The Citrix Bleed flaw in Citrix’s NetScaler software allowed bad actors to access plaintiff Antonio Cole's and nearly 285,000 class members’ personally identifiable information (PII), alleged Cole's class action Friday (docket 0:24-cv-60269) in U.S. District Court for Southern Florida in Fort Lauderdale. Co-defendant Planet Home Lending informed plaintiff Cole, an Alabama resident, of the incident on Jan. 25, telling him his name, Social Security number, loan and financial account numbers were compromised in a Nov. 15 cyberattack that Planet became aware of that day, the complaint said. On Feb. 13, Cole’s bank informed him about unauthorized charges on his debit/credit card, forcing him to freeze and close that account, and change his autopay information with several vendors. Following the breach, Cole noticed an increase in spam emails, texts and phone calls, it said. Cole has spent about four hours consulting his bank about the fraudulent charges and six hours dealing with consequences of the breach, it said. On Nov. 28, Planet determined “with reasonable certainty” that the threat actor accessed a read-only data folder with copies of loan files containing the PII of some of its customers. The notice said Planet has not paid, and doesn’t anticipate paying, a ransom to the threat actor. The mortgage company was in the process of retaining a third-party consultant to do an audit and risk assessment of its information security technology, controls and processes, it said. Planet offered affected individuals credit monitoring and identity protection services via Experian Identity Works for 24 months, it said. The class action asserts claims of negligence, breach of express and implied contract, and unjust enrichment. Cole seeks for himself and the class actual and statutory damages, equitable relief, restitution, disgorgement and statutory costs; an order requiring defendants to purchase funds for lifetime credit monitoring and identity theft insurance; attorneys’ fees and legal costs; and pre- and post-judgment interest.
Plaintiffs Brandford Bosley and Patricia Bosley oppose conditional transfer order 30 (CTO-30) in In Re: MOVEit Customer Data Security Breach Litigation said their notice of opposition (docket 3083) Friday before the Judicial Panel on Multidistrict Litigation. Bosley et al v. California Physicians’ Services et al (docket 3:24-cv-00229) was removed Feb. 2 from Superior Court of California, San Diego County and is pending in U.S. District Court for Southern California. The class action involves Progress Software Corp.’s May data breach in its MOVEit file transfer software.
Wondershare Software violated California’s Automatic Renewal Law (ARL) by failing to present its subscription terms in a clear and conspicuous manner, alleged a fraud class action Friday (docket 2:24-cv-01314) in U.S. District Court for Central California in Los Angeles.
The three plaintiff-appellants seeking to reverse the district court’s order compelling their false advertising claims against SiriusXM to individual arbitration (see 2311130005) joined with SiriusXM Friday to ask the 9th U.S. Circuit Appeals Court to stay the appeal (docket 23-4018), pending the outcome of an important U.S. Supreme Court arbitration case. SiriusXM also wants the 9th Circuit to stay its cross-appeal (docket 23-4338) challenging the district court’s authority to dismiss the case instead of staying the proceedings after compelling claims to arbitration.
The loyalty of millions of children has helped turn online gaming platform Roblox into "a wild success,” but the platform “systematically takes advantage" of kids and exposes them "to unsafe, unregulated, and grotesque virtual experiences,” alleged a class action Friday (docket 3:24-cv-00963) in U.S. District Court for Northern California in San Francisco.
Aflac violated the Telephone Consumer Protection Act by placing a single telemarketing robocall Sept. 7 to Stewart Smith, despite his cellphone number having been listed on the national do not call registry since June 2010, alleged Smith’s class action Thursday (docket 2:24-cv-00679) in U.S. District Court for Eastern Pennsylvania in Philadelphia. In Aflac’s “overzealous attempt” to market its motor vehicle warranties, it willfully or knowingly made, and continues to make, unsolicited telemarketing phone calls to numbers listed on the DNC registry, said the complaint. Through its conduct, Aflac has invaded Smith’s privacy and that of his class members, it said. At no point did Smith provide Aflac with his express written consent to be called for telemarketing purposes, it said. As a result of the unlawful robocall, Smith “experienced frustration, annoyance, irritation and a sense that his privacy had been invaded,” it said.
AT&T and Leon Peng, the plaintiff in a shareholder derivative suit alleging AT&T duped investors over its ownership of toxic lead cables (see 2402020001), agreed to stay Peng's case, pending developments in a separate case against AT&T in New Jersey, said their stipulation Thursday (docket 1:24-cv-00132) in U.S. District Court for Delaware in Wilmington. The stay would lift 30 days after the U.S. District Court for New Jersey rules on AT&T's forthcoming motion to dismiss plaintiff John Brazinsky’s securities fraud class action alleging similar claims against current and former AT&T officers and board members (see 2307300002), said the stipulation. In light of “the similarities and overlaps” between the two cases, the parties agree that a stay would “conserve the parties’ and judicial resources,” said the stipulation.
Brittany Hammond and Tamia Charles voluntarily dismissed without prejudice their negligence class-action claims against Citrix and Comcast without prejudice, said their notice Wednesday (docket 0:23-cv-62409) in U.S. District Court for Southern Florida in Fort Lauderdale. Hammond et al v. Citrix was one of a dozen actions named in a motion (docket Ref:2401120011) for coordinated or consolidated pretrial proceedings before the Judicial Panel on Multidistrict Litigation last month, filed by the plaintiff in Hasson v. Comcast Cable Communications. Kenneth Hasson said centralization is appropriate because the related class actions filed in three separate federal district courts arise from the same October data breach that affected the personal information of millions of individuals. Hammond and Charles’ suit asserted claims of negligence and negligence per se; breaches of implied contract and third-party beneficiary contract; unjust enrichment; and violations of the Florida Deceptive and Unfair Trade Practices and New Jersey Consumer Fraud acts.
The 9th U.S. Circuit Court of Appeals is considering for an upcoming oral argument calendar in San Francisco in June or July the appeal of six Chrome users against Google, said a text-only clerk’s notice Thursday (docket 22-16993). The six plaintiff-appellants seek to reverse a December 2022 district court order granting summary judgment for Google in a class action that alleged Google improperly collects the personal information of users who opt not to “sync” their browsers to their Google accounts (see 2212290037),
U.S. District Judge Gary Klausner for Central California in Los Angeles ordered plaintiff “Jane Doe” to show cause why she should be permitted to proceed by pseudonym in a lawsuit against PHE, owner of adult products website Adam & Eve, said a Wednesday filing (docket 2:24-cv-01065). Doe’s Jan. 3 privacy complaint in Los Angeles County Superior Court, removed Feb. 7 to federal court, alleges PHE caused Google to learn the contents of her private and protected sexual information without notifying her and without her consent, in violation of the California Invasion of Privacy Act. Doe filed a class action vs. PHE on Sept. 25, and the court ordered her to show cause then, too, why she should be permitted to proceed by pseudonym, said the order. Soon after, Doe filed a notice of voluntary dismissal and refiled her case in state court, adding Google as a defendant; the action was removed this month. Under Federal Rules of Civil Procedure, a plaintiff must list her real name in the complaint, the order said. The rules “serve the purpose of promoting the public’s right to open courts and the right of private individuals to confront their accusers,” Klausner said. He added: “The rule that a plaintiff must use her real name is not absolute” and that in limited circumstances, a plaintiff may use a pseudonym “with the court’s permission.” Doe has not sought the court’s permission, said the order.