Pro se plaintiff Venton Smith and defendant JPMorgan Chase filed a settlement notice (docket 3:23-cv-02804) Wednesday in U.S. District Court for Northern California in San Francisco. The parties reached a settlement in principle and are finalizing the agreement. When the settlement is final, Smith will move for dismissal with prejudice of his claims against Chase, expected within 60 days. The plaintiff claims his personally identifiable information was exposed in a 2019 Capital One data breach in which an Amazon Web Services employee stole data affecting about 106 million customers. Smith is suing more than 20 merchants, banks and credit reporting agencies, alleging negligence, unjust enrichment, breach of confidence and contract and violation of California’s Unfair Competition Law. Smith alleges at least 12 existing accounts were fraudulently accessed to buy unknown merchandise using his existing accounts for Jared Jewelers, American Express, Best Buy, Capital One, Chase, Citibank, Macy’s and Nordstrom, for a total $92,300 in loans, merchandise and products.

Peter Behrens, plaintiff in the class action against Genworth Financial that's pending in the U.S. District Court for Eastern Virginia, submitted an interested party response (docket 3083) Tuesday in partial opposition to plaintiff Bruce Bailey’s motion for centralization and transfer of related actions in MOVEit Customer Data Security Breach Litigation (see 2307120053). Behrens opposes Bailey's July motion to transfer based on the notice of related actions filed by Genworth Financial identifying the Behrens action as a case Genworth contends should be transferred to MDL 3083, said the filing before the U.S. Judicial Panel on Multidistrict Litigation. Behrens is “eligible for transfer,” and transfer is “neither necessary nor appropriate,” it said. Behrens’ complaint alleges Genworth failed to protect his personally identifiable information (PII) from “well-known threats by hackers” in Progress Software Corp.’s (PSC) May data breach. Behrens entrusted Genworth with his PII in order to buy a long-term care insurance policy, and Genworth “failed to protect that data,” said the response. Genworth entrusted Behrens’ data to Pension Benefit Information (PBI), with which Behrens “has no contractual relationship,” and PBI used PSC’s MOVEit file transfer software that contained “a vulnerability" to hackers,” it said. Though several entities are involved in the ultimate exposure of Behrens’ PII, the purpose of his action is “holding Genworth accountable for its failure to safeguard the information entrusted to it by Behrens and a class of 2.5 to 2.7 million similarly situated customers,” it said. Genworth isn't named as a defendant in the "vast majority" of the cases and tagalongs presented by the parties in favor of transfer, which Behrens identified as "unique cases covering unique data breaches including Johns Hopkins patients, California pensioners, Nebraska bank customers, and Louisiana driver’s license holders," in the opposition. “Naturally, Genworth would much prefer that Behrens’s case be transferred and centralized with over 40 other cases that are, as Genworth admits in its response … focused on the liability of entities other than Genworth,” said the opposition. Those are entities that Genworth “expressly blames for its obvious failure to protect 2.5 to 2.7 million Genworth customers’ most sensitive information,” it said: “To transfer Behrens’s case would benefit only Genworth and unnecessarily obscure Behrens’s path to hold Genworth accountable.”

U.S. District Judge Charles Breyer set a motion hearing for Oct. 13 at 10 a.m. for Venton Smith's Thursday motion for a default judgment against Jared Jeweler in a privacy lawsuit involving the 2019 Capital One data breach, said his Monday text-only notice (docket 3:23-cv-02804) in U.S. District Court for Northern California in San Francisco. The videoconference will be via Zoom and is open to the media and public. The pro se plaintiff claims his personally identifiable information was exposed in a 2019 Capital One data breach in which an Amazon Web Services employee stole data affecting about 106 million customers. Smith is suing more than 20 merchants, banks and credit reporting agencies, alleging negligence, unjust enrichment, breach of confidence and contract and violation of California’s Unfair Competition Law. Smith alleges at least 12 existing accounts were fraudulently accessed to buy unknown merchandise using his existing accounts for Jared, American Express, Best Buy, Capital One, Chase, Citibank, Macy’s and Nordstrom, for a total $92,300 in loans, merchandise and products.

