Michael Terpin v. AT and T Inc et al

Filing 49

ORDER GRANTING DEFENDANT'S PARTIAL MOTION TO DISMISS 43 by Judge Otis D. Wright, II: The Court finds it premature to dismiss Doe defendants 1-10, as they are permitted by Local Rule 19-1 and facts may develop during discovery which enable Mr. Terpin to identify the Does. However, as no complaint may include more than ten Doe defendants, the Court GRANTS AT&T's motion to dismiss Doe defendants 11-25 with prejudice. (lc) Modified on 9/8/2020 (lc). Modified on 9/8/2020 (lc).

Download PDF
Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 1 of 14 Page ID #:1216 O 1 2 3 4 5 6 7 United States District Court Central District of California 8 9 10 11 MICHAEL TERPIN, 12 Plaintiff, 13 14 Case No. 2:18-cv-06975-ODW (KSx) v. AT&T MOBILITY, LLC, et al., 15 ORDER GRANTING DEFENDANT’S PARTIAL MOTION TO DISMISS [43] Defendants. 16 I. 17 INTRODUCTION 18 Defendant AT&T Mobility, LLC (“AT&T”) moves to dismiss certain of 19 Plaintiff Michael Terpin’s (“Mr. Terpin”) claims in his Second Amended Complaint 20 (“SAC”), including deceit by concealment, misrepresentation, requests for punitive 21 damages, and all claims against Doe defendants (the “Motion”). (Mot., ECF No. 43.) 22 For the reasons that follow, the Court GRANTS AT&T’s Motion.1 II. 23 BACKGROUND 24 As previously set forth in the Court’s February 24, 2020 Order (“Feb. Order”), 25 (ECF No. 37), granting in part and denying in part AT&T’s motion to dismiss the 26 First Amended Complaint (“FAC”), Mr. Terpin is a prominent and well-known 27 28 1 Having carefully considered the papers filed in connection with the Motion, the Court deemed the matter appropriate for decision without oral argument. Fed. R. Civ. P. 78; C.D. Cal. L.R. 7-15. Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 2 of 14 Page ID #:1217 1 member of the cryptocurrency community. (SAC ¶¶ 18–19, ECF No. 42.) He is 2 domiciled in Puerto Rico with a residence in California. (SAC ¶ 1.) On June 11, 3 2017, Mr. Terpin’s phone suddenly became inoperable because his cell phone number 4 had been hacked. (SAC ¶ 86.) After hackers attempted and failed eleven times to 5 change Mr. Terpin’s AT&T password in AT&T retail stores, the hackers were able to 6 change his password remotely. (SAC ¶ 86.) Mr. Terpin alleges that this allowed the 7 hackers to gain control of his phone number, which allowed them to gain access to his 8 accounts that use his telephone number for authentication. (SAC ¶ 87.) Mr. Terpin 9 asserts the hackers used his telephone number to access his cryptocurrency accounts 10 and also impersonated him by using his Skype account. (SAC ¶ 87.) By 11 impersonating him, the hackers convinced one of Mr. Terpin’s clients to send them 12 cryptocurrency and diverted the cryptocurrency to themselves. (SAC ¶ 87.) Later that 13 day, AT&T was able to cutoff the hackers’ access to Mr. Terpin’s telephone number. 14 (SAC ¶ 87.) However, by this time, the hackers had stolen substantial funds from Mr. 15 Terpin. (SAC ¶ 87.) 16 Around June 13, 2017, Mr. Terpin met with AT&T representatives in Puerto 17 Rico to discuss the hack. (SAC ¶ 88.) AT&T allegedly promised to place Mr. 18 Terpin’s account on a “higher security level with special protection.” (SAC ¶ 89 19 (internal quotation marks omitted).) This included requiring a six-digit passcode 20 (known only to Mr. Terpin and his wife) of anyone attempting to access or change Mr. 21 Terpin’s account settings or transfer his telephone number to another phone. (SAC 22 ¶ 89.) Mr. Terpin alleges that this form of “celebrity” protection was created with the 23 knowledge and approval of AT&T’s officers, including Bill O’Hern and David S. 24 Huntley, who are in charge of AT&T’s security and privacy efforts. (SAC ¶ 90.) Mr. 25 Terpin maintains that he “relied upon AT&T’s promises that his account would be 26 much more secure against hacking, including SIM swap fraud, after it implemented 27 the increased security measures,” and this led him to remain an AT&T customer. 