Calif. Plaintiffs Oppose Transfer of AT&T Data Breach MDL to Texas Court
Plaintiffs James and Mildred Kinchen support plaintiff Alex Petroski’s motion (see 2405030065) for transfer and centralization of related actions in In re: AT&T Inc. Customer Data Security Breach Litigation (docket 3114), but they oppose transfer to the U.S District Court for Northern Texas, said their interested party response (docket 3:24-cv-02451) Tuesday before the Judicial Panel on Multidistrict Litigation.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
Petroski’s March 30 complaint was the first filed after AT&T disclosed that “data-specific fields” from 2019 or earlier were contained in a data set released on the dark web in March, affecting 73 million former and current AT&T customers (see 2404010019).
The Elk Grove, California, residents referenced the supplemental response filed Monday by plaintiffs Ryan Unruh and Christopher Isbell (see 2405210050), saying the “center of gravity” of the litigation was likely to be in the Northern District of Georgia, where AT&T Mobility is based, vs. the Northern Texas district court, located in Dallas, where AT&T Inc. is headquartered. Unruh and Isbell supplemented their information with AT&T securities filings, updated LinkedIn profiles and AT&T’s website, “pointing to Atlanta as a central source of the evidence likely to be at issue in this case.”
In addition to Unruh and Isbell's findings, said the Kinchens’ response, the Northern District of Georgia is the most appropriate transferee forum because key witnesses and defendant AT&T Mobility are based in Atlanta; it’s a convenient forum; and “the resources of the court will promote the efficient conduct of this litigation.”
Whether AT&T Mobility is “named as a defendant or not,” the wireless carrier “will be central to this litigation,” and all related actions will require “extensive discovery” from AT&T Mobility employees based in Georgia, said the Kinchens’ response. “Such witnesses and documents will be necessary to probe how the AT&T security flaw originated, how AT&T first discovered the flaw, ascertain any steps it took or failed to take to remedy the flaw, and how and when it communicated with parent or intermediary entities -- such as AT&T Inc. or AT&T Services, Inc. -- about the security vulnerability,” it said. AT&T’s chief technology officer and chief data officer are based in Atlanta, it added.
Petroski’s reply in further support of his motion for transfer posits that AT&T employees in Atlanta “do not have relevant information,” borrowing from “facts and figures derived from” AT&T’s supplemental response in support of transfer to Dallas federal court, said the Kinchens’ response. Those facts and figures don’t address “the heart of the matter -- where persons most knowledgeable about the data breach are -- but rather, both filings instead rely on selective assertions about AT&T and its post-breach response,” the response said.
In his reply, Petroski states that less than a third of AT&T’s operating revenue came from wireless services, “but this number does not show where the breach occurred and to what degree AT&T Mobility LLC customers were impacted,” said the Kinchens’ response: “It is merely an objective fact related to AT&T’s revenue projections.”
Both AT&T’s supplemental response and Petroski’s reply depend on a declaration of Paula Phillips, a litigation manager at AT&T, saying that only “'5% of potentially impacted customer accounts [in the data breach] are wireless,’ but such a figure does not provide a factual basis for an assumption that AT&T Mobility LLC would not be a possible locus for decision-making, key documents, or potential evidence -- a fact even Ms. Phillips concedes by stating 'AT&T’s investigation is ongoing,’” the Kinchens’ response said. Phillips also didn’t mention the remaining 95% of affected accounts, it noted.
Phillips focused on a statement about AT&T’s response to the data breach from Dallas but didn’t address “AT&T’s cybersecurity practices before the breach, the data impacted, and any vendor/third parties involved,” said the response. “Given the presence of AT&T’s Chief Technology Officer and Chief Data Officer, who AT&T admits are in Atlanta, there can be no serious dispute that key witnesses and discovery will be located in Georgia,” it said.
The Kinchens cited Northern Georgia’s accessibility via the “world’s busiest airport,” which is “within a two-hour flight” of 80% of the U.S. population, and the Northern District of Georgia’s capacity to “devote sufficient resources to complex consolidated proceedings.”