Courts across the country continue to grapple with thorny questions surrounding the legal implications of cyber-attacks.  Recently, a federal court in California considered whether a plaintiff could assert a claim against a company when a cyber-criminal acquired his personal information from the company and then used that information to steal his cryptocurrency.  The district court engaged in a highly fact-specific assessment of the allegations, allowing some claims to proceed but dismissing others. 

In Fraser v. Mint Mobile, LLC, the plaintiff’s personal information was exposed in a data breach affecting customers of Mint’s wireless cellular services.  2022 WL 1240864, at *1 (N.D. Cal. Apr. 27, 2022).  Around one to three days later, a cyber-criminal used the plaintiff’s stolen information to assume control over his cellular service by porting it to a new carrier.  Significantly, the plaintiff alleged that he had set up PIN verification on his Mint account just three days prior, and that Mint “bypassed this enhanced security when it allowed the porting out of his account.”  Shortly thereafter, the cyber-criminal allegedly used the plaintiff’s hijacked cellular service to steal the equivalent of $466,000 in cryptocurrency from him.  The plaintiff sued Mint for the loss, asserting a dozen claims under various federal and state laws.

Mint moved to dismiss the complaint, challenging proximate causation as to all claims given the intervening acts of cyber-criminals.  The district court found that proximate causation had been adequately pled because the data breach exposed the plaintiff’s personal information, the criminal activities happened in the span of a few days and followed a “logical progression,” and Mint supposedly bypassed the plaintiff’s PIN verification setup.  The district court held that it was plausible that Mint’s conduct directly and foreseeably created or increased the risk of the harm that befell the plaintiff.

Turning to specific claims, the district court allowed the plaintiff to proceed with contract claims based on either Mint’s user policies or, in the alternative, implied-in-fact contracts promising confidentiality and security.  The district court also allowed the plaintiff to proceed with negligence claims, concluding the parties plausibly had a “special relationship” based on the factors set forth in J’Aire Corporation v. Gregory, 24 Cal. 3d 799 (1979).  However, the district court dismissed the plaintiff’s claims for restitution under California’s Unfair Competition Law because it was a third party, not Mint, that had wrongfully acquired the plaintiff’s cryptocurrency.  The district court also dismissed the plaintiff’s claim under the Computer Fraud and Abuse Act because the stolen cryptocurrency did not “constitute loss related to a computer or system,” and further dismissed the plaintiff’s requests for punitive damages.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Megan Rodgers Megan Rodgers

Megan Rodgers is a partner in Covington’s litigation practice who focuses her practice on high-stakes complex litigation in federal and state courts, with a particular focus on mass torts and class actions in the technology and life sciences industries.

Megan is known for…

Megan Rodgers is a partner in Covington’s litigation practice who focuses her practice on high-stakes complex litigation in federal and state courts, with a particular focus on mass torts and class actions in the technology and life sciences industries.

Megan is known for navigating especially complex cases and successfully taking cases from pre-trial through jury verdicts. As a member of multiple trial teams, she has experience conducting trial examinations, arguing directed verdict and other dispositive motions, preparing expert and fact witnesses for deposition and trial, presenting in jury exercises, and developing case strategy. Most recently, she defended a pharmaceutical distributor against mass tort claims alleging public nuisance in a six-month bench trial in the opioids litigation. As a class action litigator, Megan uses her trial experience to shape strategy early on in a way that sets clients up for success at the class certification stage.

Megan was recently named a “Lawyer on the Fast Track” by The Recorder, recognized by the Daily Journal in its “Top 40 Under 40” feature, and named a “Rising Star” by Law360.

Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy uses her substantial class action experience to help clients develop strategic and innovative solutions to their most challenging litigation matters. She regularly defends clients in complex, high-stakes class action disputes involving privacy, antitrust, and consumer protection claims and has achieved significant victories…

Kate Cahoy uses her substantial class action experience to help clients develop strategic and innovative solutions to their most challenging litigation matters. She regularly defends clients in complex, high-stakes class action disputes involving privacy, antitrust, and consumer protection claims and has achieved significant victories for clients in the technology, entertainment, consumer product, and financial services industries. In addition, Kate has substantial experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), and common law and constitutional rights of privacy, among others.

Photo of Kanu Song Kanu Song

Kanu Song is a litigator who represents clients in the technology and life sciences industries in complex commercial disputes, including class actions, trade secret litigation, contract disputes, and actions brought under unfair competition and consumer protection laws. She has substantive experience in all…

Kanu Song is a litigator who represents clients in the technology and life sciences industries in complex commercial disputes, including class actions, trade secret litigation, contract disputes, and actions brought under unfair competition and consumer protection laws. She has substantive experience in all stages of litigation, including arbitrations and appeals, with a strong track record of success on dispositive motions.

Kanu also maintains an active pro bono practice focused on serving women and children, and assisting individuals and small businesses with intellectual property disputes.