Transfer of MOVEit Data Breach Action to MDL Is Warranted, Says Progress Software

Breach Litigation, said PSC Friday. PSC filed its response (docket 3083) to plaintiff Jamie Garcia’s motion to vacate conditional transfer order 22 (CTO-22) before the Judicial Panel on Multidistrict Litigation. Garcia filed her class action against Maximus, a PSC file transfer software customer, but not against PSC or any other party, said the response. The JPML “has made clear that such a circumstance does not defeat centralization,” said PSC's response, noting the panel has ruled that the MOVEit vulnerability “is at the core of all cases” and it would be “impossible” to “disentangle the allegations” against PSC from those against other defendants. Centralizing the Garcia action with other cases in the MDL “achieves the same efficiencies” that the JPML identified when it created it, the filing said. Garcia doesn’t dispute the findings and doesn’t argue that she will not seek discovery from PSC in the Garcia action, it said. The plaintiff's reason justifying exclusion from the MDL a motion is pending to remand her action before the Southern District of Indiana, but exclusion from the MDL “is not the proper procedural mechanism here,” said PSC’s response, saying her situation “is not unique.” In her Jan. 2 filing in support of her motion to vacate CTO-22, Garcia said she “deliberately chose to file” in Indiana state court “for convenience purposes,” and because Maximus was the sole party she dealt with involving PSC’s data breach. Maximus “failed to adequately secure and upgrade its data systems,” and although the health services company detected the attack on May 30, it didn’t properly notify Garcia and waited over two months before informing the public Aug. 11, the brief said.