Aman Abye v. Yahoo! Inc.
Filing
1
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF against Yahoo! Inc. ( Filing fee $ 400, receipt number 0971-11034415.). Filed byAman Abye. (Sklaver, Steven) (Filed on 12/27/2016)
1
5
MARC M. SELTZER (54534)
mseltzer@susmangodfrey.com
STEVEN G. SKLAVER (237612)
sklaver@susmangodfrey.com
SUSMAN GODFREY L.L.P.
1901 Avenue of the Stars, Suite 950
Los Angeles, California 90067-6029
[Tel.] (310) 789-3100
[Fax] (310) 789-3150
6
Attorney for Plaintiff Aman Abye
2
3
4
7
8
9
UNITED STATES DISTRICT COURT
10
NORTHERN DISTRICT OF CALIFORNIA
11
SAN JOSE DIVISION
12
13
14
AMAN ABYE, on behalf of himself and all
others similarly situated,
CLASS ACTION
15
16
17
Case No: 5-16-cv-7354
Plaintiff,
vs.
COMPLAINT FOR DAMAGES AND
DECLARATORY RELIEF
YAHOO! INC.
18
Defendant.
19
20
21
22
23
24
25
26
27
28
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
Plaintiff, by and through his attorneys, complains and alleges as follows:
2
3
INTRODUCTION
1.
Yahoo! Inc. (“Yahoo”) is a multinational technology company that operates a
4
search engine and web portal, along with a host of related services including Yahoo! News,
5
Yahoo! Finance, Yahoo! Mail, and more. It is the world’s highest-read news and multimedia
6
website and the fifth most visited website globally, with over 1 billion total users and hundreds of
7
millions of monthly users.
8
2.
On December 14, 2016, Yahoo announced that a 2013 data breach had
9
compromised the account information of over 1 billion users (“2013 Breach”). The breach
10
included MD5-hashed (i.e., weakly) encrypted passwords; sensitive user information such as
11
names, telephone numbers, and dates of birth; and encrypted and unencrypted answers to security
12
questions that could be used to compromise other accounts.
13
14
15
3.
This breach was the result of substandard data security practices that, by 2013,
were well known in the technology field to leave Yahoo particularly vulnerable to intrusion.
4.
The December 2016 announcement followed shortly on the heels of a September
16
2016 announcement that at least 500 million user accounts had been compromised in a separate
17
2014 data breach, which is already the subject of litigation in this District.
18
5.
This is a class action brought on behalf of a nationwide Class of Yahoo account
19
owners—described herein as “users”—for breach of express and implied warranties of contract,
20
breach of the implied covenant of good faith and fair dealing, and violation of California unfair
21
competition, consumer protection, and data privacy laws. All allegations herein are based on
22
information and belief except for those relating to Plaintiff and his own actions.
23
6.
Plaintiff seeks damages stemming from at least the following:
24
a.
Loss of value of personally identifiable information;
25
b.
Consequential out-of-pocket expenses;
26
c.
Benefit of the bargain loss; and
27
d.
Punitive damages.
28
1
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
2
JURISDICTION AND VENUE
7.
Plaintiff brings this class action on behalf of all United States Yahoo users whose
3
accounts were affected. As less than one third of the members of the proposed class are likely to
4
reside in California, this Court has subject matter jurisdiction over these claims pursuant to 28
5
U.S.C. § 1332(d).
6
8.
Venue is proper pursuant to 28 U.S.C. § 1391(b).
7
9.
Class members were injured in this District and Yahoo is headquartered in this
8
District.
9
10
PARTIES
10.
Plaintiff Aman Abye is a California resident who, like other members of the class,
11
received an email on December 14, 2016, notifying him that his personal information had been
12
compromised.
13
14
11.
Defendant Yahoo! Inc. is a Delaware Limited Liability Company and has its
headquarters and principal place of business at 701 First Avenue, Sunnyvale, CA.
15
FACTUAL ALLEGATIONS
16
A.
Yahoo’s Business
17
12.
Yahoo describes itself as “a guide to digital information discovery, focused on
18
informing, connecting, and entertaining through its search, communications, and digital content
19
products,” and claims more than 500 million monthly users.
20
13.
