After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities.  The case, In Re Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation, 3:18-md-02828, had a long history—a narrowed set of class claims had survived three prior rounds of motions to dismiss.  Had the claims been allowed to go forward a fourth time, businesses may have faced additional liability concerns for attempting to address cyber vulnerabilities in their products before those exploits became public and susceptible to exploitation by hackers.

According to Plaintiffs, independent security researchers uncovered potential security vulnerabilities in microprocessors made by Intel that made the microprocessors susceptible to certain exploits, which have become generally known as “Meltdown” and “Spectre.”  Intel learned about the security vulnerabilities in mid-2017, but kept information about the security vulnerabilities under embargo until early 2018.  Keeping information about security vulnerabilities under embargo for a limited period of time is a traditional and lawful practice that allows a company to implement security fixes before hackers learn of the potential exploits.  The dispute in this case centered on the length of the embargo and the allegation that Intel continued to sell its product during that timeframe.

The Court had initially held that Plaintiffs sufficiently stated a claim for unfair conduct under the California UCL, among a handful of other claims, predicated on allegations that Intel delayed lifting the embargo until after the 2017 holiday season so it could continue to sell devices powered by the allegedly vulnerable microprocessors.  However, on reconsideration, the Court determined that Plaintiffs had disavowed that theory, and instead “Plaintiffs [were] simply alleging that Intel sold product during a normal and reasonable embargo with ‘asymmetrical information.’”  The Court held that this allegation was insufficient to support an unfair conduct claim and dismissed all remaining claims with prejudice.

The Court noted that its rulings were not intended “to declare or establish any specific default embargo period, let alone one that would apply under all circumstances.”  This may come as a relief to tech companies who have to employ embargoes to resolve current or future security vulnerabilities, where establishment of a default embargo period could overly restrict the timeframe necessary to resolve the issues.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Megan Rodgers Megan Rodgers

Megan Rodgers is a litigator who focuses her practice on high-stakes commercial disputes, with a particular focus on mass torts, class actions, advertising, privacy, product defect, and consumer protection matters.

Megan is called upon for her ability to navigate especially complex cases and…

Megan Rodgers is a litigator who focuses her practice on high-stakes commercial disputes, with a particular focus on mass torts, class actions, advertising, privacy, product defect, and consumer protection matters.

Megan is called upon for her ability to navigate especially complex cases and to successfully take cases from pre-trial through jury verdicts, and she was recently recognized by the Daily Journal in its “Top 40 Under 40” feature.

Photo of Sam Greeley Sam Greeley

Samuel Greeley is an associate in the firm’s Washington, D.C. office representing clients in complex civil litigation and government investigations. Sam’s practice focuses on a broad range of high-stakes issues facing companies in the tech sector, including class actions, antitrust investigations and litigation…

Samuel Greeley is an associate in the firm’s Washington, D.C. office representing clients in complex civil litigation and government investigations. Sam’s practice focuses on a broad range of high-stakes issues facing companies in the tech sector, including class actions, antitrust investigations and litigation, and federal agency enforcement matters. This includes advising clients on issues relating to cryptocurrency and digital assets, and how they can stay ahead of the quickly evolving enforcement and litigation landscape. He has also defended clients from class actions and white collar investigations in other industries, including life sciences and healthcare.