28 (SAC ¶ 92.) Mr. Terpin alleges that AT&T and its officers, such as Mr. O’Hern and 2 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 3 of 14 Page ID #:1218 1 Mr. Huntley, knew at the time he adopted the six-digit security code that it would not 2 provide adequate protection because it could be overridden by AT&T employees. 3 (SAC ¶ 93.) 4 On Sunday, January 7, 2018, Mr. Terpin’s phone again became inoperable. 5 (SAC ¶ 94.) Mr. Terpin alleges that an employee at an AT&T store in Norwich, 6 Connecticut assisted an imposter with a SIM card swap.2 (SAC ¶¶ 95–96.) This 7 resulted in AT&T transferring Mr. Terpin’s phone number to an imposter. (FAC 8 ¶ 95.) Mr. Terpin alleges that when his phone became inoperable, he attempted to 9 contact AT&T to have his telephone number canceled, but AT&T failed to promptly 10 cancel his account. (SAC ¶ 97.) By having access to Mr. Terpin’s phone number, Mr. 11 Terpin alleges that “the hackers were able to intercept Mr. Terpin’s personal 12 information, including telephone calls and text messages, change passwords, access 13 programs and files and locate information that allowed them to gain access to his 14 cryptocurrency wallets and/or accounts.” (SAC ¶ 100.) Mr. Terpin alleges that, as a 15 result, between January 7 and 8, 2018, the hackers stole nearly $24 million worth of 16 cryptocurrency from him. (SAC ¶¶ 101, 103.) 17 On August 15, 2018, Mr. Terpin filed his Complaint asserting sixteen causes of 18 action. (See generally Compl., ECF No. 1.) AT&T moved to dismiss the Complaint 19 in its entirety, which motion the Court granted in part and denied in part, with leave to 20 amend (“July Order”). (See July Order, ECF No. 29.) On August 9, 2019, Mr. Terpin 21 filed his FAC against AT&T alleging nine causes of action. 22 ECF No. 32.) Again, AT&T moved to dismiss the FAC in its entirety, which motion 23 the Court granted in part and denied in part, with partial leave to amend. (See Feb. 24 Order.) On March 16, 2020, Mr. Terpin filed his SAC against AT&T alleging eight 25 causes of action: (1) declaratory relief; (2) unauthorized disclosure, 47 U.S.C. §§ 206, (See generally FAC, 26 2 27 28 Mr. Terpin alleges that “SIM swapping consists of tricking a provider . . . into transferring the target’s phone number to a SIM card controlled by the criminal. Once they get the phone number, fraudsters can leverage it to reset the victims’ passwords and break into their online accounts.” (SAC ¶ 70.) 3 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 4 of 14 Page ID #:1219 1 222; (3) deceit by concealment, California Civil Code sections 1709, 1710; 2 (4) misrepresentation; (5) negligence; (6) negligent supervision and training; 3 (7) negligent hiring; and (8) breach of contract. (SAC ¶¶ 111–211.) 4 AT&T now moves to dismiss Mr. Terpin’s third and fourth causes of action as 5 well as his claims against Doe defendants and request for punitive damages. (See 6 generally Mot.) 7 III. LEGAL STANDARD 8 A court may dismiss a complaint under Federal Rule of Civil Procedure 9 (“Rule”) 12(b)(6) for lack of a cognizable legal theory or insufficient facts pleaded to 10 support an otherwise cognizable legal theory. Balistreri v. Pacifica Police Dep’t, 901 11 F.2d 696, 699 (9th Cir. 1988). To survive a dismissal motion, a complaint need only 12 satisfy the minimal notice pleading requirements of Rule 8(a)(2)—a short and plain 13 statement of the claim. Porter v. Jones, 319 F.3d 483, 494 (9th Cir. 2003). The 14 factual “allegations must be enough to raise a right to relief above the speculative 15 level.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). That is, the complaint 16 must “contain sufficient factual matter, accepted as true, to state a claim to relief that 17 is plausible on its face.” 18 quotation marks omitted). Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal 19 The determination of whether a complaint satisfies the plausibility standard is a 20 “context-specific task that requires the reviewing court to draw on its judicial 21 experience and common sense.” Id. at 679. A court is generally limited to the 22 pleadings and must construe all “factual allegations set forth in the complaint . . . as 23 true and . . . in the light most favorable” to the plaintiff. Lee v. City of Los Angeles, 24 250 F.3d 668, 679 (9th Cir. 2001). 25 conclusory allegations, unwarranted deductions of fact, and unreasonable inferences. 26 Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001). However, a court need not blindly accept 27 Where a district court grants a motion to dismiss, it should generally provide 28 leave to amend unless it is clear the complaint could not be saved by any amendment. 4 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 5 of 14 Page ID #:1220 1 See Fed. R. Civ. P. 15(a); Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 2 1025, 1031 (9th Cir. 2008). 3 determines that the allegation of other facts consistent with the challenged pleading 4 could not possibly cure the deficiency.” Schreiber Distrib. Co. v. Serv-Well Furniture 5 Co., 806 F.2d 1393, 1401 (9th Cir. 1986). 6 denied . . . if amendment would be futile.” Carrico v. City and Cty. of San Francisco, 7 656 F.3d 1002, 1008 (9th Cir. 2011). IV. 8 9 A. Leave to amend may be denied when “the court Thus, leave to amend “is properly DISCUSSION Deceit by Concealment (Claim 3) 10 Under California law, a plaintiff may assert a claim for deceit by concealment 11 based on “[t]he suppression of a fact, by one who is bound to disclose it, or who gives 12 information of other facts which are likely to mislead for want of communication of 13 that fact.” Cal. Civ. Code § 1710(3). An action for fraud and deceit based on 14 concealment has five elements: 15 16 17 18 19 20 (1) the defendant must have concealed or suppressed a material fact, (2) the defendant must have been under a duty to disclose the fact to the plaintiff, (3) the defendant must have intentionally concealed or suppressed the fact with the intent to defraud the plaintiff, (4) the plaintiff must have been unaware of the fact and would not have acted as he did if he had known of the concealed or suppressed fact, and (5) as a result of the concealment or suppression of the fact, the plaintiff must have sustained damage. 21 In re Yahoo! Inc. Customer Data Security Breach Litig., 313 F. Supp. 3d 1113, 1133 22 (N.D. Cal. 2018). 23 elements, arguing that Mr. Terpin fails to sufficiently plead a duty to disclose or 24 reliance in connection with his deceit by concealment claim. (Mot. 6–9.) First, the 25 Court addresses Mr. Terpin’s allegations regarding AT&T’s duty to disclose. As in AT&T’s previous motion, AT&T challenges only two 26 As discussed in the February Order, California law recognizes four 27 circumstances in which an obligation to disclose may arise: “(1) when the defendant is 28 in a fiduciary relationship with the plaintiff; (2) when the defendant had exclusive 5 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 6 of 14 Page ID #:1221 1 knowledge of material facts not known to the plaintiff; (3) when the defendant 2 actively conceals a material fact from the plaintiff; and (4) when the defendant makes 3 partial representations but also suppresses some material facts.” LiMandri v. Judkins, 4 52 Cal. App. 4th 326, 336 (1997). AT&T contends that Mr. Terpin has failed to 5 sufficiently allege any of the four circumstances and, thus, cannot establish a duty to 6 disclose. (Mot. 6–8.) The Court agrees. 