Yahoo’s business consists of three user-oriented areas: search, communications,
21
and digital content. In October 2016, Yahoo Search handled 11.7% of all U.S. search queries, or
22
1.78 billion search queries. Yahoo Mail is the second-most popular email service based on
23
website visits and has 81 million U.S. users, and Yahoo Mail generates significant revenue for
24
Yahoo. Yahoo’s messaging and social media platforms contribute significantly to revenue as
25
well. Yahoo’s digital content includes News, Sports, Finance, Lifestyle, and more. These areas
26
combine to make Yahoo sites cumulatively the fifth most visited on the web.
27
28
2
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
14.
Yahoo derives virtually the entirety of its revenue from advertising through search,
2
display, and native advertising, including mobile advertising. Critical to Yahoo’s appeal to
3
advertisers is their ability to target advertisements based upon personal information. Yahoo
4
prominently features this ability to collect personal information, target specific demographics, and
5
track users’ browsing and offline habits in its pitch to advertisers.
6
B.
Yahoo’s Data Security Practices
7
15.
Yahoo’s overall security has long been known as unusually lax among its Internet
8
competitors. Yahoo did not hire a dedicated chief information security officer until 2014, four
9
years after a major breach across technology companies had prompted competitors such as
10
Google to rapidly improve their information security, and one year after information leaked by
11
Edward Snowden identified Yahoo as a frequent target of foreign hackers due to its vulnerability.
12
Within Yahoo, security concerns were repeatedly dismissed out of concern for cost and user
13
convenience. For example, while Google began in 2010 to pay hackers “bug bounties” to identify
14
security flaws in its services, Yahoo did not follow suit until 2013, after large-scale breaches were
15
made public in 2012 and 2013. See generally Nicole Perlroth & Vindu Goel, “Defending Against
16
Hackers Took a Back Seat at Yahoo, Insiders Say,” N.Y. TIMES, Sept. 29, 2016, at B1.
17
16.
Despite numerous past breaches, it was not until this year’s set of massive data
18
breaches were announced that Yahoo took the simplest and most obvious step of requiring all
19
users to reset their passwords. Yahoo’s reticence in disclosing and reacting to data breaches
20
undoubtedly compounded the harm caused by the data breach underlying this litigation.
21
17.
Yahoo’s password security, as of the 2013 Breach, was based upon the Message
22
Digest algorithm 5 (“MD5”) hash method. An MD5 hash turns any combination of characters
23
into a theoretically unique hash of characters that cannot be reverse-engineered. However, any
24
given combination of characters will always return the same hash; for example, “password” will
25
always return a hash of “cc3a0280e4fc1415930899896574e118,” so that if a hacker finds that
26
hash he or she can deduce that the user’s password is “password.”
27
28
3
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
18.
Long before the 2013 Breach, this method was widely used in cryptographic
2
security, because a hacker would have to guess the precise password ex ante and compare the
3
hash values. However, as computer processing became ever cheaper and more powerful long
4
before the 2013 Breach, breaking hashes through brute force computing became ever more
5
feasible. At the time of the 2013 Breach, the MD5 hash technique used by Yahoo was widely
6
known to be a wholly inadequate method of password security. In fact, at the time, there were
7
tables freely available online that contain vast numbers of hash values corresponding to the most
8
common passwords.
9
19.
In addition, flaws in the hashing algorithm itself started to become apparent in
10
1996, such that two different inputs could “collide” and generate the same hash. By 2004
11
researchers demonstrated that a hacker could use a “collision attack” based upon these flaws to
12
spoof a security certificate and cause a user to provide information to a malicious website. This
13
vulnerability caused Carnegie Mellon University’s Software Engineering Institute’s CERT
14
division, which is sponsored by the Department of Homeland Security, to warn that “[s]oftware
15
developers, Certification Authorities, website owners, and users should avoid using the MD5
16
algorithm in any capacity,” declaring the MD5 algorithm “cryptographically broken and
17
unsuitable for further use.”
18
20.
While Yahoo realized internally the need to move away from the MD5 method at
19
the time of the 2013 Breach, and had started on plans for doing so, it was far too late in making
20
these plans and was still using this inadequate method at the time of the 2013 Breach. Moreover,
21
Brian Krebs, a leading data security researcher discussing the 2013 Breach, concluded that “even
22
by 2013 anyone with half a clue in securing passwords already long ago knew that storing
23
passwords in MD5 format was no longer acceptable and [an] altogether braindead idea.”
