Aman Abye v. Yahoo! Inc.

Filing 1

COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF against Yahoo! Inc. ( Filing fee $ 400, receipt number 0971-11034415.). Filed byAman Abye. (Sklaver, Steven) (Filed on 12/27/2016)

Download PDF
1 5 MARC M. SELTZER (54534) mseltzer@susmangodfrey.com STEVEN G. SKLAVER (237612) sklaver@susmangodfrey.com SUSMAN GODFREY L.L.P. 1901 Avenue of the Stars, Suite 950 Los Angeles, California 90067-6029 [Tel.] (310) 789-3100 [Fax] (310) 789-3150 6 Attorney for Plaintiff Aman Abye 2 3 4 7 8 9 UNITED STATES DISTRICT COURT 10 NORTHERN DISTRICT OF CALIFORNIA 11 SAN JOSE DIVISION 12 13 14 AMAN ABYE, on behalf of himself and all others similarly situated, CLASS ACTION 15 16 17 Case No: 5-16-cv-7354 Plaintiff, vs. COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF YAHOO! INC. 18 Defendant. 19 20 21 22 23 24 25 26 27 28 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 Plaintiff, by and through his attorneys, complains and alleges as follows: 2 3 INTRODUCTION 1. Yahoo! Inc. (“Yahoo”) is a multinational technology company that operates a 4 search engine and web portal, along with a host of related services including Yahoo! News, 5 Yahoo! Finance, Yahoo! Mail, and more. It is the world’s highest-read news and multimedia 6 website and the fifth most visited website globally, with over 1 billion total users and hundreds of 7 millions of monthly users. 8 2. On December 14, 2016, Yahoo announced that a 2013 data breach had 9 compromised the account information of over 1 billion users (“2013 Breach”). The breach 10 included MD5-hashed (i.e., weakly) encrypted passwords; sensitive user information such as 11 names, telephone numbers, and dates of birth; and encrypted and unencrypted answers to security 12 questions that could be used to compromise other accounts. 13 14 15 3. This breach was the result of substandard data security practices that, by 2013, were well known in the technology field to leave Yahoo particularly vulnerable to intrusion. 4. The December 2016 announcement followed shortly on the heels of a September 16 2016 announcement that at least 500 million user accounts had been compromised in a separate 17 2014 data breach, which is already the subject of litigation in this District. 18 5. This is a class action brought on behalf of a nationwide Class of Yahoo account 19 owners—described herein as “users”—for breach of express and implied warranties of contract, 20 breach of the implied covenant of good faith and fair dealing, and violation of California unfair 21 competition, consumer protection, and data privacy laws. All allegations herein are based on 22 information and belief except for those relating to Plaintiff and his own actions. 23 6. Plaintiff seeks damages stemming from at least the following: 24 a. Loss of value of personally identifiable information; 25 b. Consequential out-of-pocket expenses; 26 c. Benefit of the bargain loss; and 27 d. Punitive damages. 28 1 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 2 JURISDICTION AND VENUE 7. Plaintiff brings this class action on behalf of all United States Yahoo users whose 3 accounts were affected. As less than one third of the members of the proposed class are likely to 4 reside in California, this Court has subject matter jurisdiction over these claims pursuant to 28 5 U.S.C. § 1332(d). 6 8. Venue is proper pursuant to 28 U.S.C. § 1391(b). 7 9. Class members were injured in this District and Yahoo is headquartered in this 8 District. 9 10 PARTIES 10. Plaintiff Aman Abye is a California resident who, like other members of the class, 11 received an email on December 14, 2016, notifying him that his personal information had been 12 compromised. 13 14 11. Defendant Yahoo! Inc. is a Delaware Limited Liability Company and has its headquarters and principal place of business at 701 First Avenue, Sunnyvale, CA. 15 FACTUAL ALLEGATIONS 16 A. Yahoo’s Business 17 12. Yahoo describes itself as “a guide to digital information discovery, focused on 18 informing, connecting, and entertaining through its search, communications, and digital content 19 products,” and claims more than 500 million monthly users. 20 13. Yahoo’s business consists of three user-oriented areas: search, communications, 21 and digital content. In October 2016, Yahoo Search handled 11.7% of all U.S. search queries, or 22 1.78 billion search queries. Yahoo Mail is the second-most popular email service based on 23 website visits and has 81 million U.S. users, and Yahoo Mail generates significant revenue for 24 Yahoo. Yahoo’s messaging and social media platforms contribute significantly to revenue as 25 well. Yahoo’s digital content includes News, Sports, Finance, Lifestyle, and more. These areas 26 combine to make Yahoo sites cumulatively the fifth most visited on the web. 27 28 2 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 14. Yahoo derives virtually the entirety of its revenue from advertising through search, 2 display, and native advertising, including mobile advertising. Critical to Yahoo’s appeal to 3 advertisers is their ability to target advertisements based upon personal information. Yahoo 4 prominently features this ability to collect personal information, target specific demographics, and 5 track users’ browsing and offline habits in its pitch to advertisers. 