Data Breach Class Action Survives Unjust Enrichment Claim in Florida Federal Court

A federal judge in Jacksonville has allowed a putative class action against CPAP Medical Supplies and Services Inc. to proceed on an unjust enrichment claim while dismissing negligence and breach of implied contract claims without prejudice.

The U.S. District Court for the Middle District of Florida ruled May 29 that three named plaintiffs sufficiently alleged Article III standing based on concrete injuries stemming from a December 2024 data breach. The court found that plaintiff Juwan Overshown suffered a $500 unauthorized charge to his bank account shortly after the breach, plaintiff John Crist faced unauthorized credit inquiries in July 2025, and plaintiff Diane Edwards received multiple notifications that her private information was published on the dark web.

The court dismissed the negligence claim, finding plaintiffs failed to allege a sufficient nexus between their harms and the data breach beyond allegations of time and sequence. The opinion noted that defendant CPAP’s notice letter only informed plaintiffs that an unauthorized actor accessed its network, not that any data was actually exfiltrated. The court also rejected plaintiffs’ negligence per se theory, finding that neither HIPAA nor the FTC Act provides a private right of action under Florida law.

The breach of implied contract claim was dismissed because plaintiffs alleged only that they provided their private information to receive healthcare services, not that the parties mutually assented to a bilateral agreement concerning data security.

The unjust enrichment claim survived. The court found plaintiffs adequately alleged they conferred a benefit on defendant through payments and private information, and that defendant retained that benefit while utilizing allegedly inadequate security measures.

The court granted plaintiffs until June 9, 2026, to file an amended pleading correcting the deficiencies in the negligence and implied contract claims, but prohibited repleading a negligence per se claim based on HIPAA or the FTC Act.

Counsel

Plaintiff is represented by Jeff Ostrow, Kopelowitz Ostrow P.A; Mariya Weekes, Milberg, PLLC; Caroline Herter; Liberato P. Verderame, Edelson Lechtzin LLP.

Plaintiff is represented by Jeff Ostrow, Kopelowitz Ostrow P.A; Mariya Weekes, Milberg, PLLC.

Plaintiff is represented by Marc H. Edelson, Edelson & Associates, LLC; Jeff Ostrow, Kopelowitz Ostrow P.A; Liberato P. Verderame, Edelson Lechtzin LLP; Mariya Weekes, Milberg, PLLC.

Plaintiff is represented by Mariya Weekes, Milberg, PLLC; Jeff Ostrow, Kopelowitz Ostrow P.A; Jonathan Herrera, Federman & Sherwood.

Plaintiff is represented by Courtney Ross Brown, Carney Bates & Pulliam PLLC; Jeff Ostrow, Kopelowitz Ostrow P.A; Joshua Robert Jacobson, Jacobson Phillips PLLC; Mariya Weekes, Milberg, PLLC.

Plaintiff is represented by Carlos V. Leach, The Leach Firm; Jeff Ostrow, Kopelowitz Ostrow P.A; Josh Sanford, Sanford Law Firm, PLLC; Mariya Weekes, Milberg, PLLC.

Case

The case is Conner v. CPAP Medical Supplies and Services Inc., case number 3:25-cv-00945, in the Middle District of Florida.

Court

flmd

Case Name

Conner v. CPAP Medical Supplies and Services Inc.

Docket

3:25-cv-00945

View on PACER ↗