Michael Terpin v. AT and T Inc et al
Filing
49
ORDER GRANTING DEFENDANT'S PARTIAL MOTION TO DISMISS #43 by Judge Otis D. Wright, II: The Court finds it premature to dismiss Doe defendants 1-10, as they are permitted by Local Rule 19-1 and facts may develop during discovery which enable Mr. Terpin to identify the Does. However, as no complaint may include more than ten Doe defendants, the Court GRANTS AT&T's motion to dismiss Doe defendants 11-25 with prejudice. (lc) Modified on 9/8/2020 (lc). Modified on 9/8/2020 (lc).
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 1 of 14 Page ID #:1216
O
1
2
3
4
5
6
7
United States District Court
Central District of California
8
9
10
11
MICHAEL TERPIN,
12
Plaintiff,
13
14
Case No. 2:18-cv-06975-ODW (KSx)
v.
AT&T MOBILITY, LLC, et al.,
15
ORDER GRANTING
DEFENDANT’S PARTIAL
MOTION TO DISMISS [43]
Defendants.
16
I.
17
INTRODUCTION
18
Defendant AT&T Mobility, LLC (“AT&T”) moves to dismiss certain of
19
Plaintiff Michael Terpin’s (“Mr. Terpin”) claims in his Second Amended Complaint
20
(“SAC”), including deceit by concealment, misrepresentation, requests for punitive
21
damages, and all claims against Doe defendants (the “Motion”). (Mot., ECF No. 43.)
22
For the reasons that follow, the Court GRANTS AT&T’s Motion.1
II.
23
BACKGROUND
24
As previously set forth in the Court’s February 24, 2020 Order (“Feb. Order”),
25
(ECF No. 37), granting in part and denying in part AT&T’s motion to dismiss the
26
First Amended Complaint (“FAC”), Mr. Terpin is a prominent and well-known
27
28
1
Having carefully considered the papers filed in connection with the Motion, the Court deemed the
matter appropriate for decision without oral argument. Fed. R. Civ. P. 78; C.D. Cal. L.R. 7-15.
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 2 of 14 Page ID #:1217
1
member of the cryptocurrency community. (SAC ¶¶ 18–19, ECF No. 42.) He is
2
domiciled in Puerto Rico with a residence in California. (SAC ¶ 1.) On June 11,
3
2017, Mr. Terpin’s phone suddenly became inoperable because his cell phone number
4
had been hacked. (SAC ¶ 86.) After hackers attempted and failed eleven times to
5
change Mr. Terpin’s AT&T password in AT&T retail stores, the hackers were able to
6
change his password remotely. (SAC ¶ 86.) Mr. Terpin alleges that this allowed the
7
hackers to gain control of his phone number, which allowed them to gain access to his
8
accounts that use his telephone number for authentication. (SAC ¶ 87.) Mr. Terpin
9
asserts the hackers used his telephone number to access his cryptocurrency accounts
10
and also impersonated him by using his Skype account.
(SAC ¶ 87.)
By
11
impersonating him, the hackers convinced one of Mr. Terpin’s clients to send them
12
cryptocurrency and diverted the cryptocurrency to themselves. (SAC ¶ 87.) Later that
13
day, AT&T was able to cutoff the hackers’ access to Mr. Terpin’s telephone number.
14
(SAC ¶ 87.) However, by this time, the hackers had stolen substantial funds from Mr.
15
Terpin. (SAC ¶ 87.)
16
Around June 13, 2017, Mr. Terpin met with AT&T representatives in Puerto
17
Rico to discuss the hack. (SAC ¶ 88.) AT&T allegedly promised to place Mr.
18
Terpin’s account on a “higher security level with special protection.” (SAC ¶ 89
19
(internal quotation marks omitted).) This included requiring a six-digit passcode
20
(known only to Mr. Terpin and his wife) of anyone attempting to access or change Mr.
21
Terpin’s account settings or transfer his telephone number to another phone. (SAC
22
¶ 89.) Mr. Terpin alleges that this form of “celebrity” protection was created with the
23
knowledge and approval of AT&T’s officers, including Bill O’Hern and David S.