7 First, Mr. Terpin argues that a duty to disclose arose because AT&T had 8 “‘exclusive knowledge of material facts’ relating to its security system” and Mr. 9 Terpin had no way of knowing about the system’s inadequacies. (Opp’n to Mot. 10 (“Opp’n”) 5, ECF No. 44; see SAC ¶¶ 92, 143.) However, as the Court recognized in 11 its February Order, AT&T did disclose the limits of its security protections to Mr. 12 Terpin in his AT&T contract. AT&T’s Privacy Policy explicitly states that it “cannot 13 guarantee that your Personal Information will never be disclosed in a manner 14 inconsistent with [AT&T’s] Policy (for example, as the result of unauthorized acts by 15 third parties that violate the law or this Policy).” (SAC, Ex. B (“Privacy Policy”) 99, 16 ECF No. 42-1.) Although AT&T implemented a six-digit code on Mr. Terpin’s 17 account to offer him increased protection, there are no allegations that AT&T indicated 18 the code was immune to the limitations expressed in its Privacy Policy. Because 19 AT&T disclosed that its security system was subject to inadequacies, the fact was not 20 within AT&T’s exclusive knowledge. 21 Next, Mr. Terpin also contends that AT&T actively concealed the fact that the 22 six-digit security code could be overridden or ignored by AT&T employees when it 23 promised him increased security protection. (Opp’n 6; see SAC ¶ 144.) To establish 24 active concealment, a plaintiff must allege “affirmative acts on the part of the 25 defendants in hiding, concealing or covering up the matters complained of.” Lingsch 26 v. Savage, 213 Cal. App. 2d 729, 734 (1963). “Mere nondisclosure does not constitute 27 active concealment.” Herron v. Best Buy Co., 924 F. Supp. 2d 1161, 1176 (E.D. Cal. 28 2013). Mr. Terpin describes nondisclosure in his SAC. AT&T may have omitted the 6 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 7 of 14 Page ID #:1222 1 fact that its employees could override Mr. Terpin’s six-digit code, but the omission 2 itself does not amount to AT&T’s affirmatively covering up the information. Further, 3 AT&T promised Mr. Terpin the code would provide “additional levels of security” 4 and that his account was “much less likely to be subject to SIM swap fraud.” (SAC ¶¶ 5 89, 143 (emphasis added)). AT&T did not promise that the code would provide 6 absolute protection when it knew otherwise. Cf. Johnson v. Harley-Davidson Motor 7 Co., No. 2:10-cv-02443 JAM (EFB), 2011 WL 3163303, at *5 (E.D. Cal. July 22, 8 2011) (finding active concealment where the defendant told the plaintiffs their 9 motorcycle defect was completely corrected when the defendants knowingly used 10 equally defective parts for the repair). 11 Last, Mr. Terpin asserts that AT&T made a partial representation when it 12 assured him of the six-digit code’s protections but concealed that the code could be 13 rendered ineffective by AT&T’s employees. (See Opp’n 7.) A claim for partial 14 representation may arise when “the defendant makes representations but does not 15 disclose facts which materially qualify the facts disclosed, or which render his 16 disclosure likely to mislead.” Herron, 924 F. Supp. 2d at 1177 (quoting Warner 17 Constr. Corp. v. City of Los Angeles, 2 Cal. 3d 285, 294 (1970)). AT&T represented to 18 Mr. Terpin that the six-digit code would provide heightened security and AT&T 19 appropriately qualified that promise within its privacy policy. Although AT&T did not 20 specifically spell out that a security breach may occur if an employee violates their 21 obligations and overrides the code at the behest of a criminal, it did disclose that a 22 breach may be the “result of unauthorized acts by third parties.” (Privacy Policy 99.) 23 Therefore, a duty to disclose did not arise from a partial representation. 24 For the reasons stated above, Mr. Terpin fails to allege that AT&T had a duty to 25 disclose in his SAC. As such, Mr. Terpin’s allegations are insufficient to state a claim 26 27 28 7 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 8 of 14 Page ID #:1223 1 for deceit by concealment.3 Accordingly, the Court GRANTS AT&T’s motion to 2 dismiss Mr. Terpin’s third claim with prejudice. 