Reports of data breaches have become commonplace, prompting U.S. courts to raise the bar on associated class action lawsuits.

The U.S. District Court for the District of Columbia in early August declined to grant standing to a class action filed in the wake of a data breach at CareFirst BlueCross BlueShield. Hackers compromised health insurer CareFirst's IT systems in June 2014 and obtained personal data for more than a million BlueCross BlueShield policyholders.

In dismissing the class action, Judge Christopher Cooper concluded that the plaintiffs failed to show that the private personal data allegedly obtained by hackers had caused any injury to plaintiffs or was sufficient in and of itself to do so. Significantly for the court, plaintiffs failed to provide evidence that the perpetrators of the data breach had obtained Social Security or credit card numbers.

Merely establishing that private personal information had been illegally acquired via a data breach is no longer sufficient to warrant standing in a class action, Ballard Spahr attorney Edward McAndrew said.