In re: Brinker Data Incident Litigation
3:18-cv-00686
| M.D. Fla. | Jun 27, 2025Background
- Plaintiff Shenika Theus filed a class action lawsuit against Brinker International, Inc. (owner of Chili’s) after a 2018 data breach in which hackers accessed and allegedly offered customers' credit/debit card data for sale on a dark web marketplace.
- The originally certified class included all persons whose card data was accessed and who spent reasonable time or incurred expenses mitigating the breach’s consequences.
- The Eleventh Circuit remanded, holding that the class definition was too broad and required reconsideration of predominance and standing under Rule 23(b)(3), permitting either a narrower class or a reanalysis under the existing definition.
- On remand, the court further narrowed the class to those who experienced fraudulent charges or whose data was posted on the dark web and who mitigated those harms, as directed by the appellate court.
- The court found plaintiff failed to provide class-wide evidence showing which Chili's customers' data was posted or who suffered fraudulent charges, or to demonstrate class-wide proof of mitigation efforts.
- As a result, the court found that individualized issues predominated and denied class certification.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Adequacy of Class Definition | Theus proposed a narrow class, then adopted Eleventh Circuit’s options | Brinker argued no evidence of which customers’ data was compromised or posted | Court followed Eleventh Circuit’s options; narrowed class per mandate |
| Predominance Under Rule 23(b)(3) | Common issues of data breach/mitigation predominate | Individual issues (proof of harm/mitigation/standing) predominate | Individual issues predominate; class certification denied |
| Class-Wide Proof of Harm | Proposed using Brinker’s transaction records and expert damages model | No evidence shows which cards posted/suffered fraud; dark web postings unproven | Proof of harm/mitigation is individualized; not suitable for class treatment |
| Class Member Standing via Mitigation | Suggested damages model handled on class-wide basis | Individualized mitigation effort needed for standing | Individualized proof required for standing, predominates |
Key Cases Cited
- Green-Cooper v. Brinker Int’l, Inc., 73 F.4th 883 (11th Cir. 2023) (defining injury, standing, and predominance for data breach claims)
- Cordoba v. DIRECTV, LLC, 942 F.3d 1259 (11th Cir. 2019) (if class standing requires individualized proof, predominance fails)
- Vega v. T-Mobile USA, Inc., 564 F.3d 1256 (11th Cir. 2009) (explaining when common issues predominate under Rule 23(b)(3))
- Klay v. Humana, Inc., 382 F.3d 1241 (11th Cir. 2004) (predominance standard and class certification principles)