3 B. Misrepresentation (Claim 4) 4 To state an intentional misrepresentation claim under California law, Mr. Terpin 5 must plead: “(1) misrepresentation; (2) knowledge of falsity; (3) intent to defraud or to 6 induce reliance; (4) justifiable reliance; and (5) resulting damage.” Yastrab v. Apple 7 Inc., 173 F. Supp. 3d 972, 977–78 (N.D. Cal. 2016) (citing Engalla v. Permanente 8 Med. Grp., Inc., 15 Cal. 4th 951, 974 (1997)). 9 In its February Order, the Court dismissed this claim “because Mr. Terpin [did] 10 not allege that he actually read AT&T’s Privacy Policy or COBC, which [made] Mr. 11 Terpin’s allegation that he reasonably relied on the statements contained therein 12 implausible.” (Feb. Order 11.) AT&T argues that in his SAC, Mr. Terpin “does 13 nothing to cure his inadequate reliance allegations as to the written statements in the 14 Privacy Policy and the COBC.” (Mot. 10–11.) Mr. Terpin does not dispute this. (See 15 Opp’n 10–11.) Instead, Mr. Terpin argues that he relied on promises made by an 16 AT&T employee after the hack in June 11, 2017, that his information would be 17 secured by adding a six-digit code. (Opp’n 10; SAC ¶ 159.) Mr. Terpin alleges that 18 AT&T promised heightened security so it could retain him as a customer and he relied 19 on that promise in continuing his AT&T account. (Opp’n 10; SAC ¶ 162.) Finally, 20 Mr. Terpin alleges that AT&T never intended to perform its promise because it knew 21 that its security measures were ineffectual, it did not adhere to its own standards, and 22 it did not have state-of-the-art security protection in place, like SIM lockout. (See 23 SAC ¶¶ 159–160). 24 Mr. Terpin still fails to state an intentional misrepresentation claim. “[M]aking 25 a promise with an honest but unreasonable intent to perform is wholly different from 26 making one with no intent to perform and, therefore, does not constitute a false 27 28 3 Having found no duty to disclose, the Court does not address whether Mr. Terpin sufficiently pleads reliance on AT&T’s alleged non-disclosure. 8 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 9 of 14 Page ID #:1224 1 promise.” Tarmann v. State Farm Mut. Auto. Ins. Co., 2 Cal. App. 4th 153, 159 2 (1991). Even if AT&T knew that the six-digit code could not prevent every potential 3 security breach; the Court cannot infer from Mr. Terpin’s allegations that AT&T 4 intended for the code to provide no increase to security when it promised additional 5 protection. A defendant may be “overly optimistic” in making its promise, but “an 6 erroneous belief, no matter how misguided, does not justify a finding of fraud.” 7 Magpali v. Farmers Grp., Inc., 48 Cal. App. 4th 471, 481 (1996) (citing Tarmann, 2 8 Cal. App. 4th at 159). Therefore, Mr. Terpin’s allegations again fall short of pleading 9 actionable fraud. 10 Because Mr. Terpin fails to allege AT&T never intended to adhere to its 11 heightened security protocols, the Court GRANTS AT&T’s motion to dismiss the 12 fourth claim with prejudice. 13 C. Punitive Damages 14 Mr. Terpin seeks punitive damages in connection with his claims for deceit by 15 concealment (Claim 3), misrepresentation (Claim 4), negligence (Claim 5), negligent 16 supervision and training (Claim 6), and negligent hiring (Claim 7). (SAC ¶¶ 156, 164, 17 175, 189, 203.) AT&T argues that Mr. Terpin has not adequately pleaded that he is 18 entitled to punitive damages. (Mot. 14–23.) 19 AT&T advances four arguments in support of dismissal of Mr. Terpin’s claims 20 for punitive damages. First, AT&T argues that Mr. Terpin has not alleged that an 21 officer, director, or agent of AT&T committed or ratified an oppressive, fraudulent, or 22 malicious act. (Mot. 15–18.) Second, AT&T argues that Mr. Terpin has not pleaded 23 the requisite mental state on the part of an AT&T executive to justify punitive 24 damages. (Mot. 18–22.) Third, AT&T argues that Mr. Terpin’s negligence claims are 25 ineligible for punitive damages. 