Steven Agans et al v. Uber Technologies, Inc.
ORDER TRANSFERRING CASE To the United States District Court for the Central District of California. IN RE: UBER TECHNOLOGIES, INC., DATA SECURITY BREACH LITIGATION. MDL No. 2826. Signed by Sarah S. Vance, Panel on Multidistrict Litigation Chair on 4/9/18. (aaaS, COURT STAFF) (Filed on 4/10/2018) [Transferred from California Northern on 4/12/2018.]
Case MDL No. 2826 Document 84 Filed 04/04/18 Page 1 of 5
CLERK, U.S. DISTRICT COURT
UNITED STATES JUDICIAL PANEL
Uber Technologies Inc, et al;
Agans, et al; V
IN RE: UBER TECHNOLOGIES, INC., DATA
SECURITY BREACH LITIGATION
CENTRAL DISTRICT OF CALIFORNIA
BY: ___________________ DEPUTY
MDL No. 2826
Before the Panel:* Plaintiffs in one action in the Northern District of California move under
28 U.S.C. § 1407 to centralize this litigation in that district. This litigation currently consists of 10
actions pending in five districts,1 as listed on Schedule A. Since the filing of the motion, the Panel
has been notified of seven related federal actions.2 The actions arise out of the announcement by
Uber Technologies, Inc., on November 21, 2017, that certain personal information of 57 million
Uber drivers and riders was inappropriately downloaded by individuals outside the company in late
All responding plaintiffs support centralization, but there is some disagreement on the
transferee district. Plaintiffs in three Northern District of Illinois actions request centralization in
their district or, alternatively, the Central District of California. Plaintiffs in six other actions support
centralization in the Northern District of California. The responding Uber defendants3 oppose
centralization and, alternatively, propose the Central District of California as the transferee district.
Defendant Apple opposes inclusion of Harang (the sole action naming Apple as a defendant) and,
in the alternative, requests separation and remand of the claims against Apple. Apple takes no
position on centralization of the claims against Uber.
Judge Charles R. Breyer and Judge Lewis A. Kaplan took no part in the decision of this
matter. One or more Panel members who could be members of the putative classes in this litigation
have renounced their participation in these classes and have participated in this decision.
Plaintiffs’ motion for centralization lists 12 actions, but after the filing of the motion, two
actions were voluntarily dismissed.
The related actions are pending in the Northern District of Alabama, Central and Northern
Districts of California, Northern District of Georgia, District of Minnesota, Western District of
Missouri, and Western District of Wisconsin. These and any other related actions are potential
tag-along actions. See Panel Rules 1.1(h), 7.1 and 7.2.
Uber Technologies, Inc., Uber USA, LLC, Rasier, LLC, Rasier-CA, LLC, Dara
Khosrowshahi, Travis Kalanick, Angela M. Padilla, Katherine Tassi, Salle Eun Yoo, Sabrina Ross,
and John Flynn. Mr. Kalanick is represented by separate counsel, but joins in the Uber defendants’
Case MDL No. 2826 Document 84 Filed 04/04/18 Page 2 of 5
-2On the basis of the papers filed and the hearing session held, we find that these actions
involve common questions of fact, and that centralization will serve the convenience of the parties
and witnesses and promote the just and efficient conduct of this litigation. These putative class
actions share complex factual questions arising from Uber’s announcement on November 21, 2017,
that a data security breach of its network occurred in late 2016 in which the personal information of
57 million Uber users was downloaded by unauthorized individuals outside the company.4 Common
factual questions are presented with respect to Uber’s practices in safeguarding its users’ personal
information, the investigation into the breach, the alleged delay in disclosing the breach, and the
nature of the alleged damages. Centralization will eliminate duplicative discovery; prevent
inconsistent pretrial rulings, including with respect to class certification; and conserve the resources
of the parties, their counsel, and the judiciary.