24
Huntley, who are in charge of AT&T’s security and privacy efforts. (SAC ¶ 90.) Mr.
25
Terpin maintains that he “relied upon AT&T’s promises that his account would be
26
much more secure against hacking, including SIM swap fraud, after it implemented
27
the increased security measures,” and this led him to remain an AT&T customer.
28
(SAC ¶ 92.) Mr. Terpin alleges that AT&T and its officers, such as Mr. O’Hern and
2
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 3 of 14 Page ID #:1218
1
Mr. Huntley, knew at the time he adopted the six-digit security code that it would not
2
provide adequate protection because it could be overridden by AT&T employees.
3
(SAC ¶ 93.)
4
On Sunday, January 7, 2018, Mr. Terpin’s phone again became inoperable.
5
(SAC ¶ 94.) Mr. Terpin alleges that an employee at an AT&T store in Norwich,
6
Connecticut assisted an imposter with a SIM card swap.2 (SAC ¶¶ 95–96.) This
7
resulted in AT&T transferring Mr. Terpin’s phone number to an imposter. (FAC
8
¶ 95.) Mr. Terpin alleges that when his phone became inoperable, he attempted to
9
contact AT&T to have his telephone number canceled, but AT&T failed to promptly
10
cancel his account. (SAC ¶ 97.) By having access to Mr. Terpin’s phone number, Mr.
11
Terpin alleges that “the hackers were able to intercept Mr. Terpin’s personal
12
information, including telephone calls and text messages, change passwords, access
13
programs and files and locate information that allowed them to gain access to his
14
cryptocurrency wallets and/or accounts.” (SAC ¶ 100.) Mr. Terpin alleges that, as a
15
result, between January 7 and 8, 2018, the hackers stole nearly $24 million worth of
16
cryptocurrency from him. (SAC ¶¶ 101, 103.)
17
On August 15, 2018, Mr. Terpin filed his Complaint asserting sixteen causes of
18
action. (See generally Compl., ECF No. 1.) AT&T moved to dismiss the Complaint
19
in its entirety, which motion the Court granted in part and denied in part, with leave to
20
amend (“July Order”). (See July Order, ECF No. 29.) On August 9, 2019, Mr. Terpin
21
filed his FAC against AT&T alleging nine causes of action.
22
ECF No. 32.) Again, AT&T moved to dismiss the FAC in its entirety, which motion
23
the Court granted in part and denied in part, with partial leave to amend. (See Feb.
24
Order.) On March 16, 2020, Mr. Terpin filed his SAC against AT&T alleging eight
25
causes of action: (1) declaratory relief; (2) unauthorized disclosure, 47 U.S.C. §§ 206,
(See generally FAC,
26
2
27
28
Mr. Terpin alleges that “SIM swapping consists of tricking a provider . . . into transferring the
target’s phone number to a SIM card controlled by the criminal. Once they get the phone number,
fraudsters can leverage it to reset the victims’ passwords and break into their online accounts.”
(SAC ¶ 70.)
3
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 4 of 14 Page ID #:1219
1
222; (3) deceit by concealment, California Civil Code sections 1709, 1710;
2
(4) misrepresentation; (5) negligence; (6) negligent supervision and training;
3
(7) negligent hiring; and (8) breach of contract. (SAC ¶¶ 111–211.)
4
AT&T now moves to dismiss Mr. Terpin’s third and fourth causes of action as
5
well as his claims against Doe defendants and request for punitive damages. (See
6
generally Mot.)
7
III.
LEGAL STANDARD
8
A court may dismiss a complaint under Federal Rule of Civil Procedure
9
(“Rule”) 12(b)(6) for lack of a cognizable legal theory or insufficient facts pleaded to
10
support an otherwise cognizable legal theory. Balistreri v. Pacifica Police Dep’t, 901
11
F.2d 696, 699 (9th Cir. 1988). To survive a dismissal motion, a complaint need only
12
satisfy the minimal notice pleading requirements of Rule 8(a)(2)—a short and plain
13
statement of the claim. Porter v. Jones, 319 F.3d 483, 494 (9th Cir. 2003). The
14
factual “allegations must be enough to raise a right to relief above the speculative
15
level.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). That is, the complaint
16
must “contain sufficient factual matter, accepted as true, to state a claim to relief that
17
is plausible on its face.”