6 B. Yahoo’s Data Security Practices 7 15. Yahoo’s overall security has long been known as unusually lax among its Internet 8 competitors. Yahoo did not hire a dedicated chief information security officer until 2014, four 9 years after a major breach across technology companies had prompted competitors such as 10 Google to rapidly improve their information security, and one year after information leaked by 11 Edward Snowden identified Yahoo as a frequent target of foreign hackers due to its vulnerability. 12 Within Yahoo, security concerns were repeatedly dismissed out of concern for cost and user 13 convenience. For example, while Google began in 2010 to pay hackers “bug bounties” to identify 14 security flaws in its services, Yahoo did not follow suit until 2013, after large-scale breaches were 15 made public in 2012 and 2013. See generally Nicole Perlroth & Vindu Goel, “Defending Against 16 Hackers Took a Back Seat at Yahoo, Insiders Say,” N.Y. TIMES, Sept. 29, 2016, at B1. 17 16. Despite numerous past breaches, it was not until this year’s set of massive data 18 breaches were announced that Yahoo took the simplest and most obvious step of requiring all 19 users to reset their passwords. Yahoo’s reticence in disclosing and reacting to data breaches 20 undoubtedly compounded the harm caused by the data breach underlying this litigation. 21 17. Yahoo’s password security, as of the 2013 Breach, was based upon the Message 22 Digest algorithm 5 (“MD5”) hash method. An MD5 hash turns any combination of characters 23 into a theoretically unique hash of characters that cannot be reverse-engineered. However, any 24 given combination of characters will always return the same hash; for example, “password” will 25 always return a hash of “cc3a0280e4fc1415930899896574e118,” so that if a hacker finds that 26 hash he or she can deduce that the user’s password is “password.” 27 28 3 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 18. Long before the 2013 Breach, this method was widely used in cryptographic 2 security, because a hacker would have to guess the precise password ex ante and compare the 3 hash values. However, as computer processing became ever cheaper and more powerful long 4 before the 2013 Breach, breaking hashes through brute force computing became ever more 5 feasible. At the time of the 2013 Breach, the MD5 hash technique used by Yahoo was widely 6 known to be a wholly inadequate method of password security. In fact, at the time, there were 7 tables freely available online that contain vast numbers of hash values corresponding to the most 8 common passwords. 9 19. In addition, flaws in the hashing algorithm itself started to become apparent in 10 1996, such that two different inputs could “collide” and generate the same hash. By 2004 11 researchers demonstrated that a hacker could use a “collision attack” based upon these flaws to 12 spoof a security certificate and cause a user to provide information to a malicious website. This 13 vulnerability caused Carnegie Mellon University’s Software Engineering Institute’s CERT 14 division, which is sponsored by the Department of Homeland Security, to warn that “[s]oftware 15 developers, Certification Authorities, website owners, and users should avoid using the MD5 16 algorithm in any capacity,” declaring the MD5 algorithm “cryptographically broken and 17 unsuitable for further use.” 18 20. While Yahoo realized internally the need to move away from the MD5 method at 19 the time of the 2013 Breach, and had started on plans for doing so, it was far too late in making 20 these plans and was still using this inadequate method at the time of the 2013 Breach. Moreover, 21 Brian Krebs, a leading data security researcher discussing the 2013 Breach, concluded that “even 22 by 2013 anyone with half a clue in securing passwords already long ago knew that storing 23 passwords in MD5 format was no longer acceptable and [an] altogether braindead idea.” 24 21. As a result of Yahoo’s outdated password encryption technology, hackers who 25 have acquired MD5-hashed passwords can easily reverse-engineer a vast number of users’ 26 passwords and gain access to their accounts. 