Brown v. Accellion, Inc.

Filing 20

ORDER DENYING TRANSFER re: pldg. (3 in CAN/5:21-cv-01155, 3 in CAN/5:21-cv-01203, 3 in CAN/5:21-cv-01272, 4 in CAN/5:21-cv-01353, 3 in CAN/5:21-cv-01430, 4 in CAN/5:21-cv-01645, 4 in CAN/5:21-cv-01708, 4 in CAN/5:21-cv-01887, 4 in CAN/5:21-cv-02239, 10 in MDL No. 3002, 3 in MIE/2:21-cv-10657, 3 in MIE/2:21-cv-10671, 3 in OHS/1:21-cv-00146, 4 in OHS/1:21-cv-00174, 3 in OHS/1:21-cv-00198), ( 2 in MDL No. 3002), ( 1 in MDL No. 3002) The motion to transfer, pursuant to 28 U.S.C. 1407, is DENIEDSigned by Judge Karen K. Caldwell, Chair, PANEL ON MULTIDISTRIC T LITIGATION, on 6/7/2021. Associated Cases: MDL No. 3002, CAN/5:21-cv-01155, CAN/5:21-cv-01203, CAN/5:21-cv-01272, CAN/5:21-cv-01353, CAN/5:21-cv-01430, CAN/5:21-cv-01645, CAN/5:21-cv-01708, CAN/5:21-cv-01887, CAN/5:21-cv-02239, MIE/2:21-cv-10657, MIE/2:21-cv-10671, OHS/1:21-cv-00146, OHS/1:21-cv-00174, OHS/1:21-cv-00198 (DP)