18
quotation marks omitted).
Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal
19
The determination of whether a complaint satisfies the plausibility standard is a
20
“context-specific task that requires the reviewing court to draw on its judicial
21
experience and common sense.” Id. at 679. A court is generally limited to the
22
pleadings and must construe all “factual allegations set forth in the complaint . . . as
23
true and . . . in the light most favorable” to the plaintiff. Lee v. City of Los Angeles,
24
250 F.3d 668, 679 (9th Cir. 2001).
25
conclusory allegations, unwarranted deductions of fact, and unreasonable inferences.
26
Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001).
However, a court need not blindly accept
27
Where a district court grants a motion to dismiss, it should generally provide
28
leave to amend unless it is clear the complaint could not be saved by any amendment.
4
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 5 of 14 Page ID #:1220
1
See Fed. R. Civ. P. 15(a); Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d
2
1025, 1031 (9th Cir. 2008).
3
determines that the allegation of other facts consistent with the challenged pleading
4
could not possibly cure the deficiency.” Schreiber Distrib. Co. v. Serv-Well Furniture
5
Co., 806 F.2d 1393, 1401 (9th Cir. 1986).
6
denied . . . if amendment would be futile.” Carrico v. City and Cty. of San Francisco,
7
656 F.3d 1002, 1008 (9th Cir. 2011).
IV.
8
9
A.
Leave to amend may be denied when “the court
Thus, leave to amend “is properly
DISCUSSION
Deceit by Concealment (Claim 3)
10
Under California law, a plaintiff may assert a claim for deceit by concealment
11
based on “[t]he suppression of a fact, by one who is bound to disclose it, or who gives
12
information of other facts which are likely to mislead for want of communication of
13
that fact.” Cal. Civ. Code § 1710(3). An action for fraud and deceit based on
14
concealment has five elements:
15
16
17
18
19
20
(1) the defendant must have concealed or suppressed a material fact,
(2) the defendant must have been under a duty to disclose the fact to
the plaintiff, (3) the defendant must have intentionally concealed or
suppressed the fact with the intent to defraud the plaintiff, (4) the
plaintiff must have been unaware of the fact and would not have acted
as he did if he had known of the concealed or suppressed fact, and
(5) as a result of the concealment or suppression of the fact, the
plaintiff must have sustained damage.
21
In re Yahoo! Inc. Customer Data Security Breach Litig., 313 F. Supp. 3d 1113, 1133
22
(N.D. Cal. 2018).
23
elements, arguing that Mr. Terpin fails to sufficiently plead a duty to disclose or
24
reliance in connection with his deceit by concealment claim. (Mot. 6–9.) First, the
25
Court addresses Mr. Terpin’s allegations regarding AT&T’s duty to disclose.
As in AT&T’s previous motion, AT&T challenges only two
26
As discussed in the February Order, California law recognizes four
27
circumstances in which an obligation to disclose may arise: “(1) when the defendant is
28
in a fiduciary relationship with the plaintiff; (2) when the defendant had exclusive
5
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 6 of 14 Page ID #:1221
1
knowledge of material facts not known to the plaintiff; (3) when the defendant
2
actively conceals a material fact from the plaintiff; and (4) when the defendant makes
3
partial representations but also suppresses some material facts.” LiMandri v. Judkins,
4
52 Cal. App. 4th 326, 336 (1997). AT&T contends that Mr. Terpin has failed to
5
sufficiently allege any of the four circumstances and, thus, cannot establish a duty to
6
disclose. (Mot. 6–8.) The Court agrees.
7
First, Mr. Terpin argues that a duty to disclose arose because AT&T had
8
“‘exclusive knowledge of material facts’ relating to its security system” and Mr.
9
Terpin had no way of knowing about the system’s inadequacies. (Opp’n to Mot.
