Plaintiff Moves to Vacate CTO in MOVEit MDL, Says Case 'Lacks Sufficient Commonality'

Plaintiff Alexandra Lardis’ claims against Columbia University “materially differ” from those at issue in centralized actions in conditional transfer order (CTO-23) issued Dec. 13 by the Judicial Panel on Multidistrict Litigation in In Re: MoveIt Customer Data Security Breach Litigation, and the CTO should be vacated, said her Wednesday motion (docket 3083) before the panel. Lardis’ case “has nothing to do with the negligence of the defendants in the MOVEit action,” said the motion. Instead, her action (docket 1:23-cv-10241) alleges that defendant Columbia breached its contractual obligations to her and class members regarding its handling of personally identifiable information (PII) including Social Security numbers, dates of birth and first and last names, it said. Lardis alleges Columbia’s conduct violated the university’s written policies regarding maintenance, retention and handling of PII. As of Wednesday, the university “still failed to notify any class members,” or Lardis, of the data breach, “despite it occurring approximately seven months ago,” the motion said. Lardis’ theories of liability require “extremely limited, if any, fact discovery that would overlap with that of the centralized cases,” the motion said, and as a result of factual and legal discrepancies, the case “lacks sufficient commonality with the centralized cases and should not be transferred for pre-trial proceedings.” Lardis’ Nov. 21 action against Columbia, involving the May data breach in Progress Software Corp.'s MOVEit file transfer software, asserts claims of negligence, breach of implied contract and express contract, plus violation of New York Business Law.