The Uber defendants principally object to centralization based on the asserted likelihood that
their pending and anticipated motions to compel individual arbitration will be granted in all actions,
prior to the commencement of any discovery, bringing an early end to this litigation. But such an
assessment of the merits of the actions is beyond the Panel’s authority. See In re: Maxim Integrated
Prods., Inc., Patent Litig., 867 F. Supp. 2d 1333, 1335 (J.P.M.L. 2012) (“‘[t]he framers of Section
1407 did not contemplate that the Panel would decide the merits of the actions before it and neither
the statute nor the implementing Rules of the Panel are drafted to allow for such determinations’”)
(quoting In re: Kauffman Mut. Fund Actions, 337 F. Supp. 1337, 1339-40 (J.P.M.L.1972)). Thus,
where the litigation involves common factual questions, centralization may be appropriate even
though defendants predict that they will prevail on dispositive motions prior to commencement of
discovery.5 Centralization will avoid inconsistent rulings on these and other common pretrial
motions. We decline Uber’s suggestion to delay ruling on centralization until their motions to
compel arbitration are decided, as the timing and outcome of such rulings in this growing litigation
is highly speculative.
The Uber defendants further oppose centralization on the ground that (1) the involvement
of different state law claims for relief will undermine efficiencies; (2) there are pending state court
actions, and consequently, an MDL would not be effective in eliminating duplicative pretrial
proceedings; and (3) informal coordination is preferable to centralization. These arguments are
unconvincing. As the Panel recently observed in other data breach litigation, “the presence of . . .
Uber’s announcement stated that the personal information accessed by the hackers included
names, email addresses and mobile phone numbers, and for around 600,000 drivers, their names and
driver’s license numbers. Plaintiffs in several actions allege that additional personal information was
compromised, including financial account information and trip location history.
See, e.g., In re: Anheuser-Busch Beer Labeling Mktg. and Sales Practices Litig., 949 F.
Supp. 2d 1371, 1371 n.2 (J.P.M.L. 2013) (centralizing actions over defendant’s objection that “little
or no discovery will be required in light of the defenses raised in its pending motions to dismiss”);
In re: Fluoroquinolone Prods. Liab. Litig., 122 F. Supp. 3d 1378, 1380 (J.P.M.L. 2015) (centralizing
actions over defendants’ objections that the claims were time-barred or otherwise were not viable).
Case MDL No. 2826 Document 84 Filed 04/04/18 Page 3 of 5
-3differing legal theories is not significant where, as here, the actions still arise from a common factual
core.” See In re: Sonic Corp. Customer Data Security Breach Litig., 276 F. Supp. 3d 1382, 1383
(J.P.M.L. 2017) (internal quotation marks and citation omitted). Additionally, the Panel often has
granted centralization where there are pending state court actions, observing that an MDL will make
it easier “to coordinate both the state and federal cases, because there will now be just one judge
handling the latter.”6
We do not believe that informal coordination is a practicable alternative to centralization
here. There are ten actions on the motion and seven potential tag-along actions, which are pending
in nine districts. Fourteen distinct groups of plaintiffs’ counsel represent plaintiffs in these actions.
In our judgment, the number of actions, districts, and involved counsel, and the complexity of the
litigation, make effective coordination on an informal basis impracticable.
The Harang action, which asserts claims against both Uber and Apple, will be included in
the MDL. Apple contends that the claims against Apple are unrelated to the Uber data breach,
arguing that they relate solely to an alleged “entitlement” given by Apple to Uber that allowed the
Uber app to capture screen images and other data on an iPhone without the user’s knowledge. At
oral argument, counsel for the Harang plaintiffs also characterized their claims against Apple as
distinct from the data breach claims against Uber. But as pled in the complaint, the alleged
entitlement and the data breach are related with respect to the scope of personal information accessed
by the alleged hackers – that is, that the entitlement allegedly allowed the hackers to access the
personal information in the captured screen images.7 Moreover, 12 of the 13 claims in Harang are
brought against both Apple and the Uber defendants in terms that are not amenable to separation.8
In these circumstances, inclusion of Harang in its entirety is appropriate.
See, e.g., In re: Lipitor (Atorvastatin Calcium) Mktg., Sales Practices and Prods. Liab.
Litig. (No. II), 997 F. Supp. 2d 1354, 1356 (J.P.M.L. 2014).
