow context of the company’s direct listing, the standing questions at issue potentially could affect ’33 Act liability claims in other contexts as well. A copy of the U.S. Supreme Court’s December 13, 2022 order in the Slack case can be found 
In one of the largest shareholder derivative lawsuit settlements ever, involving a very unusual derivative claim under Cayman Island law prosecuted in a U.S. court on behalf of a China-based Cayman Islands company, the parties to the Renren derivative litigation have agreed to settle the case for at least $300 million. The settlement is subject to a “true up” process that could increase the ultimate amount of the settlement payments. The settlement is also subject to court approval. The parties’ October 7, 2021 settlement stipulation can be found 
When companies are hit with cybersecurity incidents, class action privacy litigation often follows. However, claimants in these kinds of cases face a threshold challenge of showing they have suffered a sufficient “injury in fact” to establish that they have standing to assert their claims. The following guest post, written by Paul Ferrillo, Kristine Argentine, Emily Dorner, and Alexandra Drury of the Seyfarth Shaw law firm, provides a survey of the current state of play for the standing requirements in this type of litigation. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article. 
Plaintiffs seeking to pursue negligence claims for the disclosure of their personal information in a data breach often face hurdles in pleading a sufficient injury. The claimants’ failure to plead a sufficient injury frequently is the basis for dismissal. However, in a very interesting recent decision, the Georgia Supreme Court reversed the intermediate appellate court’s affirmance of the dismissal of the plaintiffs’ data breach claims, finding that the claimants had sufficient standing to assert their claims where they alleged that the disclosure of their personal information left them at an “imminent and substantial risk of identity theft.” As discussed below, the Court’s holding arguably makes data breach claims under Georgia law less susceptible to dismissal. However, as also discussed below, there are important limitations to the Court’s holding.
As courts have 
In the latest decision in which class action consumer data breach claimants have been successful in establishing the requisite standing to pursue their claims, on August 1, 2017, the D.C. Circuit held that the claimants’ risk of future harm is sufficient to meet Article III standing requirements. This decision is the latest in a growing number of federal circuit decisions finding that data breach claimants have satisfied standing requirements, but it also deepens a circuit split that could mean eventual U.S. Supreme Court review of the issue. The D.C. Circuit’s August 1 opinion in the Attias v. Care First case can be found 
One of defendants’ most significant arguments in opposing data breach victims’ negligence and breach of privacy claims has been that the claimants that have not suffered actual fraud or identity theft can show no cognizable injury and therefore lack Article III standing to assert their claims. Appellate decisions in the Seventh and Ninth Circuit have previously taken a bite out of this defense, in rulings holding that the victims’ fear of future harm is sufficient to establish standing. Now the Sixth Circuit in a case involving alleged victims of a data breach at Nationwide Mutual Insurance Company has joined these other circuits, holding that the claimants’ heightened risk for fraud and mitigation costs were sufficient to establish Article III standing. The Sixth Circuit’s September 12, 2016 opinion, which can be found