Plaintiff in MOVEit Data Breach Suit Moves to Vacate CTO-22
Plaintiff Jamie Garcia “deliberately chose to file” in Indiana state court a negligence lawsuit against Maximus Health Services (docket 1:23-cv-02129) “for convenience purposes,” and because Maximus was the sole party she dealt with involving Progress Software Corp.'s MOVEit software data…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
breach, said her Tuesday brief (docket 3083) in support of her motion to vacate conditional transfer order 22 (CTO-22) before the Judicial Panel on Multidistrict Litigation. Maximus “failed to adequately secure and upgrade its data systems,” and although the health services company detected the attack on May 30, it didn’t properly notify Garcia and waited over two months before informing the public on Aug. 11, the brief said. Maximus removed Garcia’s Nov. 15 case to U.S. District Court for Southern Indiana from Superior Court of Marion County, on Nov. 27, and it filed a notice of potential tagalong actions Dec. 4 including her case. On Dec. 8, the JPML issued CTO-22 and will consider whether consolidation of her case is appropriate in U.S. District Court for Massachusetts in Boston. Garcia asserts she “timely filed” a motion to remand the case to Superior Court of Marion, and it remains pending before U.S. District Judge Patrick Hanlon for Southern Indiana in Indianapolis, who has been “fully briefed,” said the filing. Maximus’ primary argument for federal jurisdiction “is to suggest that a non-party to the state-court action creates jurisdiction in the Federal court”; Garcia disagrees.