U.S. District Judge Paul Crotty for Southern New York in Manhattan dismissed a fraud case against toy maker Squishable arising from a 2022 data breach, said his order of dismissal Wednesday (docket 1:23-cv-3660). Squishable and plaintiff Christine Borovoy said this month that they were negotiating a settlement in the suit (see 2310060049), which asserted negligence, breach of contract, invasion of privacy and unjust enrichment claims. Crotty dismissed the case without prejudice and costs to either party, subject to reopening if the settlement isn’t consummated within 30 days.
U.S. District Judge Steven Logan for Arizona in Phoenix granted the plaintiffs’ unopposed motion to consolidate three privacy class actions against Banner Health, said his Thursday signed order (docket 2:23-cv-00985), posted Monday. On Sept. 7, plaintiffs Cheryl McCulley et al. filed an unopposed motion to consolidate with two other cases currently pending in the District of Arizona: Irazaba v. Banner Health (docket 2:23-cv-01054) and Williams, et al. v. Banner Health, et al. (docket 2:23-cv-01228). On Sept.19, defendant Meta was severed from the Williams case, leaving Banner Health as the sole remaining defendant in all three cases. Consolidation is appropriate because the three cases involve a common single defendant, Banner Health, which is accused of similar conduct, failure to safeguard the privacy of plaintiffs’ health care records, said the order. All three cases allege common law violations of invasion of privacy, the Arizona Consumer Fraud Act and the Electronic Communications Privacy Act. Though each party has brought additional claims that the others did not, the claims are all factually related and are “essentially parallel mechanisms for addressing the same underlying conduct"; judicial economy will be served by consolidation, Logan said. McCulley v. Banner Health (docket 2:23-cv-00985) is the lead case.
Mandry Technology Solutions removed to U.S. District Court for Central California in Los Angeles Thursday an Oct. 4 complaint (docket 2:23-cv-09502) from Los Angeles Superior Court in which plaintiff Dana Hughes alleges Mandry, a supplier of IT, cybersecurity and cloud strategy enterprise services, “secretly installed” spyware on its website from third party Lead Forensics. The spyware allows Mandry to “de-anonymize every anonymous visitor to the site” so that it knows each visitor's name, face, location, email and browsing history, said the complaint. The spyware “aggregates” that user data “with other data obtained from the dark web,” so that Mandry can turn “anonymous visitors into actionable sales leads in real-time," it alleged. None of that’s done with Hughes’ “consent or authorization,” it said. She visited Mandry’s website “without being informed, let alone authorizing,” Mandry to share her data with third parties, it said. Mandry’s conduct, if allowed to proceed, “would dramatically change the nature of the internet,” such that anonymous web-surfing “is now a means to surveil, commoditize, and control personal information of users,” it said. Mandry’s actions are unlawful under the California Unauthorized Access to Computer Data Act, plus they’re intrusive and offensive “such that they would shock the conscience of any website user,” it said. She seeks “all relief available” under the statute, including compensatory and punitive damages, plus injunctive relief and attorneys' fees. Mandry denies Hughes’ allegations and that she has suffered any loss or injury, said its notice of removal. It also denies she’s entitled to any damages, injunctive relief or any other relief or recovery, it said.
The World Wildlife Fund “regrettably” devotes “a substantial portion” of its Sept. 14 motion to dismiss plaintiff Sonya Valenzuela’s privacy complaint attacking her and her counsel, said Valenzuela’s memorandum of points and authorities Thursday (docket 2:23-cv-06112) in U.S. District Court for Central California in Los Angeles in support of her opposition to the motion. Valenzuela alleges WWF invaded her privacy with its use of FullContact software to record and “deanonymize” internet protocol addresses when she used WWF’s website chat function (see 2307280032). WWF’s motion to dismiss asks the court “to draw adverse credibility inferences” about Valenzuela and her lawyer, Scott Ferrell of Pacific Trial Attorneys, on grounds that Valenzuela is a serial litigant, said her memorandum. But the 9th U.S. Circuit Court of Appeals recently made “exceptionally clear” that WWF’s tactics are “improper,” it said. The 9th Circuit held in its Jan. 23 decision in Langer v. Kiser that it’s “necessary and desirable” for committed individuals to bring serial litigation to enforce and advance consumer protection statutes, as Valenzuela “does here,” it said. WWF should be “sternly reminded” of the 9th Circuit’s “admonition” that courts mustn’t “discredit and/or penalize a plaintiff for being a litigation tester,” it said. WWF’s “implicit challenge” to Valenzuela’s standing to sue “is without merit,” said her memorandum. Though WWF doesn’t “expressly challenge” her standing to sue, its argument that she fails to allege any injury “should be construed as making that challenge,” it said. The 9th Circuit has held that claims under the California Invasion of Privacy Act, such as those that Valenzuela raises in her complaint, “protect concrete, substantive privacy interests, which is sufficient to confer standing,” it said.
