Sovos Compliance, a defendant in a privacy class action involving Progress Software’s MOVEit file transfer software data breach, moved to vacate conditional transfer order 15 (CTO-15) issued by the U.S. Judicial Panel on Multidistrict Litigation following mediation proceedings with plaintiffs, said its Monday motion (docket 3083) before the panel. Sovos and plaintiffs in a previously consolidated class action reached an agreement in principle to resolve all claims against Sovos and its customers arising out of the MOVEit data breach, including claims brought against Sovos and Midland States Bank in Gorman v. Progress Software Corp., it said. Following the filing of Stadnik v. Sovos Compliance in U.S. District Court for Massachusetts Sept. 13, Zide v. Sovos Sept 14 in U.S. District Court for Central California, and Yenca v. Sovos in Massachusetts federal court Sept. 22, counsel for plaintiffs and Sovos began discussions for an early resolution on a class-wide basis of all claims against Sovos and its customers arising out of the incident, it said. Zide dropped Sovos as a defendant in her Oct. 5 first amended complaint, and Stadnik and Yenca filed an unopposed motion to consolidate their cases in the Massachusetts court; the court granted the motion Nov. 13. The Sovos “subclass” that Gorman seeks to represent is the same putative class that the plaintiffs in the Sovos consolidated action seek to represent, said the motion. Transfer of the Gorman action to the MDL would “frustrate rather than promote judicial economy and efficiency,” and it would cause the parties to expend “significantly more resources to litigate in the interim, despite the likelihood of resolution” through the Sovos consolidated action, it said.
U.S. District Judge Josephine Staton for Central California in Los Angeles remanded plaintiff Dana Hughes’ privacy complaint against Mandry Technology Solutions to Los Angeles County Superior Court because its diversity jurisdiction’s $75,000 amount-in-controversy requirement wasn’t satisfied, said the judge’s signed order Thursday (docket 2:23-cv-09502). Hughes alleges that Mandry, a supplier of IT, cybersecurity and cloud strategy enterprise services, “secretly installed” spyware on its website from third-party Lead Forensics (see 2311120003). She alleges the spyware allowed Mandry to “de-anonymize every anonymous visitor to the site” so that it knew each visitor's name, face, location, email and browsing history.
Nine cases from eight districts were transferred to U.S. District Court for Massachusetts in Boston for coordinated or consolidated pretrial proceedings in In Re: MoveIT Customer Data Security Breach Litigation, said conditional transfer order 21 (docket 3083) from the U.S. Judicial Panel on Multidistrict Litigation Monday. Some 166 actions involving Progress Software Corp.’s May data breach have been transferred to the Massachusetts court and assigned to U.S. District Judge Allison Burroughs. Other defendants in the nine cases are Sutter Health, Pension Benefit Information, HealthCare Services, Radius Global Solutions, Aristocrat Technologies and Columbia Banking Systems. The cases all involve questions of fact that are common to the previously transferred actions, said the JPML.
“No legal theory” allows the 38 plaintiff AirTags users “to hold Apple liable for the intentional misuse of its product by third parties,” said Apple’s reply Wednesday (docket 3:22-cv-07668) in U.S. District Court for Northern California in San Francisco in further support of its Oct. 27 motion to dismiss their Oct. 6 first amended complaint (see 2310300030). Though the AirTag’s intended purpose is to find lost items like keys or luggage, “its popularity has soared as the preeminent tool for stalking and abuse due to its efficacy, low price point, and ease of use,” said the plaintiffs’ Nov. 13 opposition to Apple’s motion to dismiss (see 2311140041). But case after case, in any jurisdiction whose law the plaintiffs try to invoke, “establishes that Apple owes no legal duty to individuals with whom it has no relationship to prevent the misuse of its product by others,” said Apple’s reply. Only those third parties “wrongfully misusing” Apple products, not Apple, “can be considered a legal cause” of the plaintiffs’ alleged injuries, it said. Apple also can’t be held liable for statements that it didn’t make, “and that it has no legal duty to correct,” it said. Apple didn’t invade any plaintiff’s “privacy interests,” it said. “Only third parties wrongfully misusing Apple products did,” it said. The plaintiffs “have no other legal basis to sue Apple,” it said. Their opposition “fails to supply the missing legal theory,” it said. Though the plaintiffs’ opposition relies heavily on new assertions not found in the first amended complaint, the complaint should be dismissed with prejudice whether the court “considers those assertions or not,” it said. Either way, the plaintiffs “offer no factual or legal basis to overcome the conclusion” that third parties, not Apple, are responsible for their injuries, it said.
