LOS ANGELES — A cryptocurrency investor sued AT&T Inc. in California federal court Aug. 15, faulting the company for lax security measures that allowed hackers to gain control of his phone, via a method known as SIM swap, ultimately resulting in the theft of almost $24 million in cryptocurrency (Michael Terpin v. AT&T Inc., et al., No. 2:18-cv-06975, C.D. Calif.).
SAN JOSE, Calif. — One year after preliminarily approving settlement of a class action over the 2015 Anthem Inc. data breach, which includes a $115 million settlement fund, a California federal judge on Aug. 15 granted final approval, deeming the settlement’s distribution plan “fair adequate, and reasonable” (In Re: Anthem Inc., Customer Data Security Breach Litigation, No. 5:15-md-02617, N.D. Calif.).
SANTA ANA, Calif. — A California federal judge on Aug. 10 remanded a class lawsuit accusing a health insurer of wrongfully disclosing insureds' HIV-positive status, ruling that the state law claims are not preempted by the Employee Retirement Income Security Act (D.L. v. Aetna Inc., et al., No. 18-893, C.D. Calif., 2018 U.S. Dist. LEXIS 136682).
BOSTON — A district court correctly found that based on the terms in a professional liability policy, an insurer has no duty to defend an insured doctor against claims by his ex-wife that he unlawfully disclosed her confidential health care information because the underlying allegations are not covered by the applicable policy, the First Circuit U.S. Court of Appeals said Aug. 10 (Medical Mutual Insurance Company of Maine, Inc. v. Douglas Burka, 17-1872, 1st Cir., 2018 U.S. App. LEXIS 22273).
NEW YORK — Two weeks after announcing missed revenue targets and experiencing a resulting drop in stock prices, Nielsen Holdings PLC was named in a putative securities class action in New York federal court on Aug. 8 by a shareholder who claims that the analytics firm misled investors as to costs associated with the European General Data Protection Regulation (GDPR) and misrepresented its ability to obtain necessary consumer social media data after the privacy-oriented statute’s recent enactment (Craig Gordon v. Nielsen Holdings PLC, et al., No. 1:18-cv-07143, S.D. N.Y.).
RICHMOND, Va.— The Fourth Circuit U.S. Court of Appeals on Aug. 7 affirmed a lower federal court’s finding that an insurer has no duty to defend its insured in two underlying class actions alleging violations of the federal Driver's Privacy Protection Act (DPPA) because the business liability policy's statutory violation exclusion bars coverage (Hartford Casualty Insurance Company v. Ted A. Greve & Associates, PA, et al., No. 17-2407, 4th Cir., 2018 U.S. App. LEXIS 21939).
WASHINGTON, D.C. — In a pair of Aug. 3 briefs in the U.S. Judicial Panel on Multidistrict Litigation, Delta Air Lines and a company that provided it with software services oppose a motion to transfer and consolidate three putative class actions over a 2017 data breach to California federal court, arguing that multidistrict treatment is not necessary for the cases (In re: 7.AI Data Breach Litigation, No. 2863, JPMDL).
RIVERSIDE, Calif. — A California federal magistrate judge on July 26 ordered a defendant in an employment class action to turn over log-in/log-out records to the plaintiff and to make good on its promise to turn over job descriptions (Gabriela Ortolani v. Freedom Mortgage Corp., No. 17-1462, C.D. Calif., Eastern Div., 2018 U.S. Dist. LEXIS 125522).
By Laura Foggan and Stephanie V. Corrao
CHICAGO — Opposing a motion to compel production of documents withheld under attorney-client privilege, Google LLC in a July 26 filing tells an Illinois federal court that the disputed materials were properly designated as privileged as they pertained to legal advice in two lawsuits alleging that it violated Illinois’ Biometric Information Privacy Act (BIPA) with a photo-tagging feature (Lindabeth Rivera v. Google LLC, No. 1:16-cv-02714, and Joseph Weiss v. Google LLC, No. 1:16-cv-02870, N.D. Ill.).
