Brown v. Accellion, Inc.
Filing
20
ORDER DENYING TRANSFER re: pldg. (3 in CAN/5:21-cv-01155, 3 in CAN/5:21-cv-01203, 3 in CAN/5:21-cv-01272, 4 in CAN/5:21-cv-01353, 3 in CAN/5:21-cv-01430, 4 in CAN/5:21-cv-01645, 4 in CAN/5:21-cv-01708, 4 in CAN/5:21-cv-01887, 4 in CAN/5:21-cv-02239, 10 in MDL No. 3002, 3 in MIE/2:21-cv-10657, 3 in MIE/2:21-cv-10671, 3 in OHS/1:21-cv-00146, 4 in OHS/1:21-cv-00174, 3 in OHS/1:21-cv-00198), ( 2 in MDL No. 3002), ( 1 in MDL No. 3002) The motion to transfer, pursuant to 28 U.S.C. 1407, is DENIEDSigned by Judge Karen K. Caldwell, Chair, PANEL ON MULTIDISTRIC T LITIGATION, on 6/7/2021. Associated Cases: MDL No. 3002, CAN/5:21-cv-01155, CAN/5:21-cv-01203, CAN/5:21-cv-01272, CAN/5:21-cv-01353, CAN/5:21-cv-01430, CAN/5:21-cv-01645, CAN/5:21-cv-01708, CAN/5:21-cv-01887, CAN/5:21-cv-02239, MIE/2:21-cv-10657, MIE/2:21-cv-10671, OHS/1:21-cv-00146, OHS/1:21-cv-00174, OHS/1:21-cv-00198 (DP)
UNITED STATES JUDICIAL PANEL
on
MULTIDISTRICT LITIGATION
IN RE: ACCELLION, INC., CUSTOMER
DATA SECURITY BREACH LITIGATION
MDL No. 3002
ORDER DENYING TRANSFER
Before the Panel: * Plaintiff in one Northern District of California action (Beyer), listed
on Schedule A, moves under 28 U.S.C. § 1407 to centralize this litigation in the Northern District
of California. The litigation consists of fourteen actions pending in three districts, as listed on
Schedule A. Since the motion was filed, the parties have notified the Panel of twelve related
federal actions pending in five districts.
Plaintiffs in two potential tag-along actions and defendant Accellion, Inc. (Accellion),
support the motion. All other responding parties oppose centralization, including plaintiffs in
fourteen actions and defendants Flagstar Bancorp, Inc., Flagstar Bank, FSB (together, Flagstar
Bank), and The Kroger Co. (Kroger). Plaintiffs in four actions alternatively support the Northern
District of California as transferee district. If the Panel centralizes this litigation over their
objections, Kroger suggests centralization in the Southern District of Ohio, and Flagstar Bank
suggests centralization in the Eastern District of Michigan or, alternatively, does not oppose
centralization in the Southern District of Ohio. Plaintiffs in two Southern District of Ohio actions
and one Northern District of California action alternatively suggest the Panel create defendantspecific MDLs in the home district of each defendant. 1
On the basis of the papers filed and the hearing session held, 2 we are not persuaded that
centralization is necessary for the convenience of the parties and witnesses or to further the just
*
One or more Panel members who could be members of the putative classes in this litigation have
renounced their participation in these classes and have participated in this decision.
1
Plaintiffs in one Ohio action presented this position as an alternative in their brief and plaintiff in
the other Ohio action did not include it in his brief. In their notices of intent to present oral
argument, plaintiffs in both Ohio actions assert they “[s]upport centralization of cases in home
districts of Defendant (Kroger to S.D. Ohio; Flagstar to E.D. Michigan; Accellion to N.D.
California).”
2
In light of the concerns about the spread of the COVID-19 virus (coronavirus), the Panel heard
oral argument by videoconference at its hearing session of May 27, 2021. See Suppl. Notice of
Hearing Session, MDL No. 3002 (J.P.M.L. May 10, 2021), ECF No. 77.
-2and efficient conduct of this litigation at this time. Proponents of centralization argue that these
actions share factual issues concerning a recently-disclosed breach of Accellion’s File Transfer
Appliance (FTA) product from mid-December 2020 into January 2021. Various Accellion clients,
including defendants Kroger and Flagstar Bank, used the FTA product. Plaintiffs here are these
clients’ customers and/or employees who allege their personally identifiable information and/or
protected health information were compromised in the breach. Of the 26 actions and potential tagalong actions now pending, nine name only Accellion as the defendant, ten name only one
Accellion client, and seven are multi-defendant actions naming Accellion and one of its clients
(Kroger, Flagstar Bank, or potential tag-along defendants Health Net of California, Inc., and
Health Net, LLC).