10
(“Opp’n”) 5, ECF No. 44; see SAC ¶¶ 92, 143.) However, as the Court recognized in
11
its February Order, AT&T did disclose the limits of its security protections to Mr.
12
Terpin in his AT&T contract. AT&T’s Privacy Policy explicitly states that it “cannot
13
guarantee that your Personal Information will never be disclosed in a manner
14
inconsistent with [AT&T’s] Policy (for example, as the result of unauthorized acts by
15
third parties that violate the law or this Policy).” (SAC, Ex. B (“Privacy Policy”) 99,
16
ECF No. 42-1.) Although AT&T implemented a six-digit code on Mr. Terpin’s
17
account to offer him increased protection, there are no allegations that AT&T indicated
18
the code was immune to the limitations expressed in its Privacy Policy. Because
19
AT&T disclosed that its security system was subject to inadequacies, the fact was not
20
within AT&T’s exclusive knowledge.
21
Next, Mr. Terpin also contends that AT&T actively concealed the fact that the
22
six-digit security code could be overridden or ignored by AT&T employees when it
23
promised him increased security protection. (Opp’n 6; see SAC ¶ 144.) To establish
24
active concealment, a plaintiff must allege “affirmative acts on the part of the
25
defendants in hiding, concealing or covering up the matters complained of.” Lingsch
26
v. Savage, 213 Cal. App. 2d 729, 734 (1963). “Mere nondisclosure does not constitute
27
active concealment.” Herron v. Best Buy Co., 924 F. Supp. 2d 1161, 1176 (E.D. Cal.
28
2013). Mr. Terpin describes nondisclosure in his SAC. AT&T may have omitted the
6
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 7 of 14 Page ID #:1222
1
fact that its employees could override Mr. Terpin’s six-digit code, but the omission
2
itself does not amount to AT&T’s affirmatively covering up the information. Further,
3
AT&T promised Mr. Terpin the code would provide “additional levels of security”
4
and that his account was “much less likely to be subject to SIM swap fraud.” (SAC ¶¶
5
89, 143 (emphasis added)). AT&T did not promise that the code would provide
6
absolute protection when it knew otherwise. Cf. Johnson v. Harley-Davidson Motor
7
Co., No. 2:10-cv-02443 JAM (EFB), 2011 WL 3163303, at *5 (E.D. Cal. July 22,
8
2011) (finding active concealment where the defendant told the plaintiffs their
9
motorcycle defect was completely corrected when the defendants knowingly used
10
equally defective parts for the repair).
11
Last, Mr. Terpin asserts that AT&T made a partial representation when it
12
assured him of the six-digit code’s protections but concealed that the code could be
13
rendered ineffective by AT&T’s employees. (See Opp’n 7.) A claim for partial
14
representation may arise when “the defendant makes representations but does not
15
disclose facts which materially qualify the facts disclosed, or which render his
16
disclosure likely to mislead.” Herron, 924 F. Supp. 2d at 1177 (quoting Warner
17
Constr. Corp. v. City of Los Angeles, 2 Cal. 3d 285, 294 (1970)). AT&T represented to
18
Mr. Terpin that the six-digit code would provide heightened security and AT&T
19
appropriately qualified that promise within its privacy policy. Although AT&T did not
20
specifically spell out that a security breach may occur if an employee violates their
21
obligations and overrides the code at the behest of a criminal, it did disclose that a
22
breach may be the “result of unauthorized acts by third parties.” (Privacy Policy 99.)
23
Therefore, a duty to disclose did not arise from a partial representation.
24
For the reasons stated above, Mr. Terpin fails to allege that AT&T had a duty to
25
disclose in his SAC. As such, Mr. Terpin’s allegations are insufficient to state a claim
26
27
28
7
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 8 of 14 Page ID #:1223
1
for deceit by concealment.3 Accordingly, the Court GRANTS AT&T’s motion to
2
dismiss Mr. Terpin’s third claim with prejudice.
3
B.