24
21.
As a result of Yahoo’s outdated password encryption technology, hackers who
25
have acquired MD5-hashed passwords can easily reverse-engineer a vast number of users’
26
passwords and gain access to their accounts.
27
28
4
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
C.
The 2013 Breach
2
22.
On December 14, 2016, Yahoo disclosed that over one billion user accounts had
3
been compromised. It stated that “the stolen user account information may have included names,
4
email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some
5
cases, encrypted or unencrypted security questions and answers.”
6
23.
Yahoo has not yet been able to identify how the 2013 Breach occurred, though it
7
believes the same eastern European hackers responsible for a later 2014 data breach may have
8
been involved.
9
24.
While the mechanisms of the 2013 breach are unclear, the potential consequences
10
are immense. As early as 2015 security researchers had found hackers on the “dark web” offering
11
to sell information on 1 billion Yahoo users.
12
intermediary to inform Yahoo, but were dismissed. Accordingly, despite the availability of user
13
data for sale, Yahoo has professed ignorance of the breach until it was informed by government
14
agencies.
15
D.
Yahoo’s Violation of Its Terms of Service
16
25.
Upon information and belief, every user who creates a Yahoo account must agree,
These researchers had attempted through an
17
at the time, to Yahoo’s terms of service. Accordingly, every user whose account information was
18
disclosed in the 2013 breach would already have entered into the Terms of Service with Yahoo.
19
26.
Yahoo’s Terms of Service incorporate by reference its Privacy Policy, which
20
states, inter alia:
21
a.
22
“We are committed to ensuring your information is protected and apply
safeguards in accordance with applicable law.”
23
b.
“Yahoo does not rent, sell, or share personal information about you with
24
other people or non-affiliated companies except to provide products or services you’ve requested,
25
when we have your permission, or under [certain inapplicable circumstances].”
26
27
28
5
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
c.
“We limit access to personal information about you to employees who we
2
believe reasonably need to come into contact with that information to provide products or
3
services to you or in order to do their jobs.”
4
5
6
d.
“We have physical, electronic, and procedural safeguards that comply with
federal regulations to protect personal information about you.”
27.
Contrary to Yahoo’s assurances, it has not complied with its legal and regulatory
7
obligations. The Federal Trade Commission (“FTC”) has come to define unfair methods of
8
competition through three factors: “(1) whether the practice injures consumers; (2) whether it
9
violates established public policy; (3) whether it is unethical or unscrupulous.” The FTC has used
10
this definition to bring enforcement actions on numerous occasions against entities that have
11
failed to protect consumers’ privacy.
12
13
14
15
28.
Yahoo included these provisions in its privacy policy with the intent and effect that
users would rely upon them in entrusting their sensitive personal information to Yahoo.
29.
Contrary to Yahoo’s assurances, it has not protected users’ data from other people,
nor has it limited access to personal information to certain employees.
16
E.
Consequences of Yahoo’s Breach
17
30.
Information from the Yahoo accounts has been for sale on the “dark web” since at
18
least August 2015. Such information could be used for identity theft, to propagate spam emails to
19
users’ contacts, to access to users’ other accounts, and for blackmail, among other uses.
20
31.
Yahoo, in an online FAQ about the December 2016 breach, specifically
21
recommended that, among other steps, users (a) obtain credit reports and (b) place a security
22
freeze on their credit files at three consumer reporting agencies at a cost of up to $10 each (noting
23
also that placing, lifting, and/or removing security freezes could cost between $5 and $20 per
24
action).
25
32.
Additional protections that are necessary to users whose security was hacked
26
include identity theft and credit monitoring, which tends to cost roughly $18 to $30 per month,
27
and identity theft insurance, which ranges from $25 to $60 per year.
28
6
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
33.
In sum, the costs to date of Yahoo’s negligent handling of its users’ information
2
are significant, ranging from intangible loss of privacy to tangible financial harm, both known
3
and unknown. Meanwhile, the minimum cost to a user to take the basic precautionary measures
4
recommended by Yahoo itself would be $30, while a user taking reasonable precautions to obtain
5
identity theft and credit monitoring and identity theft insurance would have to spend between
6
$241 and $420 per year.
7
8
CLASS ACTION ALLEGATIONS
34.