We find centralization of these actions unnecessary at this time. Most parties, including
two defendants, oppose centralization, and have cooperated to organize all but two actions into
three coordinated or consolidated proceedings pending in the Northern District of California
(actions against Accellion), the Eastern District of Michigan (actions against Flagstar Bank), and
the Southern District of Ohio (actions against Kroger). 3 The constituent actions are pending in
just three courts before three judges. There are now actions against Kroger and/or Accellion
pending in two additional districts (the Central District of Illinois and the Southern District of
Indiana), and there are seven multi-defendant actions pending in the Northern District of California
(six actions) and the Southern District of Indiana. But given the small number of involved courts
and the preference of most parties to informally coordinate, we find it a better alternative to Section
1407 centralization at this time. We see no reason to disrupt the parties’ efforts at informal
coordination when most agree that Section 1407 centralization would provide little or no benefit.
Indeed, “[w]e have emphasized that centralization under Section 1407 should be the last solution
after considered review of all other options.” In re Alteryx, Inc., Customer Data Sec. Breach Litig.,
291 F. Supp. 3d 1377, 1378 (J.P.M.L. 2018) (quotation omitted).
Additionally, any factual overlap among the actions as to Accellion’s FTA product, its
vulnerability to attack, and its alleged support of this “legacy” product may be eclipsed by factual
issues specific to each client defendant. Opponents of centralization argue that, rather than a single
data breach, there were numerous data breaches of each client defendant, occurring at different
times and involving each client defendant’s own servers. Moreover, each client defendant’s
3
We find centralization into defendant-specific MDLs—an alternative suggestion that was not
well-developed or defined in the parties’ briefing or oral argument—similarly premature. One
plaintiff suggested the Panel transfer each action to the district in which the “primary” defendant
is headquartered, but did not explain how the Panel would determine which defendant is “primary”
in each action. If Accellion is considered the primary defendant in each action in which it is
named, then only two actions would be transferred to the Northern District of California—the
Central District of Illinois and Southern District of Indiana potential tag-along actions—and these
actions were not included on the motion for centralization, but only noticed as related to the actions
on the motion. This potentially presents a procedural obstacle to any immediate centralization as
to those actions. See 28 U.S.C. § 1407(c) (requiring notice to the parties that centralization of the
actions is contemplated).
-3knowledge of the FTA’s alleged vulnerability to attack will be unique, as will Accellion’s alleged
efforts to urge each client to migrate to its newer file sharing product. Other unique factual issues
include when each client was made aware of a data breach and when it notified its customers and/or
employees. Proponents of centralization argue that even in the actions in which Accellion is not
named, it will be involved in some third-party discovery. But we are persuaded that such discovery
can be informally coordinated.
denied.
IT IS THEREFORE ORDERED that the motion for centralization of these actions is
PANEL ON MULTIDISTRICT LITIGATION
Karen K. Caldwell
Chair
Catherine D. Perry
Matthew F. Kennelly
Roger T. Benitez
Nathaniel M. Gorton
David C. Norton
Dale A. Kimball
IN RE: ACCELLION, INC., CUSTOMER
DATA SECURITY BREACH LITIGATION
MDL No. 3002
SCHEDULE A
Northern District of California
BROWN v. ACCELLION, INC., C.A. No. 5:21−01155
ZEBELMAN v. ACCELLION, INC., C.A. No. 5:21−01203
RODRIGUEZ v. ACCELLION, INC., C.A. No. 5:21−01272
STOBBE v. ACCELLION, INC., C.A. No. 5:21−01353
PRICE v. ACCELLION, INC., C.A. No. 5:21−01430
BOLTON v. ACCELLION, INC., C.A. No. 5:21−01645
WHITTAKER v. ACCELLION, INC., C.A. No. 5:21−01708
COCHRAN, ET AL. v. ACCELLION, INC., ET AL., C.A. No. 5:21−01887
BEYER v. FLAGSTAR BANCORP, INC., ET AL., C.A. No. 5:21−02239
Eastern District of Michigan
ANGUS, ET AL. v. FLAGSTAR BANK, FSB, C.A. No. 2:21−10657
GARCIA v. FLAGSTAR BANK, F.S.B., C.A. No. 2:21−10671
Southern District of Ohio
JONES v. THE KROGER COMPANY, C.A. No. 1:21−00146
GOVAERT, ET AL. v. THE KROGER COMPANY, C.A. No. 1:21−00174
DOTY, ET AL. v. THE KROGER COMPANY, C.A. No. 1:21−00198
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?