Misrepresentation (Claim 4)
4
To state an intentional misrepresentation claim under California law, Mr. Terpin
5
must plead: “(1) misrepresentation; (2) knowledge of falsity; (3) intent to defraud or to
6
induce reliance; (4) justifiable reliance; and (5) resulting damage.” Yastrab v. Apple
7
Inc., 173 F. Supp. 3d 972, 977–78 (N.D. Cal. 2016) (citing Engalla v. Permanente
8
Med. Grp., Inc., 15 Cal. 4th 951, 974 (1997)).
9
In its February Order, the Court dismissed this claim “because Mr. Terpin [did]
10
not allege that he actually read AT&T’s Privacy Policy or COBC, which [made] Mr.
11
Terpin’s allegation that he reasonably relied on the statements contained therein
12
implausible.” (Feb. Order 11.) AT&T argues that in his SAC, Mr. Terpin “does
13
nothing to cure his inadequate reliance allegations as to the written statements in the
14
Privacy Policy and the COBC.” (Mot. 10–11.) Mr. Terpin does not dispute this. (See
15
Opp’n 10–11.) Instead, Mr. Terpin argues that he relied on promises made by an
16
AT&T employee after the hack in June 11, 2017, that his information would be
17
secured by adding a six-digit code. (Opp’n 10; SAC ¶ 159.) Mr. Terpin alleges that
18
AT&T promised heightened security so it could retain him as a customer and he relied
19
on that promise in continuing his AT&T account. (Opp’n 10; SAC ¶ 162.) Finally,
20
Mr. Terpin alleges that AT&T never intended to perform its promise because it knew
21
that its security measures were ineffectual, it did not adhere to its own standards, and
22
it did not have state-of-the-art security protection in place, like SIM lockout. (See
23
SAC ¶¶ 159–160).
24
Mr. Terpin still fails to state an intentional misrepresentation claim. “[M]aking
25
a promise with an honest but unreasonable intent to perform is wholly different from
26
making one with no intent to perform and, therefore, does not constitute a false
27
28
3
Having found no duty to disclose, the Court does not address whether Mr. Terpin sufficiently
pleads reliance on AT&T’s alleged non-disclosure.
8
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 9 of 14 Page ID #:1224
1
promise.” Tarmann v. State Farm Mut. Auto. Ins. Co., 2 Cal. App. 4th 153, 159
2
(1991). Even if AT&T knew that the six-digit code could not prevent every potential
3
security breach; the Court cannot infer from Mr. Terpin’s allegations that AT&T
4
intended for the code to provide no increase to security when it promised additional
5
protection. A defendant may be “overly optimistic” in making its promise, but “an
6
erroneous belief, no matter how misguided, does not justify a finding of fraud.”
7
Magpali v. Farmers Grp., Inc., 48 Cal. App. 4th 471, 481 (1996) (citing Tarmann, 2
8
Cal. App. 4th at 159). Therefore, Mr. Terpin’s allegations again fall short of pleading
9
actionable fraud.
10
Because Mr. Terpin fails to allege AT&T never intended to adhere to its
11
heightened security protocols, the Court GRANTS AT&T’s motion to dismiss the
12
fourth claim with prejudice.
13
C.
Punitive Damages
14
Mr. Terpin seeks punitive damages in connection with his claims for deceit by
15
concealment (Claim 3), misrepresentation (Claim 4), negligence (Claim 5), negligent
16
supervision and training (Claim 6), and negligent hiring (Claim 7). (SAC ¶¶ 156, 164,
17
175, 189, 203.) AT&T argues that Mr. Terpin has not adequately pleaded that he is
18
entitled to punitive damages. (Mot. 14–23.)
19
AT&T advances four arguments in support of dismissal of Mr. Terpin’s claims
20
for punitive damages. First, AT&T argues that Mr. Terpin has not alleged that an
21
officer, director, or agent of AT&T committed or ratified an oppressive, fraudulent, or
22
malicious act. (Mot. 15–18.) Second, AT&T argues that Mr. Terpin has not pleaded
23
the requisite mental state on the part of an AT&T executive to justify punitive
24
damages. (Mot. 18–22.) Third, AT&T argues that Mr. Terpin’s negligence claims are
25
ineligible for punitive damages.
26
damages are not appropriate in this, a case of first impression. (Mot. 23.)