27 28 4 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 C. The 2013 Breach 2 22. On December 14, 2016, Yahoo disclosed that over one billion user accounts had 3 been compromised. It stated that “the stolen user account information may have included names, 4 email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some 5 cases, encrypted or unencrypted security questions and answers.” 6 23. Yahoo has not yet been able to identify how the 2013 Breach occurred, though it 7 believes the same eastern European hackers responsible for a later 2014 data breach may have 8 been involved. 9 24. While the mechanisms of the 2013 breach are unclear, the potential consequences 10 are immense. As early as 2015 security researchers had found hackers on the “dark web” offering 11 to sell information on 1 billion Yahoo users. 12 intermediary to inform Yahoo, but were dismissed. Accordingly, despite the availability of user 13 data for sale, Yahoo has professed ignorance of the breach until it was informed by government 14 agencies. 15 D. Yahoo’s Violation of Its Terms of Service 16 25. Upon information and belief, every user who creates a Yahoo account must agree, These researchers had attempted through an 17 at the time, to Yahoo’s terms of service. Accordingly, every user whose account information was 18 disclosed in the 2013 breach would already have entered into the Terms of Service with Yahoo. 19 26. Yahoo’s Terms of Service incorporate by reference its Privacy Policy, which 20 states, inter alia: 21 a. 22 “We are committed to ensuring your information is protected and apply safeguards in accordance with applicable law.” 23 b. “Yahoo does not rent, sell, or share personal information about you with 24 other people or non-affiliated companies except to provide products or services you’ve requested, 25 when we have your permission, or under [certain inapplicable circumstances].” 26 27 28 5 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 c. “We limit access to personal information about you to employees who we 2 believe reasonably need to come into contact with that information to provide products or 3 services to you or in order to do their jobs.” 4 5 6 d. “We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.” 27. Contrary to Yahoo’s assurances, it has not complied with its legal and regulatory 7 obligations. The Federal Trade Commission (“FTC”) has come to define unfair methods of 8 competition through three factors: “(1) whether the practice injures consumers; (2) whether it 9 violates established public policy; (3) whether it is unethical or unscrupulous.” The FTC has used 10 this definition to bring enforcement actions on numerous occasions against entities that have 11 failed to protect consumers’ privacy. 12 13 14 15 28. Yahoo included these provisions in its privacy policy with the intent and effect that users would rely upon them in entrusting their sensitive personal information to Yahoo. 29. Contrary to Yahoo’s assurances, it has not protected users’ data from other people, nor has it limited access to personal information to certain employees. 16 E. Consequences of Yahoo’s Breach 17 30. Information from the Yahoo accounts has been for sale on the “dark web” since at 18 least August 2015. Such information could be used for identity theft, to propagate spam emails to 19 users’ contacts, to access to users’ other accounts, and for blackmail, among other uses. 20 31. Yahoo, in an online FAQ about the December 2016 breach, specifically 21 recommended that, among other steps, users (a) obtain credit reports and (b) place a security 22 freeze on their credit files at three consumer reporting agencies at a cost of up to $10 each (noting 23 also that placing, lifting, and/or removing security freezes could cost between $5 and $20 per 24 action). 25 32. Additional protections that are necessary to users whose security was hacked 26 include identity theft and credit monitoring, which tends to cost roughly $18 to $30 per month, 27 and identity theft insurance, which ranges from $25 to $60 per year. 28 6 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 33. In sum, the costs to date of Yahoo’s negligent handling of its users’ information 2 are significant, ranging from intangible loss of privacy to tangible financial harm, both known 3 and unknown. Meanwhile, the minimum cost to a user to take the basic precautionary measures 4 recommended by Yahoo itself would be $30, while a user taking reasonable precautions to obtain 5 identity theft and credit monitoring and identity theft insurance would have to spend between 6 $241 and $420 per year. 7 8 CLASS ACTION ALLEGATIONS 34. Plaintiffs bring this action on behalf of themselves and as a class action under Fed. 9 R. Civ. P. 23 on behalf of all persons (including businesses but excluding Defendant; its present 10 and former parents, subsidiaries, affiliates, and co-conspirators; and government entities) who fall 11 within the following Class (the “Class”): 12 13 14 15 All U.S. persons who possess or possessed Yahoo accounts subject to the 2013 data breach that was announced in December 2016. 