Plaintiffs bring this action on behalf of themselves and as a class action under Fed.
9
R. Civ. P. 23 on behalf of all persons (including businesses but excluding Defendant; its present
10
and former parents, subsidiaries, affiliates, and co-conspirators; and government entities) who fall
11
within the following Class (the “Class”):
12
13
14
15
All U.S. persons who possess or possessed Yahoo accounts subject to the 2013 data
breach that was announced in December 2016.
35.
Yahoo has provided its service to Class members across the nation during the
relevant period.
16
36.
The Class is so numerous that joinder of all members is impracticable.
17
37.
There are questions of law and fact common to the Class, including:
18
19
a.
its Terms of Service and Privacy Policy;
20
21
b.
c.
Whether Yahoo violated California unfair competition, consumer
protection, and data privacy laws; and
24
25
Whether Yahoo breached the implied covenant of good faith and fair
dealing;
22
23
Whether Yahoo breached the express and implied warranties contained in
d.
38.
The appropriate Class-wide measure of damages.
Plaintiff and the Class were, at the time of the data breach, users of Yahoo
26
accounts. Plaintiff’s claim is typical of the claims of the Class, and the named Plaintiff will fairly
27
and adequately protect the interests of that Class.
28
7
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
39.
The questions of law and fact common to the members of the Class predominate
2
over any questions affecting only individual members, including legal and factual issues relating
3
to liability and damages.
4
5
6
40.
Plaintiffs are represented by counsel who are competent and experienced in the
prosecution of class action litigation.
41.
The prosecution of separate actions by individual members of the Class would also
7
create a risk of inconsistent or varying adjudications, establishing incompatible standards of
8
conduct for Defendant.
9
42.
A class action is superior to other available methods for the fair and efficient
10
adjudication of this controversy. Individual claims are likely too small to prosecute economically
11
on an individual basis. Prosecution as a class action will eliminate the possibility of repetitious
12
litigation. Treatment as a class action will permit a large number of similarly situated persons to
13
adjudicate their common claims in a single forum simultaneously, efficiently, and without the
14
duplication of effort and expense that numerous individual actions would engender. This class
15
action presents no difficulties in management that would preclude maintenance as a class action.
16
CLAIMS FOR RELIEF
17
FIRST CAUSE OF ACTION
18
Breach of Contract
19
(Express Warranties)
20
21
22
43.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
44.
Yahoo’s Privacy Policy is incorporated by reference into its Terms of Service,
23
which forms a binding contract between Yahoo and each user at the time of the creation of an
24
account.
25
26
45.
Yahoo breached the contract with respect to at least the following four provisions
of the Privacy Policy:
27
28
8
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
2
a.
“We are committed to ensuring your information is protected and apply
safeguards in accordance with applicable law.”
3
b.
“Yahoo does not rent, sell, or share personal information about you with
4
other people or non-affiliated companies except to provide products or services you’ve requested,
5
when we have your permission, or under [certain inapplicable circumstances].”
6
c.
“We limit access to personal information about you to employees who we
7
believe reasonably need to come into contact with that information to provide products or
8
services to you or in order to do their jobs.”
9
10
11
d.
“We have physical, electronic, and procedural safeguards that comply with
federal regulations to protect personal information about you.”
46.
This breach caused injuries to Yahoo’s users as described herein.
12
SECOND CAUSE OF ACTION
13
Breach of Contract
14
(Implied Warranties)
15
16
17
47.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
48.
To the extent that the Terms of Service and Privacy Policy did not form an express
18
contract, the opening of a Yahoo account created an implied contract between Yahoo and the
19
User, with its terms delineated as set forth supra by the Terms of Service and the Privacy Policy.
20
21
49.
Yahoo breached such an implied contract by failing to adhere to the terms of the
Privacy Policy. This breach caused injuries to Yahoo’s users as described herein.
22
THIRD CAUSE OF ACTION
23
Breach of Contract
24
(Bailment)
25
26
50.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
27
28
9
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
51.
Under California common law and Cal Civ. Code §§ 1833 et seq., plaintiff and the
2
Class deposited their personally identifiable information with Yahoo for safekeeping and limited
3
use, thus rendering Yahoo liable for harm that came to class members’ personally identifiable
4
information through Yahoo’s negligence.
5
6
52.