(Mot. 22–23.)
Fourth, AT&T argues punitive
27
By statute, where a plaintiff proves “by clear and convincing evidence that the
28
defendant has been guilty of oppression, fraud, or malice, the plaintiff, in addition to
9
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 10 of 14 Page ID #:1225
1
the actual damages, may recover [punitive] damages.” Cal. Civ. Code § 3294(a).
2
Nevertheless, a corporate entity cannot commit willful and malicious conduct; instead,
3
“the advance knowledge and conscious disregard, authorization, ratification or act of
4
oppression, fraud, or malice must be on the part of an officer, director, or managing
5
agent of the corporation.” Id. § 3294(b); Taiwan Semiconductor Mfg. Co. v. Tela
6
Innovations, Inc., No. 14-CV-00362-BLF, 2014 WL 3705350, at *6 (N.D. Cal. July
7
24, 2014) (“[A] company simply cannot commit willful and malicious conduct—only
8
an individual can.”). Therefore, Mr. Terpin must plead that an officer, director, or
9
managing agent of AT&T committed or ratified an act of oppression, fraud, or malice.
10
Mr. Terpin asserts that his claim for punitive damages does not arise out of an
11
act undertaken by an individual employee and ratified by an officer of AT&T; rather, it
12
arises from acts AT&T officers committed themselves. (Opp’n 13.) In his SAC, Mr.
13
Terpin added allegations that Bill O’Hern, AT&T’s Chief Security Officer, and David
14
Huntley, AT&T’s Executive Vice President and Chief Compliance Officer, deliberately
15
ignored the security requirements set forth in the 2015 Consent Decree, promoted a
16
system that did not protect its customers, and did nothing to prevent AT&T employees
17
from turning over customer information to hackers in SIM swaps. (SAC ¶¶ 75, 77–
18
79, 83–84, 90–93, 143–45, 149, 156.)
19
Because the Court dismisses Mr. Terpin’s claims for fraud—including deceit by
20
concealment and misrepresentation—he may only seek punitive damages based on
21
AT&T and its officers’ negligent conduct.
22
satisfy the highly culpable state of mind warranting punitive damages.” Evans v.
23
Home Depot U.S.A., Inc., No. 16-cv-07191-JSW, 2017 WL 679531, at *2 (N.D. Cal.
24
Feb. 21, 2017) (quoting Woolstrum v. Mailoux, 141 Cal. App. 3d Supp. 1, 10 (1983)).
25
Nevertheless, “if the plaintiff can make a showing that defendant’s conduct goes
26
beyond gross negligence and demonstrates a knowing and reckless disregard, punitive
27
damages may be available.” Simplicity Int’l v. Genlabs Corp., No. 09-cv-06146-SVW
28
(RCx), 2010 WL 11515296, at *2 (C.D. Cal. Apr. 21, 2010) (citing Sturges v. Charles
10
Usually, negligent conduct “does not
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 11 of 14 Page ID #:1226
1
L. Harney, Inc., 165 Cal. App 2d 306, 320 (1958)). The plaintiff must show that the
2
defendant (1) had “actual knowledge of the risk of harm it is creating” and (2) “in the
3
face of that knowledge, fail[ed] to take steps it [knew would] reduce or eliminate the
4
risk of harm.”
5
(emphasis in original).
Ehrhardt v. Brunswick, Inc., 186 Cal. App. 3d 734, 742 (1986)
6
Mr. Terpin attempts to allege that Mr. Huntley and Mr. O’Hern had actual
7
knowledge of the high risk of employee-facilitated SIM swaps by referencing various
8
reports, news articles, and indictments. (SAC ¶¶ 65–74, 83.) However, all of the
9
examples Mr. Terpin provides occurred after his January 2018 hack. Therefore, these
10
allegations do not support the inference that, at time of Mr. Terpin’s injury, AT&T and
11
its executives had knowledge of the widespread threat of SIM swapping. See Johnson
12
& Johnson Talcum Powder Cases, 37 Cal. App. 5th 292, 334 (2019) (finding “that
13
evidence [that] developed post-injury did not create a reasonable inference that [the
14
defendant] was acting with malice, pre-injury”).