35. Yahoo has provided its service to Class members across the nation during the relevant period. 16 36. The Class is so numerous that joinder of all members is impracticable. 17 37. There are questions of law and fact common to the Class, including: 18 19 a. its Terms of Service and Privacy Policy; 20 21 b. c. Whether Yahoo violated California unfair competition, consumer protection, and data privacy laws; and 24 25 Whether Yahoo breached the implied covenant of good faith and fair dealing; 22 23 Whether Yahoo breached the express and implied warranties contained in d. 38. The appropriate Class-wide measure of damages. Plaintiff and the Class were, at the time of the data breach, users of Yahoo 26 accounts. Plaintiff’s claim is typical of the claims of the Class, and the named Plaintiff will fairly 27 and adequately protect the interests of that Class. 28 7 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 39. The questions of law and fact common to the members of the Class predominate 2 over any questions affecting only individual members, including legal and factual issues relating 3 to liability and damages. 4 5 6 40. Plaintiffs are represented by counsel who are competent and experienced in the prosecution of class action litigation. 41. The prosecution of separate actions by individual members of the Class would also 7 create a risk of inconsistent or varying adjudications, establishing incompatible standards of 8 conduct for Defendant. 9 42. A class action is superior to other available methods for the fair and efficient 10 adjudication of this controversy. Individual claims are likely too small to prosecute economically 11 on an individual basis. Prosecution as a class action will eliminate the possibility of repetitious 12 litigation. Treatment as a class action will permit a large number of similarly situated persons to 13 adjudicate their common claims in a single forum simultaneously, efficiently, and without the 14 duplication of effort and expense that numerous individual actions would engender. This class 15 action presents no difficulties in management that would preclude maintenance as a class action. 16 CLAIMS FOR RELIEF 17 FIRST CAUSE OF ACTION 18 Breach of Contract 19 (Express Warranties) 20 21 22 43. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 44. Yahoo’s Privacy Policy is incorporated by reference into its Terms of Service, 23 which forms a binding contract between Yahoo and each user at the time of the creation of an 24 account. 25 26 45. Yahoo breached the contract with respect to at least the following four provisions of the Privacy Policy: 27 28 8 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 2 a. “We are committed to ensuring your information is protected and apply safeguards in accordance with applicable law.” 3 b. “Yahoo does not rent, sell, or share personal information about you with 4 other people or non-affiliated companies except to provide products or services you’ve requested, 5 when we have your permission, or under [certain inapplicable circumstances].” 6 c. “We limit access to personal information about you to employees who we 7 believe reasonably need to come into contact with that information to provide products or 8 services to you or in order to do their jobs.” 9 10 11 d. “We have physical, electronic, and procedural safeguards that comply with federal regulations to protect personal information about you.” 46. This breach caused injuries to Yahoo’s users as described herein. 12 SECOND CAUSE OF ACTION 13 Breach of Contract 14 (Implied Warranties) 15 16 17 47. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 48. To the extent that the Terms of Service and Privacy Policy did not form an express 18 contract, the opening of a Yahoo account created an implied contract between Yahoo and the 19 User, with its terms delineated as set forth supra by the Terms of Service and the Privacy Policy. 20 21 49. Yahoo breached such an implied contract by failing to adhere to the terms of the Privacy Policy. This breach caused injuries to Yahoo’s users as described herein. 22 THIRD CAUSE OF ACTION 23 Breach of Contract 24 (Bailment) 25 26 50. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 27 28 9 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 51. Under California common law and Cal Civ. Code §§ 1833 et seq., plaintiff and the 2 Class deposited their personally identifiable information with Yahoo for safekeeping and limited 3 use, thus rendering Yahoo liable for harm that came to class members’ personally identifiable 4 information through Yahoo’s negligence. 