Mr. Cooper “negligently allowed” customers’ personally identifiable information (PII) to be compromised and failed to take “reasonable steps to protect against an obvious threat,” alleged a Feb. 1 complaint (CVMV2401017) in California Superior Court, Riverside County, involving an Oct. 31 data breach. Plaintiff Michael Geller, who received a letter Dec. 15 informing him of the breach in Mr. Cooper’s systems, alleges the mortgage company “failed to take reasonable steps to employ security measures that are adequate” and didn’t attempt to protect PII, “despite highly publicized breaches of other large companies in recent years.” Affected files included Geller’s name, address, phone number, email address, Social Security number and birthdate, it said. As a result of the data breach, the Moreno Valley, California, resident has suffered losses including loss of control over the value of his PII. The suit also names Does 1-10 as defendants. Causes of action are negligence, breach of implied contract and violation of the California Data Breach Notification Act. Geller seeks appropriate monetary relief not to exceed $35,000, said the complaint. Mr. Cooper didn't comment.

Brittany Hammond and Tamia Charles voluntarily dismissed without prejudice their negligence class-action claims against Citrix and Comcast without prejudice, said their notice Wednesday (docket 0:23-cv-62409) in U.S. District Court for Southern Florida in Fort Lauderdale. Hammond et al v. Citrix was one of a dozen actions named in a motion (docket Ref:2401120011) for coordinated or consolidated pretrial proceedings before the Judicial Panel on Multidistrict Litigation last month, filed by the plaintiff in Hasson v. Comcast Cable Communications. Kenneth Hasson said centralization is appropriate because the related class actions filed in three separate federal district courts arise from the same October data breach that affected the personal information of millions of individuals. Hammond and Charles’ suit asserted claims of negligence and negligence per se; breaches of implied contract and third-party beneficiary contract; unjust enrichment; and violations of the Florida Deceptive and Unfair Trade Practices and New Jersey Consumer Fraud acts.

U.S. District Judge Gary Klausner for Central California in Los Angeles ordered plaintiff “Jane Doe” to show cause why she should be permitted to proceed by pseudonym in a lawsuit against PHE, owner of adult products website Adam & Eve, said a Wednesday filing (docket 2:24-cv-01065). Doe’s Jan. 3 privacy complaint in Los Angeles County Superior Court, removed Feb. 7 to federal court, alleges PHE caused Google to learn the contents of her private and protected sexual information without notifying her and without her consent, in violation of the California Invasion of Privacy Act. Doe filed a class action vs. PHE on Sept. 25, and the court ordered her to show cause then, too, why she should be permitted to proceed by pseudonym, said the order. Soon after, Doe filed a notice of voluntary dismissal and refiled her case in state court, adding Google as a defendant; the action was removed this month. Under Federal Rules of Civil Procedure, a plaintiff must list her real name in the complaint, the order said. The rules “serve the purpose of promoting the public’s right to open courts and the right of private individuals to confront their accusers,” Klausner said. He added: “The rule that a plaintiff must use her real name is not absolute” and that in limited circumstances, a plaintiff may use a pseudonym “with the court’s permission.” Doe has not sought the court’s permission, said the order.

The 9th U.S. Circuit Court of Appeals is considering for an upcoming oral argument calendar in San Francisco in June or July the appeal of six Chrome users against Google, said a text-only clerk’s notice Thursday (docket 22-16993). The six plaintiff-appellants seek to reverse a December 2022 district court order granting summary judgment for Google in a class action that alleged Google improperly collects the personal information of users who opt not to “sync” their browsers to their Google accounts (see 2212290037),

Four class actions vs. Honeywell and two vs. M&T Bank were transferred to In Re: MOVEit Customer Data Security Breach Litigation (docket 3083), said conditional transfer order 31 (CTO-31) Tuesday from the Judicial Panel on Multidistrict Litigation. The cases join over 200 actions involving Progress Software Corp.’s (PSC) May MOVEit file transfer software data breach that have been transferred to U.S. District Court for Massachusetts in Boston and assigned to U.S. District Judge Allison Burroughs. None of the six cases names PSC as a defendant. Also Tuesday, plaintiff Patrick Lew filed a notice of opposition (docket 4:24-cv-00532) to CTO-29, relating to Lew v. Medical Eye Services Inc. et al, pending in U.S. District Court for Northern California after removal from California state court. The Dec. 13 class action, which also names Blue Shield of California, pleads six causes of action for negligence, invasion of privacy and violations of the California Civil Code. Stays were lifted Tuesday on the remaining four cases in CTO-29, along with CTO-27. Plaintiff Alexandra Lardis dropped her claims against Columbia University involving the MOVEit data breach, said her notice of voluntary dismissal (docket 1:23-cv-10241) without prejudice Tuesday in U.S. District Court for Southern New York in Manhattan. Lardis moved to vacate CTO-23 Jan. 3 (see Ref:2401040007), saying her claims “materially differ” from those at issue in centralized actions in CTO-23. Lardis’ case “has nothing to do with the negligence of the defendants in the MOVEit action,” said her motion, which alleges Columbia breached its contractual obligations to her and class members regarding its handling of their private information.

