Plaintiff Sophie Jani opposes transfer of her privacy class action (docket 3:23-cv-05054) against Patelco Credit Union to In Re: Moveit Customer Data Security Breach Litigation, said her Tuesday notice (docket 3083) before the U.S. Judicial Panel on Multidistrict Litigation. Jani’s case was transferred to U.S. District Court for Massachusetts from U.S. District Court for Northern California as part of conditional transfer order CTO-17.

Pro se plaintiff Venton Smith’s motion for separate trials in his lawsuit against over 20 banks, credit reporting agencies and retail companies arising from the 2019 Capital One data breach is "premature,” said U.S. District Judge Araceli Martinez-Olguin in an order Monday (docket 3:23-cv-02804) in U.S. District Court for Northern California in San Francisco. Smith filed his case June 7, claiming his personally identifiable information was exposed in the breach, in which an Amazon Web Services employee stole data affecting about 106 million customers. Judge Martinez-Olguin said since the filing, several defendants have been dismissed and further dismissals are anticipated based on recent notices of settlement. Upon reassignment of the case to Martinez-Olguin on Nov. 9, all pending motions were taken off the calendar and pending motions not resolved by Monday’s order must be re-noticed for hearing, said the order. Last week, Smith filed notices of settlement with Citibank, Macy’s and Best Buy.

The U.S. Judicial Panel on Multidistrict Litigation transferred six cases involving the MOVEit data breach to U.S. District Court for Massachusetts in Boston, said a clerk’s order (docket 3083) Tuesday. Conditional transfer order 19 (CTO-19) includes Copans v. Sutter Health et al., Clerc v. Fidelity Life Association, In re: UnitedHealthcare Student Resources Data Security Litigation, Jubran v. United HealthCare Services, Abramowitz vs. United HealthCare and Zaafan v. Umpqua Bank. The tagalong actions, from district courts in Eastern California, Northern Illinois, Minnesota and Western Washington, involve questions of fact common to the actions previously transferred to In re: MOVEit Customer Data Security Breach Litigation under U.S. District Judge Allison Burroughs. Since five cases were transferred Oct. 4, 139 additional actions have been assigned to the court. CTO-18, filed Friday, transferred Liptock v. MasTec, from South Carolina district court, and Evangelista v. National Student Clearinghouse from Eastern Virginia district court, said the order. Monday, Sovos Compliance submitted an opposition to CTO-15 related to Gorman v. Progress Software.

U.S. District Judge Josephine Staton for Central California in Los Angeles ordered Mandry Technology Solutions to show cause by Friday why plaintiff Dana Hughes’ privacy complaint against the company shouldn’t be remanded to Los Angeles County Superior Court because its diversity jurisdiction’s $75,000 amount-in-controversy requirement isn’t satisfied, said the judge’s Nov. 16 order (docket 2:23-cv-09502). Hughes alleges that Mandry, a supplier of IT, cybersecurity and cloud strategy enterprise services, “secretly installed” spyware on its website from third party Lead Forensics (see 2311120003). She alleges the spyware allows Mandry to “de-anonymize every anonymous visitor to the site” so that it knows each visitor's name, face, location, email and browsing history. Mandry attempts to meet its $75,000 burden “in large part by pointing to the cost of complying with an injunction,” should the court impose one in Hughes’ favor, said the judge’s order. But Mandry fails to allege any facts that allow the court “to determine whether the cost of complying with an injunction would actually push the amount in controversy over $75,000,” it said. Mandry also provides no information about the amount owed to Hughes in damages, “thereby making it impossible to know whether those damages, in combination with the costs of injunction compliance, easily surpass $75,000, as Mandry claims, it said.

EMS Management & Consultants moved to dismiss plaintiff Samantha O’Neal’s privacy complaint for lack of subject-matter jurisdiction and failure to state a claim on which relief may be granted, in a Thursday motion (docket 1:23-cv-00738) in U.S. District Court for Middle North Carolina. O’Neal’s fraud case involving the May MOVEit file transfer software data breach alleges EMS had a duty to protect her personally identifiable information and should have known “through readily available and accessible information about potential threats for the unauthorized exfiltration and misuse of such information.” O’Neal’s case was part of conditional transfer order 10 for transfer to In Re: MOVEit Customer Data Security Breach Litigation in U.S. District Court for Massachusetts, but O’Neal opposed the transfer in a Nov. 3 notice before the U.S. Panel on Multidistrict Litigation (see 2311060016).