The U.S. Judicial Panel on Multidistrict Litigation added one tagalong action to In Re: MoveIt Customer Data Security Breach Litigation in conditional transfer order 20 (CTO-20) (docket 3083) Thursday, bringing the number of cases to 166 under U.S. District Judge Allison Burroughs for U.S. District Court of Massachusetts in Boston, said the filing. Newman v. American Multi-Cinema (AMC) was transferred from U.S. District court for Kansas in Kansas City. Plaintiff Melanie Newman’s Aug. 17 privacy class action (docket 2:23-cv-2358) alleges AMC failed to properly secure and safeguard her personally identifiable information that was compromised in Progress Software’s MOVEit May file transfer software data breach. Defendant AMC filed a motion Nov. 21 to compel arbitration. Elsewhere in the MDL, defendant Midland States Bank withdrew its notice of opposition to CTO-15 as it relates to Gorman v. Progress Software Corp. (docket 3:23-cv-50397), said a Thursday notice before the JPML, and CTO-19 was finalized Wednesday, transferring three cases to the Boston court. Thursday, the JPML vacated CTO-13 after Everling v. First Merchants Bank (docket 1:23-01287) was dismissed in the Southern District of Indiana following the plaintiff’s notice of voluntary dismissal without prejudice. In a response in opposition (docket 1:23-cv-00738) to EMS Management and Consultants’ motion to stay a case involving the MOVEit breach, plaintiff Samantha O’Neal said Tuesday the defendant is trying to “unnecessarily delay” the case. EMS filed a motion Nov. 9 to stay all pending deadlines in the case until 30 days after the JPML issued a decision on whether to transfer the case to the Massachusetts court. O’Neal “strategically decided to solely focus” her actions on EMS, “intentionally excluding Progress and other commonly named defendants associated with the alleged oversight failure,” said the response. “There is a high likelihood” for cases such as O’Neal’s that are brought solely against customer-facing defendants “to be remanded after the completion of common discovery and motion practice related to Progress,” said the filing. “Considering the strong likelihood that the case will be remanded, imposing a stay on all pending deadlines would unnecessarily delay case progression and responses to pending motions until post-remand,” it said. O’Neal “only stands to be harmed” by the court’s acceptance of EMS’ motion to stay, said the response. If the court grants the motion, O’Neal will be forced to postpone her presentation of arguments “ripe for attention by the District Court” until 30 days after the case has been transferred. As demonstrated in O’Neal’s first amended complaint, “every moment spent diverting the Court’s attention away from the merits of the case increases the risk and probability” that she will suffer “additional instances of actual misuse of her personal identifying information,” it said.
New York Attorney General Letitia James (D) warned New Yorkers affected by a data breach at a medical transcription company to “protect themselves and their information from theft and impersonation,” said her office Tuesday. The May breach at Perry Johnson & Associates affected some 9 million patients, including 4 million New Yorkers who are patients of Northwell Health and Crouse Health, James said. Data affected includes Social Security numbers and insurance and clinical information from medical transcription files, James said. She encouraged victims of the breach to monitor their credit reports and consider placing a credit freeze on the reports.
Plaintiff Susan Allcock requested that U.S. District Judge Allison Burroughs for Massachusetts in Boston schedule a briefing to address her remand motion related to a class action vs. Valley National Bank involving the MOVEit file transfer software data breach, her counsel, Andrew Milz, said in a Tuesday letter (docket 3083) to the court. Allcock opposes inclusion of her negligence class action against Valley National Bank in conditional transfer order 9 (CTO-9), transferring her case to In re: MOVEit Customer Data Security Breach Litigation. Scott Christie, counsel for Valley National Bank, said in a Nov. 22 letter before the court that Milz plans to raise a motion before the court to remand Allcock’s case to New Jersey state court solely on the basis that the jurisdictional amount in controversy does not exceed $5 million, exclusive of interest and costs. Christie noted that two other complaints of named class members, purporting to represent the same nationwide class as Allcock, made representative admissions that the amount in controversy does exceed $5 million. Christie also said Alcock failed to object to the transfer of her case from the District of New Jersey to the MDL despite a pending remand motion in the District of New Jersey that has been “rendered moot" by virtue of MDL Order No. 1. Under those circumstances, "Valley Bank believes that it would be inappropriate for Ms. Allcock to pursue a motion to remand in the MDL before the court" as the motion may unnecessarily “complicate these proceedings.” Allcock's case, removed Oct. 4 from Middlesex County Superior Court in New Jersey to the U.S. District Court for New Jersey in Newark, asserts she and class members are entitled to a “significant amount of monetary damages” related to “actual identity theft” from the compromise of her personally identifiable information in the late May data breach of Progress Software Corp.'s (PSC) MOVEit file transfer software. Her action, which doesn't name PSC as a defendant, claims Valley Bank “failed to implement reasonable data security measures” to protect her PII. Valley Bank’s failure to protect customers’ information “ultimately allowed nefarious third-party hackers to breach the systems housing PII,” alleges her complaint.