Plaintiff James Miller’s claims that Pentagon Federal Credit Union, Verisk Analytics and Lead Intelligence record visitors’ electronic communications activities on PenFed’s website without their consent (see 2306200017) should be dismissed because Miller “claims no harm whatsoever,” said their motion Friday (docket 2:23-cv-04785) in U.S. District Court for Central California in Los Angeles. Miller doesn’t claim, because it isn’t true, that PenFed “surreptitiously shared this data with third-parties apart from the alleged software service provider, or that this data was used for a nefarious purpose,” because it wasn’t, it said. His claims should be dismissed for lack of Article III standing because his allegations don’t establish a concrete harm, it said.

Craig Mariam, counsel for Gordon Rees, filed notice (docket 3083) Friday of four related cases in MOVEit Customer Data Security Breach Litigation against defendant Milliman Solutions before the U.S. Judicial Panel on Multidistrict Litigation (JPML). The cases don't name MOVEit software provider Progress Software as a defendant. The four cases against actuarial firm Milliman Solutions, which provides insurance products to TruStage Financial Group, among others, allege Milliman violated its privacy policy that states it has security policies in place intended to ensure the security and integrity of all customers' personal data. The policy says “If Milliman forwards Personal Data to any third party, Milliman requires that those third parties have appropriate technical and organizational measures in place” to comply with its privacy policy, alleges plaintiff David Hale in Hale v. Milliman Solutions (docket 2:23-cv-01206), filed Aug. 8 in U.S. District Court for Western Washington in Seattle. The other related cases, in the same court, are Soto v. Milliman Solutions (docket 2:23-cv-01236), Jones v. Milliman Solutions (docket 2:23-cv-01246) and Gregory v. Milliman Solutions and TruStage Financial (docket 3:23-cv-00559). Plaintiffs in the four class actions suffered invasion of privacy, lost or diminished value of their personally identifiable information, lost time and opportunity costs for trying to mitigate consequences of the MOVEit data breach, and continued and increased risk to their PII, the notice said. Also Friday, Genworth Financial attorney Eamon Joyce of Sidley Austin filed a notice of related action (docket 3083) before the JPML for Herman Burkett Jr. v. Genworth Life and Annuity Insurance Co., in MOVEit Customer Data Security Breach Litigation. Defendant Herman Burkett of Dallas claims he suffered identity theft, fraud and harms he had no ability to mitigate due to Genworth’s “delayed notice” to customers about the late May MOVEit software data breach.

A related privacy class action, Adams v. Google (docket 23-cv-04191) is consolidated with Smith v. Google, said a Thursday consolidation order (docket 5:23-cv-03527) signed by U.S. District Judge Casey Pitts in U.S. District Court for Northern California in San Jose. Plaintiffs allege U.S. consumers have been transmitting sensitive financial information to Google when they file their taxes online on H&R Block, TaxAct and TaxSlayer (see 2307170033). Plaintiff Mary Smith of DuPage County, Illinois, alleges Google Analytics’ tracking pixel, embedded in the JavaScript of online tax preparation websites, sent “massive amounts” of her private tax return information such as income, refund amounts, filing status and scholarship information to Google, without her consent, “to improve its ad business and other business tools,” said her July complaint. Disclosing tax return information without consent “is a crime,” as are aiding and abetting the unlawful disclosure of tax return information and inspecting unlawfully obtained tax return information, it said. Pitts ordered plaintiffs’ counsel to file a consolidated complaint within 45 days; an initial case management conference in the consolidated matter is scheduled for Oct. 12, 1 p.m. PDT.

Sports apparel company Homage removed to U.S. District Court for Central California in Santa Ana a putative class action in which plaintiff Sonya Valenzuela claims Homage secretly enables and allows a third-party spyware company, Kustomer, to wiretap and eavesdrop on the private conversations of everyone who communicates through the chat feature at Homage.com, in violation of the California Invasion of Privacy Act. Homage “vehemently denies these allegations,” said its notice of removal Thursday (docket 8:23-cv-01601). Homage also vehemently denies Valenzuela’s case “is suitable for class treatment,” it said. Valenzuela’s complaint, filed July 14 in Orange County Superior Court, alleges Homage’s actions “are not incidental to facilitating e-commerce, nor are they undertaken in the ordinary course of business.” To the contrary, it says, Homage’s actions “violate industry norms and the legitimate expectations of consumers,” it said. Court records show Valenzuela as a party of record in dozens of lawsuits of various types since Jan. 1. The World Wildlife Fund recently said Valenzuela and her lawyer, Scott Ferrell of Pacific Trial Attorneys, are responsible for filing many nearly identical lawsuits against various entities (see 2307280032). Ferrell is also Valenzuela's attorney in the class action against Homage, which seeks injunctive relief, plus actual, statutory and punitive damages.

