A recent federal appeals court ruling may narrow the burden for plaintiffs to prove that they are victims of identity theft as result of a data breach.

Plaintiffs Juana Curry and William Moore alleged in a class-action lawsuit filed in 2010 that they sustained ID theft following an incident the year prior in which two unencrypted laptops, containing the personal information of 1.2 million customers, were stolen from Florida health insurer AvMed. (The victim total initially was much lower, but later revised by the company).

In August 2011, a U.S. District Court judge dismissed the case after concluding that the plaintiffs were unable to represent "injury" as a result of the laptop thefts.

But earlier this month, the 11th U.S. Circuit Court of Appeals, in a 2-1 decision (PDF), ruled that the plaintiffs were "explicitly" able to prove a link between the breach and ID theft they incurred.

The plaintiffs contended that roughly a year after the incident, bank and brokerage accounts were opened in their names, resulting in unauthorized charges and transactions. They were forced to spend money to place fraud alerts and purchase identity theft protection services, among other costs.