Mandry Technology Solutions moved for dismissal of plaintiff Dana Hughes’ privacy complaint, partly on grounds that she’s a “serial filer of cookie-cutter lawsuits,” according to Mandry’s memorandum of points and authorities Thursday (docket 2:23-cv-09502) in U.S. District Court for Central California in Los Angeles in support of its motion to dismiss. Hughes alleges Mandry, a supplier of IT, cybersecurity and cloud strategy enterprise services, “secretly installed” spyware on its website from third-party Lead Forensics (see 2311120003). The spyware allows Mandry to “de-anonymize every anonymous visitor to the site” so that it knows each visitor's name, face, location, email and browsing history, her complaint said. But Hughes “alleges nothing about when she visited” Mandry’s website or what she did when she was there, according to the memorandum. She also doesn’t allege that Lead Forensics identified her, and alleges “no harm whatsoever,” because she has none, it said. The case is one of six that Hughes and her counsel, Robert Tauler of Tauler Smith in Los Angeles, have filed in the past two months alleging use of visitor identification software, it said. Each of the complaints pleads “near verbatim allegations arising from a website operator’s alleged collection of innocuous information” that asserts claims of an “unlawful computer hack,” said the memorandum. The complaints merely swap in “different defendants and websites,” it said. Hughes’ “cut-and-paste job belies the lack of merit to her claims,” it added. “Litigation tactics aside,” Hughes’ claims “fail for multiple reasons,” said the memorandum. “As a threshold matter,” Mandry isn’t subject to personal jurisdiction in California, it said. The complaint also should be dismissed under Federal Rule of Civil Procedure 12(b)(5) for insufficient service of process, it said. Her claims also fail on the merits, it said. She alleges “no tangible harm” under the California Comprehensive Computer Access and Fraud Act, plus she hasn’t alleged an “access” or “hack” in violation of the statute, it said. Her request for punitive damages also must be dismissed because she makes “no attempt to plead relief to punitive damages with particularity, as the law requires,” it said.

U.S. District Judge Paul Crotty for Southern New York in Manhattan dismissed a fraud case against toy maker Squishable arising from a 2022 data breach, said his order of dismissal Wednesday (docket 1:23-cv-3660). Squishable and plaintiff Christine Borovoy said this month that they were negotiating a settlement in the suit (see 2310060049), which asserted negligence, breach of contract, invasion of privacy and unjust enrichment claims. Crotty dismissed the case without prejudice and costs to either party, subject to reopening if the settlement isn’t consummated within 30 days.

Plaintiffs Saul and Shirley Lassoff asked the court for permission to file an emergency motion to preclude all other venues and duplicate litigation vs. defendant MGM Resorts International only and to issue a proposed first-to-file preclusion order in their negligence class action stemming from a September data breach, said their Wednesday letter (docket 1:23-cv-20419) to U.S. District Judge Joseph Rodriguez for New Jersey in Camden. The preclusion order requests that remaining cases involving the cyberattack on the hospitality company’s systems in September be transferred to Camden. The plaintiffs’ amended complaint added New Jersey, New York and Las Vegas MGM customers as potential class members in the action against MGM Resorts International and removed Caesars Entertainment, following the dismissal of Caesars without prejudice from the case this month (see 2310100027). The Lassoffs assert claims of breach of fiduciary duty and negligence.

U.S. District Judge William Orrick for Northern California ordered two class actions involving the Meta Pixel tracking tool to be reassigned to him and related to In Re: Meta Pixel Healthcare Litigation, said his Tuesday order (docket 3:22-cv-03580) in the San Francisco court. Beltran v. Meta Platforms (docket 3:23-cv-05250) and Harrill v. Meta (3:23-cv-05251) allege Meta and plaintiffs’ healthcare providers broke privacy laws when the healthcare defendants placed Meta’s Pixel code on their websites, allowing them to collect the personal health information of their users and share it with Facebook.

U.S. District Judge Steven Logan for Arizona in Phoenix granted the plaintiffs’ unopposed motion to consolidate three privacy class actions against Banner Health, said his Thursday signed order (docket 2:23-cv-00985), posted Monday. On Sept. 7, plaintiffs Cheryl McCulley et al. filed an unopposed motion to consolidate with two other cases currently pending in the District of Arizona: Irazaba v. Banner Health (docket 2:23-cv-01054) and Williams, et al. v. Banner Health, et al. (docket 2:23-cv-01228). On Sept.19, defendant Meta was severed from the Williams case, leaving Banner Health as the sole remaining defendant in all three cases. Consolidation is appropriate because the three cases involve a common single defendant, Banner Health, which is accused of similar conduct, failure to safeguard the privacy of plaintiffs’ health care records, said the order. All three cases allege common law violations of invasion of privacy, the Arizona Consumer Fraud Act and the Electronic Communications Privacy Act. Though each party has brought additional claims that the others did not, the claims are all factually related and are “essentially parallel mechanisms for addressing the same underlying conduct"; judicial economy will be served by consolidation, Logan said. McCulley v. Banner Health (docket 2:23-cv-00985) is the lead case.