The Temu shopping app and its owner, PDD Holdings, seek to compel the privacy claims of seven plaintiffs to arbitration, said their memorandum of law Friday (docket 1:23-cv-15653) in U.S. District Court for Northern Illinois in Chicago in support of their motion. The lawsuit alleges the Temu app is “purposefully and intentionally loaded” with tools to execute “virulent and dangerous malware and spyware activities” on user devices, and that Temu misled people about how it uses their data (see 2311060041). But the plaintiffs’ claims “belong in arbitration, not in court,” said the memorandum. When the plaintiffs signed up for Temu, “they agreed to individually arbitrate any dispute relating to their use of Temu’s service,” it said. “That agreement is valid,” it said. When the plaintiffs created their Temu accounts, they were presented with a “registration prompt” informing them that, by continuing, they would be agreeing to the etailer’s terms, it said. The prompt “was in a format that multiple federal appeals courts have repeatedly held sufficient to form a valid agreement,” it said. The plaintiffs can’t dispute that they were presented with the prompt and chose to continue past it, and thus they are bound by the terms, it said. Those terms mandate that the plaintiffs’ claims “proceed on an individual basis in arbitration,” it said. “Even if there were any doubt about the arbitration provision’s scope,” the terms delegate resolution of arbitrability issues to the arbitrator, it said. Courts “routinely compel arbitration in these circumstances,” it said. The terms also contain a class action waiver that bars the plaintiffs from pursuing this lawsuit on a class basis, said the memorandum. Plaintiffs agreed that any dispute they bring against Temu must be resolved on an individual basis, it said. The plaintiffs “ignored this requirement when they filed this suit on behalf of a putative class of all Temu users,” it said. Class-action waivers like the one here “are regularly enforced and require that arbitration be compelled on an individual basis,” it said. The plaintiffs can’t “skirt” the arbitration requirement by naming Temu’s parent, PDD Holdings, as a defendant, it said. Though PDD Holdings isn’t a named party to the terms, “settled law holds that a non-signatory may enforce an arbitration agreement where the plaintiff alleges that it has an agency relationship, or engaged in concerted misconduct, with the signatory,” it said. That’s “precisely” what the plaintiffs allege here, it said. They base their claims against PDD Holdings on the "incorrect" premise that it has an agency and “alter ego” relationship with Temu, it said.

Bradford Clements seeks leave to file a motion for reconsideration of U.S. District Judge Edward Davila’s Jan. 19 order dismissing his case against T-Mobile and compelling his claims to arbitration (see 2401190009), said his memorandum of points and authorities Wednesday (docket 5:22-cv-07512) in U.S. District Court for Northern California in San Jose in support of that motion. The pro se plaintiff alleged he was victimized in eight different data breaches during the three years he was a T-Mobile customer, and he brought claims under various California consumer protection and privacy statutes, plus the federal Stored Communications Act (see 2306060047). The judge found that the arbitration agreement between Clements and T-Mobile is valid and “encompasses the claims at issue” in Clements’ first amended complaint. He also found that the plaintiff’s failure to file an opposition to T-Mobile’s motion to dismiss constituted grounds for dismissal under Rule 41(b) for failure to prosecute or comply with a court order, it said. But Clements now contends that Davila’s analysis under Federal Rule of Civil Procedure 41(b) includes a manifest failure to consider material facts or dispositive legal arguments that were presented to the court, said his motion for reconsideration. He also contends that Davila’s order “also dismisses a case that will ultimately present legal challenges to an arbitration agreement” that the court admits “only it can decide,” the memorandum said. Clements has shown “reasonable diligence” in bringing his motion within 19 days of the court’s filing of the amended dismissal order, it said. No response to the motion for leave need be filed, and no hearing will be held unless otherwise ordered by the court, it said.

U.S. District Judge Vince Chhabria for Northern California in San Francisco postponed Friday’s case management videoconference to Feb. 23 at 10 a.m. PST in the AirTags privacy class action against Apple (see 2401100047), said a text-only clerk’s notice Tuesday (docket 3:22-cv-07668). The 38 plaintiffs in the class action seek to hold Apple accountable for the growing use of the AirTag as a stalking device (see 2311140041). Apple contends that the 38 plaintiffs' allegations are “a misplaced effort to hold Apple legally responsible for third parties’ intentional misuse of its AirTag product” (see 2310300030).

Verizon and its cloud storage vendor, Synchronoss Technologies, used AI to monitor and screen Verizon customer William Lawshe's data and incorrectly identified a file in his possession as containing child sexual abuse material (CSAM), alleged Lawshe’s Jan. 12 defamation complaint in St. Johns County, Florida, Circuit Court. Verizon on Tuesday removed the complaint (docket 3:24-cv-00137) to U.S. District Court for Middle Florida in Jacksonville. Verizon and Synchronoss knew or should have known that the use of their AI technology “carried the substantial risk of misidentification of content as CSAM,” said the complaint. The file didn’t contain CSAM, yet Verizon and Synchronoss reported it to Florida police as a felony, it said. Verizon and Synchronoss communicated to law enforcement that the St. Augustine, Florida, resident was in possession of an image that depicted the "lascivious exposition" of a "prepubescent minor," it said. The publication of the defamatory statement “was made with actual malice and/or a reckless indifference to the truth of the accusation and a wanton disregard” for Lawshe’s rights, said the complaint. In addition to defamation, Lawshe’s lawsuit alleges violations of the Stored Communications Act. He seeks damages and recovery of attorneys’ fees.

Plaintiff Douglass Newell voluntarily dismissed his negligence lawsuit against Citrix Systems, Fidelity National Financial and LoanCare involving the October “Citrix Bleed” data breach, said an order signed Tuesday (docket 0:24-cv-60048) by U.S. District Court Judge Donald Middlebrooks for Southern Florida in Fort Lauderdale. Following the data breach, Newell noticed an increase in spam emails, text messages and phone calls, and he has had to pay for credit monitoring, identity theft protection and a credit card security plan, said his January complaint (see 2401090057). Middlebrooks dismissed the case without prejudice.