The Data Breach Librarian Actually Gets Paid

The Florida librarian and data breach victim who successfully took Wells-Fargo and Sprint Nextel to small claims court was paid this week, something that some data breach observers doubted would ever happen.

Theodore Karantsalis had filed the lawsuit for several reasons, but one was to prove that consumers would fare far better—faster, easier and more money—in small claims court than as one of many in some class-action litigation.

He received the credit notice from Sprint for $756 and was told that it would be paid directly as a check. "It is probably a lot more than those who participate in class-action cases ever get," Karantsalis said. "I hope this empowers others to seek justice in their respective small claims courts with similar issues."

He makes a good point, but some of the success of this case is explained by flying under the data breach radar. The huge class-action lawsuits filed on behalf of retail data breach victims against companies such as TJX involve literally dozens of lawyers, a huge number of defendants and expensive witnesses, depositions and investigations.

Small claims courts sidestep all of that. Yes, the dollars are certainly less, but for the consumer, is it really less? How many of the class action defendants in TJX or some of the current retail breach cases will end up getting more than $796?

Part of the problem with consumer data breach incident lawsuits is that zero liability credit-card programs are effectively removing any direct cash losses. Without provable financial losses, there's little that civil courts can typically do. Given that, small claims cases are arguably the most viable defense an individual consumer likely has.