Yahoo allowed that information to become damaged through its negligent care and
its wrongful use by others. This breach caused injuries to Yahoo’s users as described herein.
7
FOURTH CAUSE OF ACTION
8
Breach of the Implied Covenant of Good Faith and Fair Dealing
9
10
11
53.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
54.
Under California law there is an implied covenant of good faith and fair dealing in
12
every contract that neither party will do anything which will injure the right of the other to receive
13
the benefits of the agreement.
14
55.
Under the express and implied terms of the agreement entered into between Yahoo
15
and its users, users were to benefit through the use of Yahoo’s services, while Yahoo was to
16
benefit through the limited use of users’ data for advertising and product enhancement purposes.
17
56.
Yahoo exhibited bad faith through its conscious awareness of and deliberate
18
indifference to the risks to users’ personally identifiable information, including by (a) using
19
password encryption standards that were long known to be unsafe, (b) taking no serious action in
20
response to past breaches, (c) falling well behind industry standards of cybersecurity, and (d)
21
under-investing in cybersecurity resources despite assurances to its users to the contrary. In doing
22
so, Yahoo acted well outside of commercially reasonable norms.
23
57.
Yahoo, by exposing its users to vastly greater and more harmful exploitation of
24
their personally identifiable information than they had bargained for, breached the implied
25
covenant of good faith and fair dealing with respect to both the specific contractual terms in
26
Yahoo’s Privacy Policy and the implied warranties of its contractual relationship with its users.
27
This breach caused injuries to Yahoo’s users as described herein.
28
10
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
FIFTH CAUSE OF ACTION
2
Negligence
3
4
5
6
7
8
9
10
58.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
59.
Yahoo’s users have an interest in the protection of their personally identifiable
information.
60.
Yahoo’s security practices fell below commercially reasonable standards with
respect to the protection of that information.
61.
Yahoo’s negligence was the cause of harm to consumers in the form of exposure
of their personally identifiable information.
11
SIXTH CAUSE OF ACTION
12
Violation of California’s Unfair Competition Law (“UCL”),
13
Cal. Bus. & Prof. Code §§ 17200, et seq.
14
15
16
17
62.
preceding paragraphs of the complaint.
63.
a.
b.
c.
Users have been deprived of the exclusive use of their personally
identifiable information;
24
25
Users have had their present and future property interest in their personally
identifiable information diminished;
22
23
Users have lost the benefit of the bargain they entered into when they
entrusted their data to Yahoo;
20
21
Plaintiff and the class have suffered injury in fact and a loss of money or property
in the following ways:
18
19
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
d.
Users will be required to enter into future costly transaction such as credit
report freezes, credit and identity theft monitoring, identity theft insurance, etc.; and
26
e.
Users are at imminent risk of future harm from identity theft.
27
28
11
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
2
64.
Yahoo’s failure to secure users’ information was the proximate cause of these
65.
Yahoo’s actions were unlawful in that they violated the Federal Trade Commission
harms.
3
4
Act, see 15 U.S.C. § 45(n) (allowing the FTC to declare unlawful an act or practice that “causes
5
or is likely to cause substantial injury to consumers which is not reasonably avoidable by
6
consumers themselves and not outweighed by countervailing benefits to consumers or to
7
competition”), California’s Consumers Legal Remedies Act (see infra), and California’s Online
8
Privacy Protection Act (see infra).
9
10
66.
Yahoo’s actions were also unfair within the meaning of California law in that its
conduct was substantially injurious to consumers.
11
67.
Yahoo’s actions were also fraudulent in that they represented a standard of care to
12
users upon the opening of their accounts that they knew or should have known to be false at the
13
time.
14
15
68.
The Class members are entitled to restitution in the form of the diminished value
of the personally identifiable information that they entrusted to Yahoo.
16
SEVENTH CAUSE OF ACTION
17
Violation of California’s Consumers Legal Remedies Act,
18
Cal. Bus. & Prof. Code §§ 1750 et seq.
19
20
69.
preceding paragraphs of the complaint.
21
22
70.
Yahoo users purchased services by grant of limited use of their personal
information.
23
24
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
71.
Yahoo represented that its services had characteristics, namely security of personal
information, that they did not have.
25
72.
Yahoo’s users suffered damages as a result of these misrepresentations, entitling
26
them to actual damages, restitution, punitive damages, and any other relief deemed proper by the
27
court.
