A legal battle stirred in the Eastern District of New York following a substantial data breach in March 2023, which impacted roughly 1.5 million individuals. Plaintiffs Tiffany Troy and Eric J. Mata leveled allegations against the American Bar Association (ABA), charging that the data compromise was a direct result of the organization’s negligent IT management and non-compliance with prevailing security protocols. The case, cast as a proposed class action, aimed to hold the ABA accountable for what was claimed to be an implied contract breach, deceptive business practices, and consumer-related fraud.Reflecting the complex nature of cybersecurity litigation, U.S. District Judge Nicholas G. Garaufis presided over the case and ultimately issued a dismissal. His ruling clarified that the plaintiffs did not adequately specify which security measures the ABA had bypassed. Moreover, there was insufficient explanation of how the alleged injuries to the plaintiffs tied back to the ABA’s privacy policy—a policy which was reportedly never perused by the claimants themselves.