Nothing Would Make Data Breach MDL Certifiable as Class Action, Says Samsung
U.S. District Judge Christine O’Hearn for New Jersey in Camden signed an order Tuesday (docket 1:23-md-03055) in the Samsung data breach multidistrict litigation that grants the parties’ stipulation setting Sept. 22 as the deadline for the plaintiffs’ opposition to Samsung’s Aug. 11 motion to strike the amended consolidated complaint’s class allegations. Samsung filed the motion to strike concurrently with the motion to dismiss (see 2308140053).
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
For “purposes of efficiency,” the parties had asked O’Hearn to adopt a briefing schedule on the motion to strike that tracks the same briefing schedule as the motion to dismiss, and the judge agreed. Samsung’s replies in support of both motions are due Oct. 20, said the order.
Samsung reassured customers when it disclosed the data breach Sept. 2 that the hack didn’t expose “sensitive information necessary to commit identity theft or fraud,” said its brief in support of its motion to strike. The affected data “was limited to non-sensitive information” such as name, contact and demographic information, plus date of birth and product registration information, it said.
But despite the “benign nature” of the affected data, the MDL’s amended consolidated complaint “cobbles together 49 individuals from 34 states alleging violations of numerous different state laws based on sharply diverging experiences and injuries” that the plaintiffs attribute to the data breach, said the brief. In light of the “divergent experiences” of just the 49 named plaintiffs, “the reality is that no factual development could alter the conclusion that this case cannot be certified as a class action,” it said. The court “should strike the class allegations now,” it said.
Each plaintiff’s claims “would require a separate trial on unique defenses, causation issues, and alleged injuries that would become the focus of the litigation,” said Samsung’s brief. These separate trials would be “inescapable,” it said. As the complaint itself “exposes,” there’s no way to determine on a class-wide basis or through “common proof” whether each plaintiff “even suffered a cognizable injury, let alone one that resulted” from the data breach, it said. The plaintiffs’ own allegations “underscore numerous individualized factual questions that undermine Rule 23’s typicality and predominance requirements,” it said.
In addition to the “myriad factual differences” inherent in the complaint, the plaintiffs’ many claims “turn on numerous diverging state laws,” said Samsung’s brief. The plaintiffs invoke state laws from 34 different jurisdictions, so there’s “no chance that common legal theories will predominate,” it said.
Many courts have concluded there’s “no reason to postpone deciding this issue until after discovery” when the flaws in the plaintiffs’ class allegations are inherent in their complaint, said Samsung’s brief. Nationwide multidistrict class actions “are proceedings of enormous scope and pose inordinate burdens and expenses on the parties and the courts,” it said. If the plaintiffs’ allegations will never be able to meet Rule 23’s requirements, “the time to address that is now,” it said. If the court doesn’t dismiss all the plaintiffs’ claims “outright” for the reasons given in the separate motion to dismiss, the court should strike their class allegations, it said.