26 damages are not appropriate in this, a case of first impression. (Mot. 23.) (Mot. 22–23.) Fourth, AT&T argues punitive 27 By statute, where a plaintiff proves “by clear and convincing evidence that the 28 defendant has been guilty of oppression, fraud, or malice, the plaintiff, in addition to 9 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 10 of 14 Page ID #:1225 1 the actual damages, may recover [punitive] damages.” Cal. Civ. Code § 3294(a). 2 Nevertheless, a corporate entity cannot commit willful and malicious conduct; instead, 3 “the advance knowledge and conscious disregard, authorization, ratification or act of 4 oppression, fraud, or malice must be on the part of an officer, director, or managing 5 agent of the corporation.” Id. § 3294(b); Taiwan Semiconductor Mfg. Co. v. Tela 6 Innovations, Inc., No. 14-CV-00362-BLF, 2014 WL 3705350, at *6 (N.D. Cal. July 7 24, 2014) (“[A] company simply cannot commit willful and malicious conduct—only 8 an individual can.”). Therefore, Mr. Terpin must plead that an officer, director, or 9 managing agent of AT&T committed or ratified an act of oppression, fraud, or malice. 10 Mr. Terpin asserts that his claim for punitive damages does not arise out of an 11 act undertaken by an individual employee and ratified by an officer of AT&T; rather, it 12 arises from acts AT&T officers committed themselves. (Opp’n 13.) In his SAC, Mr. 13 Terpin added allegations that Bill O’Hern, AT&T’s Chief Security Officer, and David 14 Huntley, AT&T’s Executive Vice President and Chief Compliance Officer, deliberately 15 ignored the security requirements set forth in the 2015 Consent Decree, promoted a 16 system that did not protect its customers, and did nothing to prevent AT&T employees 17 from turning over customer information to hackers in SIM swaps. (SAC ¶¶ 75, 77– 18 79, 83–84, 90–93, 143–45, 149, 156.) 19 Because the Court dismisses Mr. Terpin’s claims for fraud—including deceit by 20 concealment and misrepresentation—he may only seek punitive damages based on 21 AT&T and its officers’ negligent conduct. 22 satisfy the highly culpable state of mind warranting punitive damages.” Evans v. 23 Home Depot U.S.A., Inc., No. 16-cv-07191-JSW, 2017 WL 679531, at *2 (N.D. Cal. 24 Feb. 21, 2017) (quoting Woolstrum v. Mailoux, 141 Cal. App. 3d Supp. 1, 10 (1983)). 25 Nevertheless, “if the plaintiff can make a showing that defendant’s conduct goes 26 beyond gross negligence and demonstrates a knowing and reckless disregard, punitive 27 damages may be available.” Simplicity Int’l v. Genlabs Corp., No. 09-cv-06146-SVW 28 (RCx), 2010 WL 11515296, at *2 (C.D. Cal. Apr. 21, 2010) (citing Sturges v. Charles 10 Usually, negligent conduct “does not Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 11 of 14 Page ID #:1226 1 L. Harney, Inc., 165 Cal. App 2d 306, 320 (1958)). The plaintiff must show that the 2 defendant (1) had “actual knowledge of the risk of harm it is creating” and (2) “in the 3 face of that knowledge, fail[ed] to take steps it [knew would] reduce or eliminate the 4 risk of harm.” 5 (emphasis in original). Ehrhardt v. Brunswick, Inc., 186 Cal. App. 3d 734, 742 (1986) 6 Mr. Terpin attempts to allege that Mr. Huntley and Mr. O’Hern had actual 7 knowledge of the high risk of employee-facilitated SIM swaps by referencing various 8 reports, news articles, and indictments. (SAC ¶¶ 65–74, 83.) However, all of the 9 examples Mr. Terpin provides occurred after his January 2018 hack. Therefore, these 10 allegations do not support the inference that, at time of Mr. Terpin’s injury, AT&T and 11 its executives had knowledge of the widespread threat of SIM swapping. See Johnson 12 & Johnson Talcum Powder Cases, 37 Cal. App. 5th 292, 334 (2019) (finding “that 13 evidence [that] developed post-injury did not create a reasonable inference that [the 14 defendant] was acting with malice, pre-injury”). 