A federal court in the Northern District of California recently dismissed the majority of claims from a putative class action against Western Digital, in which plaintiffs claim that alleged security flaws in the manufacturer’s data storage devices allowed cyber hackers to access and delete plaintiffs’ data.  See Riordan v. W. Digital Corp., No. 21-CV-06074-EJD, 2024 WL 2868152 (N.D. Cal. June 5, 2024).  The court previously granted in part Western Digital’s motion to dismiss with leave to amend.

Plaintiffs’ second amended complaint asserted claims for violation of the Song-Beverly Consumer Warranty Act (the “Song-Beverly Act”), negligence / failure to warn, violation of the California Unfair Competition Law (“UCL”), and unjust enrichment.  In its motion to dismiss, Western Digital sought dismissal of all of the claims in their entirety except the negligence / failure to warn claim, and also sought dismissal of plaintiffs’ requests for injunctive relief.

In a decision issued on June 5, 2024, Judge Edward J. Davila granted Western Digital’s motion to dismiss, without leave to amend.  First, the judge noted that plaintiffs agreed with the court’s prior finding that they did not have Article III standing to pursue injunctive relief, since plaintiffs did not allege facts demonstrating sufficient risk of future injury; rather, plaintiffs’ alleged injury-in-fact relied on “mere speculation and conjecture that their data may have been stolen.”  As plaintiffs’ second amended complaint did not include any new allegations related to future misuse of data, the court struck plaintiffs’ requests for injunctive relief, including plaintiffs’ requests for a class-wide injunction and an injunction under the UCL.

Next, the court turned to plaintiffs’ claim for breach of warranty under the Song-Beverly Act, which provides that every sale of consumer goods in California includes an implied warranty by the manufacturer that the goods are merchantable.  Under the Act, a claim for breach of warranty must arise within one year following the date of sale.  In addition, a four-year statute of limitations applies to claims brought under the Act.  The court dismissed plaintiffs’ claim, finding that plaintiffs did not allege sufficient facts establishing their date of purchase of the devices, and thus, could not show that the alleged breach occurred within the one-year warranty period during which a claim can arise.  The court also rejected plaintiffs’ argument that Western Digital’s ongoing maintenance of the allegedly defective web portal associated with the devices continuously extended the warranty period under the statute.  Finally, the court dismissed the plaintiffs’ UCL and unjust enrichment claims on the ground that claims for equitable relief cannot proceed where plaintiffs failed to allege that they lacked an adequate remedy at law.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Devon Schulz Devon Schulz

Devon Schulz is an associate in Covington’s San Francisco office and a member of the firm’s Litigation and Investigations Practice Group. Devon also advises clients on privacy and cybersecurity issues, including compliance obligations. She earned her J.D. from the UCLA School of Law…

Devon Schulz is an associate in Covington’s San Francisco office and a member of the firm’s Litigation and Investigations Practice Group. Devon also advises clients on privacy and cybersecurity issues, including compliance obligations. She earned her J.D. from the UCLA School of Law, where she served as a Managing Editor for the UCLA Journal of Law and Technology.

Devon maintains an active pro bono practice focusing on civil rights and criminal justice.