Federal Court Rejects Efforts to Derail Cybersecurity Litigation Settlement

Federal Court Rejects Efforts to Derail Cybersecurity Litigation Settlement

December 5, 2021 Off By administrator

Following a widespread data event and subsequent cybersecurity litigation, last month a group of individuals (“Proposed Intervenors”) moved to intervene and oppose preliminary approval of a negotiated proposed settlement.  Cochran v. Accellion, Inc., 2021 U.S. Dist. LEXIS 214686 (N.D. Cal. Nov. 5, 2021).  Ultimately, the Court denied the motion.  Read on to learn more and what it may mean for other similar cases going forward.

First, some background. In December 2020, Defendant Accellion notified its clients that it had experienced a data event.  According to filings in the litigation, cybercriminals targeted vulnerabilities in Accellion’s legacy file transfer product during December 2020-January 2021.  The incident affected a number of public and private sector entities.  Litigation, including a number of California Consumer Privacy Act class action lawsuits, followed.  This included claims raised that were related to Accellion’s and other Defendants’ alleged failure to maintain reasonable security procedures.  As alleged in one of the complaints:

Defendant [Accellion Inc.] violated § 1798.150 of the CCPA by failing to prevent Plaintiffs’ and class members’ nonencrypted and nonredacted personal information from unauthorized access and exfiltration, theft, or disclosure as a result of Defendant’s violations of their duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.

Brown v. Accellion, Inc., Case No. 5:21cv1155, Dkt. #1 at ¶70.  However, notwithstanding that over fourteen lawsuits were filed against Accellion and other parties in three federal forums, the Judicial Panel for Multidistrict Litigation (“JPML”) denied in June 2021 a motion to consolidate the litigations for coordinated pretrial proceedings.  [Note: This is consistent with a broader trend in 2021 of multidistrict litigations reaching an all-time low, notwithstanding that the number of privacy class actions filed continues to exponentially rise year over year.]

In this particular instance, the JPML denied consolidation on the basis that “[m]ost parties, including two defendants, oppose centralization, and have cooperated to organize all but two actions into three coordinated or consolidated proceedings” ongoing in the Northern District of California, the Eastern District of Michigan, and the Southern District of Ohio.  These constituent actions were pending “in just three courts before three judges.”  As such, the JPML ruled that “informal coordination” among the parties was preferable, particularly in light of JPML precedent that “centralization under Section 1407 should be the last solution after considered review of all other options.” (emphasis supplied).

Which brings us back to Cochran.  In that case, one of the entities that used Accellion as a services provider agreed as part of a $5 million dollar settlement to modify its business…

(Excerpt) To read the full article , click here
Image credit: source