Amended Data Breach Complaint Drops 2 Claims Against Macmillan

The three named plaintiffs in the data breach class action against Macmillan (see 2304040003) filed an unopposed motion for leave Friday (docket 1:23-cv-01217) in U.S. District Court for Southern New York in Manhattan to file a second amended complaint against the publisher. Plaintiffs Victoria Batchelor, Diana Griffin and Jaime Ariza allege Macmillan stores a “litany” of highly sensitive personal identifiable information (PII) about its current and former employees, but it “lost control over that data when cybercriminals infiltrated its insufficiently protected computer systems in a data breach.” The second amended complaint removes the negligence per se and the breach of fiduciary duty claims against Macmillan, and adds certain allegations from the negligence per se claim to their claim for negligence. The negligence claim now alleges Macmillan violated its duty under Section 5 of the FTC Act “by failing to use reasonable measures to protect PII and not complying with applicable industry standards.” Macmillan’s conduct “was particularly unreasonable” in light of the nature and volume of the PII it collected and stored, says the new complaint. Macmillan failed to prepare for “the foreseeable consequences of a data breach, including, specifically, the immense damages that would result to individuals in the event of a breach, which ultimately came to pass,” it says.