Five privacy class actions vs. Hartford Life and Accident Insurance involving the May MOVEit data breach were transferred from federal court in Connecticut to U.S. District Court for Massachusetts under U.S. District Judge Allison Burroughs, said conditional transfer order 14 (CTO-14) before the U.S. Judicial Panel on Multidistrict Litigation Monday (docket 3083). Since the JPML on Oct. 4 transferred five actions to In Re: Moveit Customer Data Security Breach Litigation to the Massachusetts court, 119 additional actions have been transferred, it said. The Monday order will be stayed seven days pending any notices of opposition.
The U.S. Judicial Panel on Multidistrict Litigation (JPML) transferred three cases in In Re: MOVEit Customer Data Security Breach Litigation to U.S. District Court for Massachusetts in Boston under U.S. District Judge Allison Burroughs, said conditional transfer order 13 (CTO-13) Friday (docket 3083). The three latest cases from federal courts in Indiana, Michigan and South Dakota are Everling v. First Merchants Bank, Heinz v. Jackson National Life Insurance and Ken v. Pathward. The three cases involve the late May data breach in Progress Software’s MOVEit file transfer software. Since Oct. 4, 120 actions have been transferred to the District of Massachusetts. Elsewhere, plaintiff Samantha O’Neal in O’Neal v. EMS Management & Consultants (docket 1:23-cv-00738) opposes transfer in CTO-10 to the MOVEit MDL, said her Friday notice of opposition before the JPML. O’Neal’s negligence class action alleges EMS Management had a duty to protect her personally identifiable information and should have known “through readily available and accessible information about potential threats for the unauthorized exfiltration and misuse of such information.”
Plaintiff Susan Allcock opposes inclusion of her negligence class action against Valley National Bank involving the MOVEit data breach in conditional transfer order 9 (CTO-9), said her opposition notice (docket 2:23-cv-20900) Wednesday before the U.S. Judicial Panel on Multidistrict Litigation. Allcock's case, removed Oct. 4 from Middlesex County Superior Court in New Jersey to the U.S. District Court for New Jersey in Newark, asserts she and class members are entitled to a “significant amount of monetary damages” related to “actual identity theft” from the compromise of her personally identifiable information in the late May data breach of Progress Software Corp.'s (PSC) MOVEit file transfer software. Her action, which doesn't name PSC as a defendant, claims Valley Bank “failed to implement reasonable data security measures” to protect her PII. Valley Bank’s failure to protect customers’ information “ultimately allowed nefarious third-party hackers to breach the systems housing PII,” alleges her complaint. Allcock’s action was one of 13 included in CTO-9 (see 2310260037), transferring cases to In Re: MOVEit Customer Data Security Breach Litigation to U.S. District Court for Massachusetts in Boston under U.S. District Judge Allison Burroughs. As of Monday, the number of transferred cases in the MOVEit MDL had reached 100 (see 2310300006).
A privacy complaint against Meta,E.H. v. Meta Platforms (docket 3:23-cv-04784), is related to In Re: Meta Pixel Healthcare Litigation (docket 3:22-cv-03580), said U.S. District Judge for Northern California William Orrick’s Friday order. The September privacy complaint alleges the Meta Pixel tracking code collects information such as prescriptions, diagnoses and symptoms, which “even close friends and family might not have known about,” from third-party businesses’ websites and sends it to Meta, whether or not a user has a Facebook account.
The number of transferred cases in In Re: Moveit Customer Data Security Breach Litigation reached 100 less than a month after the first five cases were transferred to U.S. District Court for Massachusetts in Boston under U.S. District Judge Allison Burroughs Oct. 4. Five tagalong cases were added Friday in conditional transfer order 10 (docket 3083) before the U.S. Panel on Multidistrict Litigation: one from New York District Court vs. Ernst & Young; three from North Carolina Middle District vs. EMS Management and one from U.S. District Court for Oregon against Standard Insurance Co.
X-Mode Social sells highly sensitive personal data it buys from third-party phone applications, alleged plaintiff Norma Egan in her first amended complaint (FAC) (docket 1:23-cv-11651) Friday in U.S. District Court for Massachusetts in Boston. X-Mode violates state law by acquiring and tracking consumers’ “precise geolocation data and other data through the use of XDK spyware and then profiting from the data by selling it to others without obtaining consent," said the FAC. Egan doesn’t challenge that the app that originally obtained her geolocation data obtained her consent to collect and share her data, but any purported consent was on behalf of the specific phone app “and did not apply to” X-Mode, it said. The data can include consumers’ movements to and from locations associated with medical care, reproductive health, religious worship, mental health, temporary shelters, such as shelters for the homeless, domestic violence survivors, addiction recovery or other “at-risk populations,” said the FAC. Neither X-Mode, nor any entity acting on its behalf, “ever attempted to obtain -- or did obtain -- consent for its subsequent sale or transfer of the data to other third parties after it acquired data from the phone applications,” said the FAC. Through the selling of Egan’s data without her consent, X-Mode has been “unjustly enriched” and has violated Egan’s privacy rights, state consumer protection and privacy statutes, and Section 5 of the FTC Act, it said. Egan claims unjust enrichment and violation of the Massachusetts Unfair and Deceptive Business Practices Act (see 2307260030).