Rah-Nita Boykin, who filed a negligence class action (docket 1:24-cv-02973) against AT&T April 12 in U.S. District Court for Northern Illinois, supports transfer and consolidation of related actions in In re: AT&T Inc. Customer Data Security Breach Litigation to the Northern District of Texas in Dallas, said her interested party response (docket 3114) Thursday before the Judicial Panel on Multidistrict Litigation. Alternatively, the Country Club Hills, Illinois, resident supports transfer to the Northern District of Illinois in Chicago, the response said. Boykin agrees that the related actions involve one or more common questions of fact, that transferring the cases would serve “the convenience of parties and witnesses,” and that transferring the cases will “promote the just and efficient conduct of such actions,” meeting the criteria of 28 U.S.C. section 1407(a). Each of the related actions concerns “alleged failures” by AT&T resulting in a data breach affecting more than 73 million current and former AT&T customers, the response said. Because the related actions comprise overlapping putative nationwide classes, “no efficiencies will be gained by litigating these claims in multiple forums." Boykin referenced the group of plaintiffs supporting centralization in the Northern District of Georgia, on the basis that the breach largely involves Atlanta-based AT&T Mobility, and cited the carrier's response from Paula Phillips, director-legal administrator of AT&T Services: that “(1) AT&T’s investigation indicates less than 5% of potentially impacted customers are wireless customers; (2) AT&T incident response is based in Dallas; and (3) relevant witnesses for AT&T are located in Dallas.” While some evidence may be located out of the Northern Texas district, the company’s supplemental information “makes clear that much of the evidence subject to discovery will be found at AT&T’s headquarters,” said the response. Chicago federal court would be a “suitable alternative” to the Dallas court because it is also a “convenient and readily accessible location for all counsel and witnesses given its central location and large airports,” the response said. The Northern District of Illinois also has a “faster median time from filing to disposition compared to the Northern District of Texas,” it said. While many AT&T employees and records are located in Dallas, “the distance is easily overcome through the use of Zoom or other telecommunications platforms in today’s modern era of litigation,” said the filing.
Healthcare institutions are “particularly vulnerable" to cyberattacks because of the value of the private information they collect and maintain, but defendant DocGo failed to follow cybersecurity best practices, allowing cuber thieves to gain access to current and former patients’ protected health information (PHI) and personally identifiable information (PII), alleged a negligence class action Thursday (docket 1:24-cv-03594) in U.S. District Court for Southern New York.
Student loan servicer Heartland ECSI “failed to institute proper security protocols” to protect individuals’ Social Security numbers and other personally identifiable information (PII), alleged a negligence class action Thursday (docket 2:24-cv-00699) in U.S. District Court for Western Pennsylvania.
Cybersecurity company Zilla Security violated the Telephone Consumer Protection Act by making telemarketing calls to Edward Koeller and his putative class members whose numbers are listed on the national do not call registry, and did so without their written consent, alleged Koeller’s TCPA class action. Zilla also placed calls to pitch its cybersecurity products to people “who had previously asked to no longer receive calls,” alleged Koeller’s complaint Wednesday (docket 1:24-cv-11228) in U.S. District Court for Massachusetts in Boston. The St. Louis-area resident listed his cellphone number on the national DNC registry in August 2007, and the number also has been listed on the Missouri DNC registry since January 2013, it said. Koeller has never been a Zilla customer, and never consented to receive its calls, but received at least two Zilla calls on April 25 and 30, both before 8 a.m., the complaint said. He informed the defendant that he wasn’t interested in the company’s products and services, and complained the calls were coming in to his cellphone at “inappropriate” times of the day, it said. Koeller and other individuals who received these telemarketing calls “suffered an invasion of privacy and were harassed” by Zilla’s conduct, said the complaint.
Reddit charged online stock trading platform LevelFields for clicks to link to its website, but the plaintiff’s system didn’t log traffic corresponding to the links it was charged for, alleged a breach of contract class action Wednesday (docket 4:24-cv-02760) in U.S. District Court for Northern California. LevelFields contracted with Reddit on Sept. 9, 2022, authorizing Reddit to place its ad on the social networking platform, said the complaint. The plaintiff contacted Reddit for click logs that would show corresponding associated IP addresses, but Reddit claiming it was unable to provide that and instead provided only logs without IP addresses, it said. LevelFields alleges that representation is “false, because Reddit has to know where traffic was coming from for security and monitoring purposes.” Alternatively, the defendant “is failing to provide minimal levels of security and monitoring of clicks on its platform, in violation of its duties,” said the complaint. Plaintiff and class members were charged by Reddit “for fraudulent clicks,” it said. LevelFields also claims violation of California’s Unfair Competition Law. It seeks an order enjoining Reddit from the practices alleged; awards of restitution, damages and disgorgement; attorneys’ fees and costs; and pre- and post-judgment interest.