WASHINGTON, D.C. — Supporting its motion to dismiss negligence and breach of confidentiality claims related to a 2014 data breach, a health insurer tells a District of Columbia federal court in a July 23 reply brief that the plaintiff policyholders failed to sufficiently allege damages or the breach of any noncontractual duties (Chantal Attias, et al. v. CareFirst Inc., et al., No. 1:15-cv-00882, D. D.C.).
NEW YORK — In accord with instructions from the U.S. Supreme Court and the Second Circuit U.S. Court of Appeals, a New York federal judge on July 24 dismissed a case that had centered on law enforcement’s ability to compel Microsoft Corp. to produce foreign-stored emails under the Stored Communications Act (SCA), deeming the suit moot per the recently enacted Clarifying Lawful Overseas Use of Data Act (CLOUD Act) (In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp. [Microsoft v. United States], No. 1:13-mj-02814, S.D. N.Y.).
WASHINGTON, D.C. — Denying the U.S. government’s motion to dismiss and a privacy rights group’s motion to amend its complaint in a July 19 order, a District of Columbia federal judge anticipated “that no further adjudication” would be necessary in a lawsuit over a now-dissolved presidential commission’s collection of voter data in light of the impending destruction of the disputed data (Electronic Privacy Information Center v. Presidential Advisory Commission on Election Integrity, et al., No. 1:17-cv-01320, D. D.C.).
ATLANTA — Three weeks after moving to dismiss consumer class claims over its 2017 data breach, Equifax Inc. on July 16 filed a motion in Georgia federal court to dismiss claims brought by a group of financial institutions (FIs) for failure to plead any injuries attributable to the breach (In Re: Equifax Inc., Customer Data Security Breach Litigation, No. 1:17-md-2800, N.D. Ga.).
WASHINGTON, D.C. — The U.S. Office of Personnel Management (OPM) and a contractor filed appellee briefs with the District of Columbia Circuit U.S. Court of Appeals July 19, arguing that a trial court correctly dismissed two employee unions’ negligence and privacy claims related to a 2015 data breach for lack of standing and under the doctrine of sovereign immunity (In Re: U.S. Office of Personnel Management Data Security Breach Litigation, No. 17-5217 & 17-5232, D.C. Cir.).
WASHINGTON, D.C. — In a July 17 per curiam order, a District of Columbia Circuit U.S. Court of Appeals panel denied the U.S. government’s motion to consolidate an appeal over purported unconstitutional government surveillance of U.S. citizens with two pending, consolidated appeals involving the same appellant related to the National Security Agency’s (NSA’s) bulk metadata collection program (Larry Klayman v. James Comey, et al., No. 18-5097, D.C. Cir.).
WASHINGTON, D.C. — The U.S. Supreme Court received 13 amicus curiae briefs on July 16 offering opinions on the fairness of an $8.5 million cy pres settlement of a privacy class action against Google LLC, with the U.S. government voicing its concerns over jurisdiction, possible collusion and unfair attorney fee awards in such settlements (Theodore H. Frank, et al. v. Paloma Gaos, et al., No. 17-961, U.S. Sup.).
SAN JOSE, Calif. — A class of purchasers of Lenovo (United States) Inc. computers on July 11 asked a California federal judge to grant preliminary approval of a proposed settlement of privacy and computer fraud claims over the computer manufacturer’s use of intrusive adware, which would set up an $8.3 million settlement fund for affected consumers (In Re: Lenovo Adware Litigation, No. 3:15-md-02624, N.D. Calif.).
CINCINNATI — In light of a stipulation of dismissal filed by Nationwide Mutual Insurance Co. and two of its policyholders that had sued the insurer over a 2012 data breach, the Sixth Circuit U.S. Court of Appeals on July 12 issued an order dismissing the insureds’ appeal of a trial court’s ruling that had disposed of their lone remaining claim for bailment (Mohammad S. Galaria, et al. v. Nationwide Mutual Insurance Co., No. 18-3063 and 18-3064, 6th Cir.).
SAN FRANCISCO — A proposed $600,000 settlement of a putative class action over a hotel chain’s 2016 data breach was denied preliminary approval July 12 by a California federal judge, who enumerated “glaring issues” related to explanations of class member payments and class notice procedures (Andrew Parsons v. Kimpton Hotel & Restaurant Group LLC, No. 3:16-cv-05387, N.D. Calif.).