Download PDF
UNITED STATES JUDICIAL PANEL on MULTIDISTRICT LITIGATION IN RE: ACCELLION, INC., CUSTOMER DATA SECURITY BREACH LITIGATION MDL No. 3002 ORDER DENYING TRANSFER Before the Panel: * Plaintiff in one Northern District of California action (Beyer), listed on Schedule A, moves under 28 U.S.C. § 1407 to centralize this litigation in the Northern District of California. The litigation consists of fourteen actions pending in three districts, as listed on Schedule A. Since the motion was filed, the parties have notified the Panel of twelve related federal actions pending in five districts. Plaintiffs in two potential tag-along actions and defendant Accellion, Inc. (Accellion), support the motion. All other responding parties oppose centralization, including plaintiffs in fourteen actions and defendants Flagstar Bancorp, Inc., Flagstar Bank, FSB (together, Flagstar Bank), and The Kroger Co. (Kroger). Plaintiffs in four actions alternatively support the Northern District of California as transferee district. If the Panel centralizes this litigation over their objections, Kroger suggests centralization in the Southern District of Ohio, and Flagstar Bank suggests centralization in the Eastern District of Michigan or, alternatively, does not oppose centralization in the Southern District of Ohio. Plaintiffs in two Southern District of Ohio actions and one Northern District of California action alternatively suggest the Panel create defendantspecific MDLs in the home district of each defendant. 1 On the basis of the papers filed and the hearing session held, 2 we are not persuaded that centralization is necessary for the convenience of the parties and witnesses or to further the just * One or more Panel members who could be members of the putative classes in this litigation have renounced their participation in these classes and have participated in this decision. 1 Plaintiffs in one Ohio action presented this position as an alternative in their brief and plaintiff in the other Ohio action did not include it in his brief. In their notices of intent to present oral argument, plaintiffs in both Ohio actions assert they “[s]upport centralization of cases in home districts of Defendant (Kroger to S.D. Ohio; Flagstar to E.D. Michigan; Accellion to N.D. California).” 2 In light of the concerns about the spread of the COVID-19 virus (coronavirus), the Panel heard oral argument by videoconference at its hearing session of May 27, 2021. See Suppl. Notice of Hearing Session, MDL No. 3002 (J.P.M.L. May 10, 2021), ECF No. 77. -2and efficient conduct of this litigation at this time. Proponents of centralization argue that these actions share factual issues concerning a recently-disclosed breach of Accellion’s File Transfer Appliance (FTA) product from mid-December 2020 into January 2021. Various Accellion clients, including defendants Kroger and Flagstar Bank, used the FTA product. Plaintiffs here are these clients’ customers and/or employees who allege their personally identifiable information and/or protected health information were compromised in the breach. Of the 26 actions and potential tagalong actions now pending, nine name only Accellion as the defendant, ten name only one Accellion client, and seven are multi-defendant actions naming Accellion and one of its clients (Kroger, Flagstar Bank, or potential tag-along defendants Health Net of California, Inc., and Health Net, LLC). We find centralization of these actions unnecessary at this time. Most parties, including two defendants, oppose centralization, and have cooperated to organize all but two actions into three coordinated or consolidated proceedings pending in the Northern District of California (actions against Accellion), the Eastern District of Michigan (actions against Flagstar Bank), and the Southern District of Ohio (actions against Kroger). 3 The constituent actions are pending in just three courts before three judges. There are now actions against Kroger and/or Accellion pending in two additional districts (the Central District of Illinois and the Southern District of Indiana), and there are seven multi-defendant actions pending in the Northern District of California (six actions) and the Southern District of Indiana. But given the small number of involved courts and the preference of most parties to informally coordinate, we find it a better alternative to Section 1407 centralization at this time. We see no reason to disrupt the parties’ efforts at informal coordination when most agree that Section 1407 centralization would provide little or no benefit. Indeed, “[w]e have emphasized that centralization under Section 1407 should be the last solution after considered review of all other options.” In re Alteryx, Inc., Customer Data Sec. Breach Litig., 291 F. Supp. 3d 1377, 1378 (J.P.M.L. 2018) (quotation omitted). Additionally, any factual overlap among the actions as to Accellion’s FTA product, its vulnerability to attack, and its alleged support of this “legacy” product may be eclipsed by factual issues specific to each client defendant. Opponents of centralization argue that, rather than a single data breach, there were numerous data breaches of each client defendant, occurring at different times and involving each client defendant’s own servers. Moreover, each client defendant’s 3 We find centralization into defendant-specific MDLs—an alternative suggestion that was not well-developed or defined in the parties’ briefing or oral argument—similarly premature. One plaintiff suggested the Panel transfer each action to the district in which the “primary” defendant is headquartered, but did not explain how the Panel would determine which defendant is “primary” in each action. If Accellion is considered the primary defendant in each action in which it is named, then only two actions would be transferred to the Northern District of California—the Central District of Illinois and Southern District of Indiana potential tag-along actions—and these actions were not included on the motion for centralization, but only noticed as related to the actions on the motion. This potentially presents a procedural obstacle to any immediate centralization as to those actions. See 28 U.S.C. § 1407(c) (requiring notice to the parties that centralization of the actions is contemplated). -3knowledge of the FTA’s alleged vulnerability to attack will be unique, as will Accellion’s alleged efforts to urge each client to migrate to its newer file sharing product. Other unique factual issues include when each client was made aware of a data breach and when it notified its customers and/or employees. Proponents of centralization argue that even in the actions in which Accellion is not named, it will be involved in some third-party discovery. But we are persuaded that such discovery can be informally coordinated. denied. IT IS THEREFORE ORDERED that the motion for centralization of these actions is PANEL ON MULTIDISTRICT LITIGATION Karen K. Caldwell Chair Catherine D. Perry Matthew F. Kennelly Roger T. Benitez Nathaniel M. Gorton David C. Norton Dale A. Kimball IN RE: ACCELLION, INC., CUSTOMER DATA SECURITY BREACH LITIGATION MDL No. 3002 SCHEDULE A Northern District of California BROWN v. ACCELLION, INC., C.A. No. 5:21−01155 ZEBELMAN v. ACCELLION, INC., C.A. No. 5:21−01203 RODRIGUEZ v. ACCELLION, INC., C.A. No. 5:21−01272 STOBBE v. ACCELLION, INC., C.A. No. 5:21−01353 PRICE v. ACCELLION, INC., C.A. No. 5:21−01430 BOLTON v. ACCELLION, INC., C.A. No. 5:21−01645 WHITTAKER v. ACCELLION, INC., C.A. No. 5:21−01708 COCHRAN, ET AL. v. ACCELLION, INC., ET AL., C.A. No. 5:21−01887 BEYER v. FLAGSTAR BANCORP, INC., ET AL., C.A. No. 5:21−02239 Eastern District of Michigan ANGUS, ET AL. v. FLAGSTAR BANK, FSB, C.A. No. 2:21−10657 GARCIA v. FLAGSTAR BANK, F.S.B., C.A. No. 2:21−10671 Southern District of Ohio JONES v. THE KROGER COMPANY, C.A. No. 1:21−00146 GOVAERT, ET AL. v. THE KROGER COMPANY, C.A. No. 1:21−00174 DOTY, ET AL. v. THE KROGER COMPANY, C.A. No. 1:21−00198

Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.

Why Is My Information Online?