5 6 52. Yahoo allowed that information to become damaged through its negligent care and its wrongful use by others. This breach caused injuries to Yahoo’s users as described herein. 7 FOURTH CAUSE OF ACTION 8 Breach of the Implied Covenant of Good Faith and Fair Dealing 9 10 11 53. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 54. Under California law there is an implied covenant of good faith and fair dealing in 12 every contract that neither party will do anything which will injure the right of the other to receive 13 the benefits of the agreement. 14 55. Under the express and implied terms of the agreement entered into between Yahoo 15 and its users, users were to benefit through the use of Yahoo’s services, while Yahoo was to 16 benefit through the limited use of users’ data for advertising and product enhancement purposes. 17 56. Yahoo exhibited bad faith through its conscious awareness of and deliberate 18 indifference to the risks to users’ personally identifiable information, including by (a) using 19 password encryption standards that were long known to be unsafe, (b) taking no serious action in 20 response to past breaches, (c) falling well behind industry standards of cybersecurity, and (d) 21 under-investing in cybersecurity resources despite assurances to its users to the contrary. In doing 22 so, Yahoo acted well outside of commercially reasonable norms. 23 57. Yahoo, by exposing its users to vastly greater and more harmful exploitation of 24 their personally identifiable information than they had bargained for, breached the implied 25 covenant of good faith and fair dealing with respect to both the specific contractual terms in 26 Yahoo’s Privacy Policy and the implied warranties of its contractual relationship with its users. 27 This breach caused injuries to Yahoo’s users as described herein. 28 10 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 FIFTH CAUSE OF ACTION 2 Negligence 3 4 5 6 7 8 9 10 58. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 59. Yahoo’s users have an interest in the protection of their personally identifiable information. 60. Yahoo’s security practices fell below commercially reasonable standards with respect to the protection of that information. 61. Yahoo’s negligence was the cause of harm to consumers in the form of exposure of their personally identifiable information. 11 SIXTH CAUSE OF ACTION 12 Violation of California’s Unfair Competition Law (“UCL”), 13 Cal. Bus. & Prof. Code §§ 17200, et seq. 14 15 16 17 62. preceding paragraphs of the complaint. 63. a. b. c. Users have been deprived of the exclusive use of their personally identifiable information; 24 25 Users have had their present and future property interest in their personally identifiable information diminished; 22 23 Users have lost the benefit of the bargain they entered into when they entrusted their data to Yahoo; 20 21 Plaintiff and the class have suffered injury in fact and a loss of money or property in the following ways: 18 19 Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the d. Users will be required to enter into future costly transaction such as credit report freezes, credit and identity theft monitoring, identity theft insurance, etc.; and 26 e. Users are at imminent risk of future harm from identity theft. 27 28 11 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 2 64. Yahoo’s failure to secure users’ information was the proximate cause of these 65. Yahoo’s actions were unlawful in that they violated the Federal Trade Commission harms. 3 4 Act, see 15 U.S.C. § 45(n) (allowing the FTC to declare unlawful an act or practice that “causes 5 or is likely to cause substantial injury to consumers which is not reasonably avoidable by 6 consumers themselves and not outweighed by countervailing benefits to consumers or to 7 competition”), California’s Consumers Legal Remedies Act (see infra), and California’s Online 8 Privacy Protection Act (see infra). 9 10 66. Yahoo’s actions were also unfair within the meaning of California law in that its conduct was substantially injurious to consumers. 11 67. Yahoo’s actions were also fraudulent in that they represented a standard of care to 12 users upon the opening of their accounts that they knew or should have known to be false at the 13 time. 14 15 68. The Class members are entitled to restitution in the form of the diminished value of the personally identifiable information that they entrusted to Yahoo. 16 SEVENTH CAUSE OF ACTION 17 Violation of California’s Consumers Legal Remedies Act, 18 Cal. Bus. & Prof. Code §§ 1750 et seq. 19 20 69. preceding paragraphs of the complaint. 21 22 70. Yahoo users purchased services by grant of limited use of their personal information. 