The Gap used a hidden embedded tracking system to collect, obtain and track the time and place where Ivonne Carbajal and other Arizona consumers opened the clothing retailer’s marketing emails, alleged Carbajal’s class action Tuesday (docket 2:24-cv-01056) in U.S. District Court for Arizona. The tracking system was provided by co-defendant PaeDae, doing business as Gimbal, and operating as Infillion, said the complaint. The system also enabled The Gap to discern the average read time of an email, the number of times an email was opened and whether an email was printed or forwarded, said the complaint. It enabled the retailer to learn the type of device a recipient used to access the email, it said. The Gap uses Infillion’s hidden embedded email tracking pixels to monitor the behavior of Carbajal and that of other Arizona residents, it said. Infillion obtains, stores and uses the collected data and communication service records “to paint a uniquely identifiable detailed picture” of consumers’ interests “to create targeted advertising campaigns for The Gap,” it said. The Maricopa County resident’s claims are brought under Arizona’s Telephone, Utility and Communication Service Records Act, which prohibits a person from knowingly obtaining a communication service record of any Arizona resident without the authorization of the person to whom the record pertains or by fraudulent, deceptive or false means, said the complaint. The Gap and Infillion never received consent from Carbajal and the class members to collect and track their communication service records, and they used "deceptive means" to collect and track those records, it said.
General Motors' “about-face” decision to stop selling driver data from OnStar-equipped vehicles, shortly after a March New York Times article that “exposed its deficient privacy practices,” supports the assertion that “its customers were not aware of GM’s surreptitious data collection and sharing,” alleged a class action (docket 4:24-cv-11221) Wednesday in U.S. District Court for Eastern Michigan in Flint.
T-Mobile moved Wednesday to compel arbitration in an 18-case multidistrict data breach litigation because all the more than three dozen plaintiffs in those actions agreed “on numerous occasions” to arbitrate any claims they may have against T-Mobile, said its motion (docket 4:23-md-03073) in U.S. District Court for Western Missouri in Kansas City. The plaintiffs can’t avoid “their contractual obligations,” it said.
Paul Reaves listed his residential phone number on the national do not call registry in 2017 but received at least two telemarketing text messages from Dunlop Sports between December and April promoting its golfing accessories, alleged his Telephone Consumer Protection Act class action Tuesday (docket 8:24-cv-00982) in U.S. District Court for Central California in Los Angeles. Reaves’ privacy was violated by the telemarketing text messages, said his complaint. The plaintiff never provided his consent or requested the text solicitations, which were “unwanted, nonconsensual encounters,” it said. Reaves and members of the class have been harmed by Dunlop's acts “because their privacy has been violated and they were annoyed and harassed,” it said. The text messages also occupied their phone lines, storage space and bandwidth, “rendering them unavailable for legitimate communication, including while driving, working, and performing other critical tasks,” it said.
The plaintiffs in two class actions against AT&T involving the recently disclosed release of customer data sets on the dark web (see 2404010019) filed an interested party response Tuesday (docket 3114) before the Judicial Panel on Multidistrict Litigation in support of movant Alex Petroski’s May 2 motion for centralization and transfer of related actions to U.S. District Court for Northern Texas in Dallas. David Vita, Charles Fairchild, Daniel Mariscal and Faith Brown in Vita et al. v. AT&T, Inc. (docket 5:24-cv-02356), in U.S. District Court for Northern California, and Jeryl Luciani, Courtney Garner and Michael Crain in Garner et al. v. AT&T, Inc. (docket 3:24-cv-00962) in Dallas federal court, cited Section 1407 of U.S. Code 28 that permits transfer and centralization of cases pending in different districts and involving “one or more common questions of fact,” if the panel determines that transfer and centralization will further “the convenience of parties and witnesses and will promote the just and efficient conduct of such actions.” Especially worth noting, the response said, is that “there is no evidence to suggest that AT&T’s operations in Georgia, which are predominantly the operations of AT&T’s cellular telephone service, AT&T Mobility, play an important role in this case. Rather, this data breach affects AT&T customers across the broad spectrum of AT&T’s telecommunication offerings, including landline service, internet service and television service,” the response said. Many plaintiffs in the AT&T action, including plaintiffs in the Vita and Garner actions, didn't have AT&T Mobility accounts, yet the company notified them that their personally identifiable information was compromised in the breach, said the response. “As AT&T made clear in its argument to the Panel, 'the Georgia proponents’ conjecture that AT&T Mobility Customers comprise the majority of impacted individuals is wrong'” (see 2405030065), the response said, referencing a group of plaintiffs who want the transferee venue to be the Northern District of Georgia. The Northern District of Texas is the “most appropriate and convenient venue for transfer and centralization of the related and any tag-along actions because relevant witnesses, databases, documents, and other evidence are likely located there," said the plaintiffs. At the time of the response filing, at least 33 of 46 cases filed were pending in the Dallas court, and the Northern District of Texas is easily accessible from two major commercial airports, the response said.