15
Mr. Terpin also alleges that the FCC Consent Decree issued in 2015 put AT&T
16
and its executives on notice that its employees were disclosing customers’ confidential
17
and private information and required AT&T to cure the deficiencies in its security,
18
hiring, and training. (Opp’n 14; SAC ¶¶ 39–51.) Mr. Terpin alleges that AT&T failed
19
to meet the Consent Decree’s standard for adequate security procedures and, by virtue
20
of their role at AT&T as head of security and compliance, Mr. O’Hern and Mr.
21
Huntley knew flaws existed. (See SAC ¶¶ 51, 75.) On top of that, Mr. Terpin alleges
22
that AT&T had been contacted “numerous times by law enforcement authorities”
23
specifically regarding SIM swap fraud involving its own employees cooperating with
24
hackers and, given their responsibilities in the company, Mr. O’Hern and Mr. Huntley
25
knew of such contacts. (SAC ¶ 91.) Taking these allegations as true, as the Court
26
must in a motion to dismiss, it is plausible that Mr. O’Hern and Mr. Huntley had
27
actual knowledge of the threat posed by AT&T’s inadequate security system.
28
11
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 12 of 14 Page ID #:1227
1
However, Mr. Terpin fails to demonstrate that Mr. O’Hern and Mr. Huntley
2
consciously disregarded the threat. Mr. Terpin alleges that the executives did nothing
3
to prevent SIM swap scams. (SAC ¶ 78.) But a conclusory allegation that the
4
defendant failed to take steps to reduce the risk of harm, with no factual support,
5
cannot justify a claim for punitive damages.
6
No. 12-CV-2432-AJB (BGS), 2014 WL 5171799, at *5 (S.D. Cal. Oct. 14, 2014)
7
(finding that “legal conclusions and . . . magic words” will not save an otherwise
8
faulty pleading for punitive damages). Mr. Terpin does not provide factual allegations
9
that show the ways in which Mr. O’Hern and Mr. Huntley deliberately avoided taking
10
steps to remedy the security gaps at the time of his attack. Cf. In re Yahoo! Inc., 313
11
F. Supp. 3d at 1148 (finding malice where the plaintiffs alleged that internal
12
documents between executives showed they knew about a security breach, but
13
purposefully did not tell the public for two years). In contrast, AT&T argues that Mr.
14
Terpin himself admitted SIM swap fraud is a new risk and that no service provider has
15
figured out how to prevent it. (Reply to Mot. (“Reply”) 10, ECF No. 45 (citing SAC
16
¶¶ 5, 70).) The Court agrees that Mr. Terpin’s allegations do not suggest that Mr.
17
O’Hern and Mr. Huntley identified an appropriate security measure before Mr.
18
Terpin’s attack and consciously chose not to implement it. Therefore, Mr. Terpin has
19
not alleged sufficient facts to support a prayer for punitive damages.
See Diehl v. Starbucks Corp.,
20
Mr. Terpin relies on two recent decisions from district courts in the Ninth
21
Circuit arising out of similar facts against AT&T to justify denying this motion to
22
dismiss his claims for punitive damages at the pleading stage.4 Mr. Terpin first refers
23
Mr. Terpin requests the Court take judicial notice of two recent decisions and the associated
complaints, arising out of similar facts against AT&T. (Request for Judicial Notice (“RJN”) 1, ECF
No. 47.) AT&T does not object. (Resp. to RJN 1, ECF No. 48.) “A court may consider certain
materials . . . [including] matters of judicial notice” when ruling on a Rule 12(b)(6) motion to
dismiss. United States v. Ritchie, 342 F.3d 903, 909 (9th Cir. 2003); see also Fed. R. Evid. 201
(providing that judicial notice may be appropriate where facts are not subject to reasonable dispute).