The parties in the Meta Pixel Healthcare Litigation asked the court to relate Hartley v. Meta Platforms to the consolidated class action, said a Tuesday joint administrative motion (docket 3:22-cv-03580) to consider relating cases in U.S. District Court for Northern California in San Francisco. Plaintiffs in the consolidated action allege Meta used its business tools, including the Meta Pixel, “to intercept individually identifiable health information” from partner web properties. Similarly, plaintiff Hartley alleges the University of Chicago Medical Center “collects and shares the personally identifiable information and PHI of patients using a ‘Facebook Pixel,’” which the medical center installed on its web properties, said the motion. The consolidated action and Hartley “concern substantially the same parties, property, transaction, or event,” Meta’s alleged receipt of users’ health information via the Meta Pixel.

Plaintiffs Nicolas Timmons and Kristi McDavitt agree that six related actions should be consolidated in litigation against Intellihartx, said their memorandum (docket 3:23-cv-01224) in support of consolidation Monday in U.S. District Court for Northern Ohio in Toledo. The class actions allege similar facts and legal claims arising out of a data breach at healthcare payment services company Intellihartx that affected the personal health information of over 480,000 patients. All actions bring substantially identical claims for negligence, breach of implied contract, breach of third-party beneficiary contract, unjust enrichment and breach of confidence, said the filing. Plaintiffs Timmons and McDavitt oppose the leadership structure proposed by the Perrone v. Intellihartx (docket 3:23-cv-01224) plaintiff and will file separate motions to have their attorneys be considered for interim class counsel, said the memorandum. In addition to Perrone, the related actions are Kelly v. Intellihartx (docket 3:23-cv-01338), Cabrales v. Intellihartx (3:23-cv-01439), Timmons v. Intellihartx (docket 3:23-cv-01452), McDavitt v. Intellihartx (docket 3:23-cv-01499) and Terwilliger and Rodriguez v. Intellihartx (docket 3:23-cv-01509).

Plaintiffs’ privacy claims over a COVID 19 contact-tracing app are moot, said defendants Massachusetts Gov. Maura Healey (D) and Department of Public Health (DPH) Commissioner Robert Goldstein in a proposed reply (docket 3:22-cv-11936) in support of their motion to dismiss Friday in U.S. District Court for Massachusetts in Springfield (see 2306140034). Lead plaintiff Robert Wright conceded that the MassNotify setting ended in May but urged the court to reach the merit of the plaintiffs' claims because the voluntary cessation and capable-of-repetition-yet-evading review exceptions to mootness should apply, said the defendants. Those arguments fail as a matter of law and fact, they said. Contrary to Wright’s assertion, the court may decline to apply the voluntary cessation exception and dismiss the case as moot without determining precisely who decided to end the MassNotify setting because there's no reason to believe that decision was made to moot this lawsuit “or for any reason related to this litigation,” said the reply. Records show the MassNotify setting “stopped functioning and is no longer installed on Android devices,” which it said isn't to avoid a court judgment but because the Event Notification Service program terminated at the end of the federal COVID-19 public health emergency. Plaintiffs’ rationale that there’s no absolute confirmation that the challenged policy will never be reimposed “finds no support in case law,” defendants said, citing West Virginia v. Environmental Protection Agency where SCOTUS determined the party asserting mootness has to establish only that it's “absolutely clear that the allegedly wrongful behavior could not reasonably be expected to recur.” DPH has no present plans “or even capacity to restart the setting or another digital exposure notification system on its own,” said the reply, and the department “is not aware of any plans to bring back the national program either.” On data collection, the reply said, “Where the unrebutted evidence shows that the data retained by the Department cannot be connected to Plaintiffs, an order directing the Department to destroy that data or stop accessing it would have no impact on Plaintiffs -- though it would stymie” DPH’s “ongoing efforts to evaluate and learn from the Commonwealth’s pandemic response.” Defendants asked the court to dismiss plaintiffs’ first amended complaint with prejudice and their request for jurisdictional discovery.