See, e.g., Harang Compl. ¶ 113 (alleging that “Uber’s permission entitlement could have
been exploited by Uber or a hacker,” noting a researcher’s alleged observation that “a hacker who
managed to break into Uber’s network . . . could silently monitor activity on an iPhone user’s screen,
harvesting passwords and other personal information”); ¶ 121 (Apple “knew of a[nd] approved the
nondisclosure of this hidden app feature and . . . helped facilitate the Uber Defendants’ improper
conduct”); ¶¶ 391, 399, 404 (“Defendants’ misconduct has led to data breaches and the disclosure
of personal information, including, possible pick up and drop off points for rides paid for through
Uber’s rideshare app.”).
At oral argument, counsel for the Harang plaintiffs indicated their desire to have their
claims against Apple severed from their claims against Uber, and counsel for Apple suggested that
we ignore any inartful pleading of the complaint that presents an obstacle to separation and remand.
It is incumbent upon the parties to bring issues such as these to the attention of the transferee court
and propose ways to resolve them.
Case MDL No. 2826 Document 84 Filed 04/04/18 Page 4 of 5
-4As this litigation progresses, it may become apparent that certain actions or claims could be
more efficiently handled in the actions’ respective transferor courts. Should the transferee judge
deem remand of any claims or actions appropriate, then he may file a suggestion of remand to the
Panel. See Panel Rule 10.1. As always, we leave the question of when Section 1407 remand is
appropriate to the sound discretion of the transferee judge.
We conclude that the Central District of California is an appropriate transferee district for
this litigation. Three actions are pending in this district. The Uber defendants support this district
if centralization is granted over their objection, and plaintiffs in two Northern District of Illinois
actions support it as their second choice. California has a significant connection to this litigation,
as Uber Technologies, Inc., has its headquarters in this state, where much of the common evidence,
including witnesses, will be located. Judge Philip S. Gutierrez, to whom we assign this litigation,
is an experienced transferee judge, and we are confident he will steer this litigation on a prudent
IT IS THEREFORE ORDERED that the actions listed on Schedule A and pending outside
the Central District of California are transferred to the Central District of California and, with the
consent of that court, assigned to the Honorable Philip S. Gutierrez for coordinated or consolidated
PANEL ON MULTIDISTRICT LITIGATION
Sarah S. Vance
Marjorie O. Rendell
R. David Proctor
Ellen Segal Huvelle
Catherine D. Perry
I hereby attest and certify on _________
that the foregoing document is full, true
and correct copy of the original on file in
my office, and in my legal custody.
CLERK U.S. DISTRICT COURT
CENTRAL DISTRICT O
CENTRAL DISTRICT OF CALIFORNIA
Case MDL No. 2826 Document 84 Filed 04/04/18 Page 5 of 5
IN RE: UBER TECHNOLOGIES, INC., DATA
SECURITY BREACH LITIGATION
MDL No. 2826
Northern District of Alabama
GRICE v. UBER TECHNOLOGIES, INC., C.A. No. 5:17-01975
Central District of California
FLORES v. RASIER, LLC, ET AL., C.A. No. 2:17-08503
HELLER, ET AL. v. RASIER, LLC, ET AL., C.A. No. 2:17-08545
Northern District of California
WEBBER, ET AL. v. UBER TECHNOLOGIES, INC., ET AL., C.A. No. 3:17-06758
AGANS, ET AL. v. UBER TECHNOLOGIES, INC., C.A. No. 3:17-06759
BURNETT, ET AL. v. UBER TECHNOLOGIES, INC., C.A. No. 4:17-06835
Northern District of Illinois
HARANG, ET AL. v. UBER TECHNOLOGIES, INC., ET AL., C.A. No. 1:17-08500
WEST v. UBER USA, LLC, ET AL., C.A. No. 1:17-08593
PATNI, ET AL. v. UBER TECHNOLOGIES, INC., ET AL., C.A. No. 1:17-08709
Eastern District of Pennsylvania
DESIGNOR v. UBER TECHNOLOGIES, INC., ET AL., C.A. No. 5:17-05289
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?