The Third Circuit recently reinstated the putative class action Clemens v. ExecuPharm Inc., concluding there was sufficient risk of imminent harm after a data breach to confer standing on the named plaintiff when the information had been posted on the Dark Web.

Continue Reading Data Breach and the Dark Web: Third Circuit Allows Class Action Standing With Sufficient Risk of Harm

Last week the Third Circuit reversed a summary judgment ruling in favor of Harriet Carter Gifts and NaviStone for alleged violations of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act, or WESCA.  See Popa v. Harriet Carter Gifts, Inc., Case No. 21-2203, 2022 WL 3366425 (3rd Cir. Aug. 16, 2022). This lawsuit is one of many recent putative class actions attempting to apply decades-old wiretapping laws against websites and their service providers.  The named plaintiff is a consumer that allegedly shopped on Harriet Carter Gifts’ website while NaviStone’s marketing software was installed on the website.  Plaintiff argued that defendants violated WESCA by simultaneously sending her interactions with Harriet Carter’s website to NaviStone.

Continue Reading Third Circuit Revives Wiretapping Claims Against Marketing Software Company

A settlement class that Judge Lewis A. Kaplan (S.D.N.Y.) was likely to approve circa June 2021 was rejected “on further reflection” last week, due to a lack of information about how the lead plaintiff stacked up against a class of largely “anonymous” crypto investors. 

Continue Reading Crypto Class Settlement Nixed Due to Insufficient Data on “Anonymous” Investors 

The Northern District of California denied class certification in a data breach suit against Zoosk, an online dating service, concluding that the lead plaintiff had waived any right to represent a class by agreeing to a class-action waiver.  See Order Denying Class Certification, Flores-Mendez v. Zoosk, Inc., No. 3:20-04929-WHA (N.D. Cal. July 27, 2022).

Continue Reading Class Certification Denied in Data Breach Class Action Based on Class-Action Waiver in Terms of Service

Last week, the Northern District of California dismissed a putative class action lawsuit against Google, which alleged that the company used a secret program called “Android Lockbox” to spy on Android smartphone users.  See Order Granting Motion to Dismiss, Hammerling v. Google LLC, No. 21-cv-09004-CRB (N.D. Cal. July 18, 2022).  The complaint alleged ten different claims for relief under a variety of legal theories, including privacy, fraud, contract, and California’s Unfair Competition Law.  The Court granted Google’s motion to dismiss on all claims.  Although the Court gave plaintiffs leave to amend, it noted that the deficiencies in the complaint “will be difficult to cure,” signaling that plaintiffs face an uphill battle in keeping this lawsuit alive.

Continue Reading Court Tosses “Android Lockbox” Secret Spying Program Class Action

Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing.  See Flynn v. FCA US LLC, — F. 4th —-, 2022 WL 2751660 (7th Cir. July 14, 2022).  Plaintiffs’ class-action complaint claimed injuries arising out of an alleged cybersecurity vulnerability in an infotainment system designed by Harman for installation in FCA vehicles manufactured between 2013 and 2015.  See id. at *1.  However, after discovery, the Plaintiffs offered the trial court no evidence establishing that the vulnerability actually caused them any harm. 

Having failed to cite “any factual support for their claimed injury” in the trial court, id. at *3, the Plaintiffs shifted gears and sought to rely on appeal on portions of their expert reports regarding an “overpayment” theory that they had not relied on in the trial court, id. at *4.  Under that argument, Plaintiffs claimed that “they paid more for their vehicles than they would have if they had known about the cybersecurity vulnerability.”  Id. at *1.  The Seventh Circuit rejected Plaintiffs’ bid to rely on their expert reports as arising “far too late,” id. at *4, and affirmed the trial court’s ruling with a procedural modification to reflect a dismissal for lack of subject-matter jurisdiction without leave to amend, id. at *5.

Continue Reading Seventh Circuit Affirms Dismissal Of Class Claims Based Upon Speculative Hacking Risk

After several twist and turns, on July 7th Intel Corp. succeeded in achieving final dismissal of class claims alleging that Intel knew about purported security vulnerabilities in its microprocessors and failed to disclose or mitigate those vulnerabilities.  The case, In Re Intel Corp. CPU Marketing, Sales Practices and Products Liability Litigation, 3:18-md-02828, had a long history—a narrowed set of class claims had survived three prior rounds of motions to dismiss.  Had the claims been allowed to go forward a fourth time, businesses may have faced additional liability concerns for attempting to address cyber vulnerabilities in their products before those exploits became public and susceptible to exploitation by hackers.

Continue Reading Court dismisses class claims related to cyber vulnerability embargo

Last week, an Illinois federal district court granted the defendant’s motion to stay in Stegmann v. PetSmart, No. 1:22-cv-01179 (N.D. Ill.).  The case implicates the evolving law surrounding the scope of the Illinois Biometric Information Privacy Act (“BIPA”) and  a pending Illinois Supreme Court case that could provide an important defense to certain BIPA suits.

Continue Reading Federal Court Stays Suit Implicating Accrual of Claims Under the Illinois Biometric Information Privacy Act

Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws.  In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act (“VPPA”), Michigan’s Preservation of Personal

This past week, co-defendants in a class action related to the theft of cryptocurrency engaged in their own lawsuit over alleged security failures.  IRA Financial Trust, a retirement account provider offering crypto-assets, sued class action co-defendant Gemini Trust Company, LLC, a crypto-asset exchange owned by the Winklevoss twins, following a breach of IRA customer accounts.  IRA claims that Gemini failed to secure a “master key” to IRA’s accounts, and that hackers were able to exploit this alleged security flaw to steal tens of millions of dollars of cryptocurrency.  This lawsuit demonstrates the growing trend of cryptocurrency thefts resulting from cyber breaches, and ensuing litigation activity.

Continue Reading Litigation Between FinTech Companies Follows Class Action Over Cryptocurrency Theft