Accordingly, the Court GRANTS the Mr. Terpin’s RJN and takes judicial notice of the orders in
Ross v. AT&T Mobility, LLC, Case No. 19-cv-0669-JST (N.D. Cal., May 14, 2020) (RJN Ex. 1
(“Ross Order”), ECF No. 47-1) and Shapiro v. AT&T Mobility, LLC, Case No. 2:19-cv-8972-CBM4
24
25
26
27
28
12
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 13 of 14 Page ID #:1228
1
to Ross v. AT&T Mobility, LLC, where the plaintiff relies on ExxonMobil Oil Corp. v.
2
Southern California Edison Co., No. CV-12-10001-GHK (VBKx), 2013 WL
3
12166214 (C.D. Cal. May 1, 2013), to support a claim for punitive damages. (See
4
Ross Order 29–30.) This Court does not find the analogy to ExxonMobil persuasive.
5
In ExxonMobil, the court found malice sufficiently alleged where the plaintiff alleged
6
the “decades-long history” between the parties, as well as each specific step the
7
defendant failed to take to ensure reliable service, despite prior litigation between the
8
two parties and repeated assurances it would improve.
9
12166214, at *1–3. Here, Mr. Terpin has not alleged such a history nor any specific
10
steps Mr. O’Hern and Mr. Huntley have failed to take to remedy AT&T’s security
11
flaws; therefore, in this respect, Ross is inapposite. Mr. Terpin also refers the Court to
12
Shapiro v. AT&T Mobility, LLC, yet the Court respectfully disagrees with the lenient
13
pleading standard applied in Shapiro, which permitted “unsupported and conclusory
14
averments of malice.” (Shapiro Order 12.) Thus, neither decision provides persuasive
15
reasoning to alter the Court’s conclusion that Mr. Terpin fails to sufficiently allege
16
malice in his SAC.
ExxonMobil, 2013 WL
17
Because Mr. Terpin does not successfully allege malice, the Court GRANTS
18
AT&T’s motion to dismiss Mr. Terpin’s request for punitive damages without leave to
19
amend. However, the Court recognizes that critical facts may arise during discovery
20
that provide Mr. Terpin the ability to adequately plead punitive damages. Mr. Terpin
21
may move to add a request for punitive damages at the appropriate time, and no later
22
than twenty-one days (21) after the discovery cutoff deadline.
23
D.
Doe Defendants
24
The Court previously granted AT&T’s motion to dismiss Mr. Terpin’s claims
25
against Doe defendants, with leave to amend in accordance with Local Rule 19-1
26
27
28
FFM (C.D. Cal., May 18, 2020) (RJN Ex. 2 (“Shapiro Order”)), but not the truth of the facts therein.
Lee, 250 F.3d at 690; see also Reyn’s Pasta Bella, LLC v. Visa USA, Inc., 442 F.3d 741, 746 n.6 (9th
Cir. 2006) (taking judicial notice of pleadings, memoranda, and other court documents).
13
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 14 of 14 Page ID #:1229
1
(which permits no more than ten fictitiously named parties).
2
However, in his SAC, Mr. Terpin again brings claims against Doe defendants 1–25.
3
(See SAC.) AT&T moves to dismiss Mr. Terpin’s claims against Doe defendants
4
because Mr. Terpin has alleged more than ten fictitious defendants and has not made
5
individualized allegations about particular fictitious defendants. (Mot. 13–14.) Mr.
6
Terpin does not oppose on this issue. (See generally Opp’n.) The Court finds it
7
premature to dismiss Doe defendants 1–10, as they are permitted by Local Rule 19-1
8
and facts may develop during discovery which enable Mr. Terpin to identify the Does.
9
However, as no complaint may include more than ten Doe defendants, the Court
10
GRANTS AT&T’s motion to dismiss Doe defendants 11–25 with prejudice. See
11
C.D. Cal. L.R. 19-1.
V.
12
13
14
(Feb. Order 14.)
CONCLUSION
As discussed above, the Court GRANTS AT&T’s Motion to Dismiss. (ECF
No. 43.)
15
16
IT IS SO ORDERED.
17
18
September 8, 2020
19
20
21
____________________________________
OTIS D. WRIGHT, II
UNITED STATES DISTRICT JUDGE
22
23
24
25
26
27
28
14
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?