28
12
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
EIGHTH CAUSE OF ACTION
2
Violation of California’s Online Privacy Protection Act,
3
Cal. Bus. & Prof. Code §§ 22575 et seq.
4
5
6
73.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
74.
Yahoo is a commercial Web site or online service that collects personally
7
identifiable information through the Internet about individual consumers residing in California
8
who use or visit its commercial Web site or online service, within the meaning of California
9
Business and Professions Code § 22575(a).
10
75.
Yahoo failed to adhere to its posted privacy policy knowingly and willfully, with
11
respect to the care it would take, and negligently and materially with respect to the extent of its
12
disclosure of users’ data, in violation of id. § 22576.
13
76.
14
described herein.
This failure to adhere to its privacy policy caused injuries to Yahoo’s users as
15
NINTH CAUSE OF ACTION
16
Declaratory Relief
17
18
19
20
77.
Plaintiff, on behalf of himself and the Class, incorporates and re-alleges the
preceding paragraphs of the complaint.
78.
In connection with the active case and controversy between Plaintiff and Yahoo,
Plaintiff seeks declaratory relief pursuant to 28 U.S.C. § 2201, declaring that:
21
a.
To the extent plaintiff’s claims for express or implied warranties are
22
covered by Yahoo’s Terms of Service, the disclaimer of warranties contained in § 19.1 is
23
unconscionable and unenforceable; and
24
b.
To the extent plaintiff’s claims are covered by Yahoo’s Terms of Service,
25
the limitation of liability in § 20 “resulting from . . . unauthorized access to . . . [users’] data” is
26
unconscionable and unenforceable, or precluded by federal and state law as recognized in § 21.
27
28
13
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
PRAYER FOR RELIEF
2
WHEREFORE, Plaintiffs pray as follows:
3
1.
4
under Fed. R. Civ. P. 23, and that Plaintiff be named representative of the Class.
5
6
2.
3.
4.
5.
That Yahoo be adjudged to have violated the implied covenant of good faith and
fair dealing with respect to its contractual relationship with users.
13
14
That Yahoo be adjudged liable as bailee for the harm to users’ personally
identifiable information.
11
12
That Yahoo be adjudged to have breached the terms of its implied contract with
users incorporating the Privacy Policy.
9
10
That Yahoo be adjudged to have breached the express terms of its contract with
users contained in its Privacy Policy.
7
8
That the Court determines that this action may be maintained as a Class action
6.
That Yahoo be adjudged to have negligently caused harm to users’ personal
information, which was entrusted to its care.
15
7.
That Yahoo be adjudged to have violated California’s Unfair Competition Law.
16
8.
That Yahoo be adjudged to have violated California’s Consumer Legal Remedies
9.
That Yahoo be adjudged to have violated California’s Online Privacy Protection
20
10.
That any contractual provision purporting to limit or preclude these liabilities be
21
declared invalid.
22
11.
17
Act.
18
19
Act.
That judgment be entered for Plaintiff and members of the Class against
23
Defendants for damages and special damages, including any punitive damages allowed by law,
24
together with the costs of this action, including reasonable attorneys’ fees.
25
12.
That Plaintiff and the Class be awarded pre-judgment and post-judgment interest at
26
the highest legal rate from and after the date of service of this Complaint to the extent provided
27
by law.
28
14
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
2
13.
That Plaintiff and members of the Class have such other, further, or different
relief, as the case may require and the Court may deem just and proper under the circumstances.
3
4
5
Dated: December 27, 2016
MARC M. SELTZER
STEVEN G. SKLAVER
SUSMAN GODFREY L.L.P.
6
7
By:
8
9
/s/ Steven G. Sklaver
Steven G. Sklaver
Attorney for Plaintiff Aman Abye
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
15
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
1
2
3
DEMAND FOR JURY TRIAL
Plaintiff requests a jury trial on all matters so triable.
Dated: December 27, 2016
MARC M. SELTZER
STEVEN G. SKLAVER
SUSMAN GODFREY L.L.P.
4
5
By:
6
7
/s/ Steven G. Sklaver
Steven G. Sklaver
Attorneys for Plaintiff Aman Abye
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
16
COMPLAINT FOR DAMAGES AND DECLARATORY RELIEF
4689462v1/015461
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?