15 Mr. Terpin also alleges that the FCC Consent Decree issued in 2015 put AT&T 16 and its executives on notice that its employees were disclosing customers’ confidential 17 and private information and required AT&T to cure the deficiencies in its security, 18 hiring, and training. (Opp’n 14; SAC ¶¶ 39–51.) Mr. Terpin alleges that AT&T failed 19 to meet the Consent Decree’s standard for adequate security procedures and, by virtue 20 of their role at AT&T as head of security and compliance, Mr. O’Hern and Mr. 21 Huntley knew flaws existed. (See SAC ¶¶ 51, 75.) On top of that, Mr. Terpin alleges 22 that AT&T had been contacted “numerous times by law enforcement authorities” 23 specifically regarding SIM swap fraud involving its own employees cooperating with 24 hackers and, given their responsibilities in the company, Mr. O’Hern and Mr. Huntley 25 knew of such contacts. (SAC ¶ 91.) Taking these allegations as true, as the Court 26 must in a motion to dismiss, it is plausible that Mr. O’Hern and Mr. Huntley had 27 actual knowledge of the threat posed by AT&T’s inadequate security system. 28 11 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 12 of 14 Page ID #:1227 1 However, Mr. Terpin fails to demonstrate that Mr. O’Hern and Mr. Huntley 2 consciously disregarded the threat. Mr. Terpin alleges that the executives did nothing 3 to prevent SIM swap scams. (SAC ¶ 78.) But a conclusory allegation that the 4 defendant failed to take steps to reduce the risk of harm, with no factual support, 5 cannot justify a claim for punitive damages. 6 No. 12-CV-2432-AJB (BGS), 2014 WL 5171799, at *5 (S.D. Cal. Oct. 14, 2014) 7 (finding that “legal conclusions and . . . magic words” will not save an otherwise 8 faulty pleading for punitive damages). Mr. Terpin does not provide factual allegations 9 that show the ways in which Mr. O’Hern and Mr. Huntley deliberately avoided taking 10 steps to remedy the security gaps at the time of his attack. Cf. In re Yahoo! Inc., 313 11 F. Supp. 3d at 1148 (finding malice where the plaintiffs alleged that internal 12 documents between executives showed they knew about a security breach, but 13 purposefully did not tell the public for two years). In contrast, AT&T argues that Mr. 14 Terpin himself admitted SIM swap fraud is a new risk and that no service provider has 15 figured out how to prevent it. (Reply to Mot. (“Reply”) 10, ECF No. 45 (citing SAC 16 ¶¶ 5, 70).) The Court agrees that Mr. Terpin’s allegations do not suggest that Mr. 17 O’Hern and Mr. Huntley identified an appropriate security measure before Mr. 18 Terpin’s attack and consciously chose not to implement it. Therefore, Mr. Terpin has 19 not alleged sufficient facts to support a prayer for punitive damages. See Diehl v. Starbucks Corp., 20 Mr. Terpin relies on two recent decisions from district courts in the Ninth 21 Circuit arising out of similar facts against AT&T to justify denying this motion to 22 dismiss his claims for punitive damages at the pleading stage.4 Mr. Terpin first refers 23 Mr. Terpin requests the Court take judicial notice of two recent decisions and the associated complaints, arising out of similar facts against AT&T. (Request for Judicial Notice (“RJN”) 1, ECF No. 47.) AT&T does not object. (Resp. to RJN 1, ECF No. 48.) “A court may consider certain materials . . . [including] matters of judicial notice” when ruling on a Rule 12(b)(6) motion to dismiss. United States v. Ritchie, 342 F.3d 903, 909 (9th Cir. 2003); see also Fed. R. Evid. 201 (providing that judicial notice may be appropriate where facts are not subject to reasonable dispute). Accordingly, the