Plaintiff Hanan Elatr Khashoggi is appealing to the 4th U.S. Circuit Court of Appeals the U.S. District Court for Eastern Virginia's Oct. 26 dismissal of her complaint against NSO Group Technologies and Q Cyber Technologies for lack of personal jurisdiction, said her notice of appeal Tuesday (docket 1:23-cv-00779). Khashoggi’s seven-count complaint alleges NSO and Q Cyber infiltrated her phones with spyware that the Saudi and United Arab Emirates governments used to track the movements of her husband, Saudi journalist and human rights activist Jamal Khashoggi, before his October 2018 murder at the Saudi consulate in Istanbul. The court has a responsibility to decide preliminary issues, such as jurisdiction, “before reaching the merits of a claim,” said District Judge Leonie Brinkema’s memorandum opinion. Though plaintiff Khashoggi “presents a compelling description of her loss from the alleged conduct” of NSO and Q Cyber, the court has no choice but to conclude that it doesn’t have personal jurisdiction over the defendants, it said.
Despite the opportunity to amend their original complaint against the American Bar Association for a March 17 data breach that exposed the records of 1.4 million ABA members, plaintiffs Tiffany Troy and Eric Mata still don’t and can’t “plead facts supporting the basic elements of their claims,” said the ABA’s memorandum of law Tuesday (docket 1:23-cv-03053) in U.S. District Court for Eastern New York in Brooklyn in support of its motion to dismiss. The court should dismiss the amended complaint with prejudice under Rule 12(b)(6) because the plaintiffs’ allegations “are fatally deficient and implausible,” said the memorandum. The plaintiffs’ lawsuit depends on the “implausible assertion” that the data breach compromised their personal and financial data and exposed them to a heightened risk of identity theft, it said. But the ABA’s April notice makes clear that the breach didn’t expose “that kind of information," it said. The plaintiffs also don’t establish how the breach “would have caused the implausible damages they allege,” it said. Plaintiffs Troy and Mata immediately answered with a memorandum of law in opposition to the motion to dismiss, in which they argued that they entered into an "implied contract" with the association as dues-paying ABA members and as customers of merchandise on the ABA's online store. They allege the ABA breached that contract by failing to implement policies to secure their personal information, said the memorandum. They further allege that the ABA's disseminated April notice “misrepresented and downplayed the extent of the data breach or of the ancillary harms that could flow from the disclosure of the data,” it said. To the extent that the plaintiffs’ amended complaint is dismissed, that dismissal shouldn’t be with prejudice, and the plaintiffs “should be permitted another opportunity to amend,” it said.
The plaintiffs in a class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA) class action knew that a “parallel and identical” action was pending in the district but decided to seek individual remedies for the same alleged conduct, said defendants Food 4 Less Midwest and Kroger in a memorandum of law Nov. 17 (docket 1:23-cv-15345) in U.S. District Court for Northern Illinois in Chicago in support of their motion to dismiss. The parallel case, Maetean Johnson v. Ralphs Grocery Company d/b/a Food 4 Less Midwest, and The Kroger Co. subsumes the 10 plaintiffs’ action in Garmon vs. Ralphs Grocery, d/b/a Food 4 Less, and Kroger, filed last month, as the plaintiffs in the Garmon case are putative class members of the Johnson litigation, said the memorandum. The issues in both actions are the same: whether employees in Illinois can recover from the defendants for alleged BIPA violations arising from their use of timeclocks while working for Food 4 Less stores within the statutory period, said the filing. Litigating the case before two different judges in the same district would waste judicial resources and potentially render conflicting rulings, it said. The complaint should be dismissed, or alternatively, the instant action should be stayed until Johnson is resolved, it said.