23 24 Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the 71. Yahoo represented that its services had characteristics, namely security of personal information, that they did not have. 25 72. Yahoo’s users suffered damages as a result of these misrepresentations, entitling 26 them to actual damages, restitution, punitive damages, and any other relief deemed proper by the 27 court. 28 12 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 EIGHTH CAUSE OF ACTION 2 Violation of California’s Online Privacy Protection Act, 3 Cal. Bus. & Prof. Code §§ 22575 et seq. 4 5 6 73. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 74. Yahoo is a commercial Web site or online service that collects personally 7 identifiable information through the Internet about individual consumers residing in California 8 who use or visit its commercial Web site or online service, within the meaning of California 9 Business and Professions Code § 22575(a). 10 75. Yahoo failed to adhere to its posted privacy policy knowingly and willfully, with 11 respect to the care it would take, and negligently and materially with respect to the extent of its 12 disclosure of users’ data, in violation of id. § 22576. 13 76. 14 described herein. This failure to adhere to its privacy policy caused injuries to Yahoo’s users as 15 NINTH CAUSE OF ACTION 16 Declaratory Relief 17 18 19 20 77. Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the preceding paragraphs of the complaint. 78. In connection with the active case and controversy between Plaintiff and Yahoo, Plaintiff seeks declaratory relief pursuant to 28 U.S.C. § 2201, declaring that: 21 a. To the extent plaintiff’s claims for express or implied warranties are 22 covered by Yahoo’s Terms of Service, the disclaimer of warranties contained in § 19.1 is 23 unconscionable and unenforceable; and 24 b. To the extent plaintiff’s claims are covered by Yahoo’s Terms of Service, 25 the limitation of liability in § 20 “resulting from . . . unauthorized access to . . . [users’] data” is 26 unconscionable and unenforceable, or precluded by federal and state law as recognized in § 21. 27 28 13 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 PRAYER FOR RELIEF 2 WHEREFORE, Plaintiffs pray as follows: 3 1. 4 under Fed. R. Civ. P. 23, and that Plaintiff be named representative of the Class. 5 6 2. 3. 4. 5. That Yahoo be adjudged to have violated the implied covenant of good faith and fair dealing with respect to its contractual relationship with users. 13 14 That Yahoo be adjudged liable as bailee for the harm to users’ personally identifiable information. 11 12 That Yahoo be adjudged to have breached the terms of its implied contract with users incorporating the Privacy Policy. 9 10 That Yahoo be adjudged to have breached the express terms of its contract with users contained in its Privacy Policy. 7 8 That the Court determines that this action may be maintained as a Class action 6. That Yahoo be adjudged to have negligently caused harm to users’ personal information, which was entrusted to its care. 15 7. That Yahoo be adjudged to have violated California’s Unfair Competition Law. 16 8. That Yahoo be adjudged to have violated California’s Consumer Legal Remedies 9. That Yahoo be adjudged to have violated California’s Online Privacy Protection 20 10. That any contractual provision purporting to limit or preclude these liabilities be 21 declared invalid. 22 11. 17 Act. 18 19 Act. That judgment be entered for Plaintiff and members of the Class against 23 Defendants for damages and special damages, including any punitive damages allowed by law, 24 together with the costs of this action, including reasonable attorneys’ fees. 25 12. That Plaintiff and the Class be awarded pre-judgment and post-judgment interest at 26 the highest legal rate from and after the date of service of this Complaint to the extent provided 27 by law. 28 14 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 2 13. That Plaintiff and members of the Class have such other, further, or different relief, as the case may require and the Court may deem just and proper under the circumstances. 3 4 5 Dated: December 27, 2016 MARC M. SELTZER STEVEN G. SKLAVER SUSMAN GODFREY L.L.P. 6 7 By: 8 9 /s/ Steven G. Sklaver Steven G. Sklaver Attorney for Plaintiff Aman Abye 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 15 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461 1 2 3 DEMAND FOR JURY TRIAL Plaintiff requests a jury trial on all matters so triable. Dated: December 27, 2016 MARC M. SELTZER STEVEN G. SKLAVER SUSMAN GODFREY L.L.P. 4 5 By: 6 7 /s/ Steven G. Sklaver Steven G. Sklaver Attorneys for Plaintiff Aman Abye 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 16 COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF 4689462v1/015461

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.


Why Is My Information Online?