Court GRANTS the Mr. Terpin’s RJN and takes judicial notice of the orders in Ross v. AT&T Mobility, LLC, Case No. 19-cv-0669-JST (N.D. Cal., May 14, 2020) (RJN Ex. 1 (“Ross Order”), ECF No. 47-1) and Shapiro v. AT&T Mobility, LLC, Case No. 2:19-cv-8972-CBM4 24 25 26 27 28 12 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 13 of 14 Page ID #:1228 1 to Ross v. AT&T Mobility, LLC, where the plaintiff relies on ExxonMobil Oil Corp. v. 2 Southern California Edison Co., No. CV-12-10001-GHK (VBKx), 2013 WL 3 12166214 (C.D. Cal. May 1, 2013), to support a claim for punitive damages. (See 4 Ross Order 29–30.) This Court does not find the analogy to ExxonMobil persuasive. 5 In ExxonMobil, the court found malice sufficiently alleged where the plaintiff alleged 6 the “decades-long history” between the parties, as well as each specific step the 7 defendant failed to take to ensure reliable service, despite prior litigation between the 8 two parties and repeated assurances it would improve. 9 12166214, at *1–3. Here, Mr. Terpin has not alleged such a history nor any specific 10 steps Mr. O’Hern and Mr. Huntley have failed to take to remedy AT&T’s security 11 flaws; therefore, in this respect, Ross is inapposite. Mr. Terpin also refers the Court to 12 Shapiro v. AT&T Mobility, LLC, yet the Court respectfully disagrees with the lenient 13 pleading standard applied in Shapiro, which permitted “unsupported and conclusory 14 averments of malice.” (Shapiro Order 12.) Thus, neither decision provides persuasive 15 reasoning to alter the Court’s conclusion that Mr. Terpin fails to sufficiently allege 16 malice in his SAC. ExxonMobil, 2013 WL 17 Because Mr. Terpin does not successfully allege malice, the Court GRANTS 18 AT&T’s motion to dismiss Mr. Terpin’s request for punitive damages without leave to 19 amend. However, the Court recognizes that critical facts may arise during discovery 20 that provide Mr. Terpin the ability to adequately plead punitive damages. Mr. Terpin 21 may move to add a request for punitive damages at the appropriate time, and no later 22 than twenty-one days (21) after the discovery cutoff deadline. 23 D. Doe Defendants 24 The Court previously granted AT&T’s motion to dismiss Mr. Terpin’s claims 25 against Doe defendants, with leave to amend in accordance with Local Rule 19-1 26 27 28 FFM (C.D. Cal., May 18, 2020) (RJN Ex. 2 (“Shapiro Order”)), but not the truth of the facts therein. Lee, 250 F.3d at 690; see also Reyn’s Pasta Bella, LLC v. Visa USA, Inc., 442 F.3d 741, 746 n.6 (9th Cir. 2006) (taking judicial notice of pleadings, memoranda, and other court documents). 13 Case 2:18-cv-06975-ODW-KS Document 49 Filed 09/08/20 Page 14 of 14 Page ID #:1229 1 (which permits no more than ten fictitiously named parties). 2 However, in his SAC, Mr. Terpin again brings claims against Doe defendants 1–25. 3 (See SAC.) AT&T moves to dismiss Mr. Terpin’s claims against Doe defendants 4 because Mr. Terpin has alleged more than ten fictitious defendants and has not made 5 individualized allegations about particular fictitious defendants. (Mot. 13–14.) Mr. 6 Terpin does not oppose on this issue. (See generally Opp’n.) The Court finds it 7 premature to dismiss Doe defendants 1–10, as they are permitted by Local Rule 19-1 8 and facts may develop during discovery which enable Mr. Terpin to identify the Does. 9 However, as no complaint may include more than ten Doe defendants, the Court 10 GRANTS AT&T’s motion to dismiss Doe defendants 11–25 with prejudice. See 11 C.D. Cal. L.R. 19-1. V. 12 13 14 (Feb. Order 14.) CONCLUSION As discussed above, the Court GRANTS AT&T’s Motion to Dismiss. (ECF No. 43.) 15 16 IT IS SO ORDERED. 17 18 September 8, 2020 19 20 21 ____________________________________ OTIS D. WRIGHT, II UNITED STATES DISTRICT JUDGE 22 23 24 25 26 27 28 14

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?