Class Actions

In Briskin v. Shopify, Inc., No. 22-15815, 2023 WL 8225346, at *1–3 (9th Cir. Nov. 28, 2023), the Court of Appeals for the 9th Circuit found no jurisdiction over a web-based payment processing platform sued under California's privacy laws. The facts were as follows: The defendants in this case offer a web-based payment processing platform to merchants nationwide. When processing… Read More

In Torres v. [Automobile Finance Company], No. 823CV00688DOCDFM, 2023 WL 5505887, at *5 (C.D. Cal. July 13, 2023), Judge Carter struck class action allegations in a data breach/CCPA case and ordered the Plaintiff's individual matter to arbitration. The facts were as follows: The following facts are drawn from Defendant's Notice of Removal (Dkt. 1), and the Declaration of XXX (“[]Decl.”)… Read More

In In re Marriott Int'l, Inc., No. 22-1744, 2023 WL 5313006, at *6 (4th Cir. Aug. 18, 2023), the Court of Appeals for the 4th Circuit rejected class certification in a data breach case.  First, the Court of Appeals found that addressing the Defendant's contractual class-action waiver defense needed to be done prior to class certification and not after. The… Read More

In Aguirre v. Capital One Bank USA N.A., No. 8:23-cv-00128-FWS-JDE, 2023 U.S. Dist. LEXIS 105188, at *7 (C.D. Cal. June 15, 2023), Judge Slaughter kept the case in federal court under CAFA removal based on the defendant's guess-timate of damages. Defendant argues it has put forth reasonable assumptions demonstrating each Plaintiff's recovery exceeds $75,000, based on an estimate of $8,494… Read More

In Vigil v. Muir Med. Grp. Ipa, No. A160897, 2022 Cal. App. Unpub. LEXIS 5858, at *17-32 (Sep. 26, 2022), the California Court of Appeal affirmed denial of class certification in a CMIA data breach case because each classmember would have to prove that an unauthorized party viewed the confidential information.  The data breach facts were as follows.  Muir is… Read More

In In re Ring LLC Privacy Litig., No. CV 19-10899-MWF (RAOx), 2021 U.S. Dist. LEXIS 118461, at *8 (C.D. Cal. June 24, 2021), Judge Fitzgerald ordered the purchasers' claims to arbitration, but not so for the non-purchasers whose data allegedly was improperly gathered and/or shared.  The allegations were that The FAC alleges that Ring's security systems were defectively designed without… Read More

In In re Brinker Data Incident Litig., No. 3:18-cv-686-TJC-MCR, 2021 U.S. Dist. LEXIS 71965, at *3-5 (M.D. Fla. Apr. 14, 2021), Judge Corrigan certified a class in a data breach class action.  The facts were as follows: The Court has detailed the facts of this case in prior orders (Docs. 65, 92, 122), but several new facts have come to… Read More

On January 12, 2021, Judge David O. Carter granted Marriott’s Motion to Dismiss and dismissed the case, including Plaintiffs’ CCPA claim based on lack of standing.  Rahman v. Marriott International, Inc., et al.  (C.D. CA; 8:20-cv-00654), here, “Plaintiff alleges that class members were victims of a cybersecurity breach at Marriott when two employees of a Marriott franchise in Russia accessed… Read More

In Stasi v. Inmediata Health Grp. Corp., No. 19cv2353 JM (LL), 2020 U.S. Dist. LEXIS 217097 (S.D. Cal. Nov. 19, 2020), Judge Miller allowed a data security breach class action to proceed.  The basis of the class action was as follows: According to Plaintiffs' FAC,1 Inmediata provides billing and health record software and service solutions to healthcare providers. (FAC ¶¶… Read More

In In re Sonic Corp. Customer Data Breach Litig. Fin. Insts., No. 1:17-md-02807-JSG, 2020 U.S. Dist. LEXIS 204169 (N.D. Ohio Nov. 2, 2020), Judge Gwin certified a data breach class.  The facts were as follows: Between April 7, 2017, and October 28, 2017, hackers used malware installed on point-of-sale systems at 762 Sonic restaurants to steal sales transaction payment card… Read More