Litigation

California Federal Courts Offer Some Relief to Adobe and Cisco in Pending Class Actions

Published: Sep. 10, 2014

Updated: Oct. 05, 2020

Two big names in the technology software and equipment industries won at least short-term victories last week in the Northern District of California. See Halpain v. Adobe Systems, Inc., 5:13-cv-05226 (N.D. Calif. 2014); Doe I et al v. Cisco Systems, Inc. et al., 5:11-cv-02449 (N.D. Calif. 2014). Adobe Systems, Inc. obtained a partial dismissal of a consolidated class action, which consumers filed in the aftermath of its 2013 data breach, while Cisco Systems Inc. avoided allegations that the company knowingly designed and sold equipment that permitted the Chinese government to obtain user data to identify and persecute members of a religious group.

Adobe Systems Inc.

In 2013, hackers breached Adobe’s customer databases and stole credit and debit card numbers, among other personal data, from at least 38 million customers. In response, a class of Adobe customers filed an action arguing that Adobe had inadequate security measures, waited too long to announce the breach, and mischaracterized the number of affected customers.

The court dismissed, without prejudice, plaintiffs’ claims for injunctive relief under California’s Customer Records Act, which requires that businesses maintain reasonable security practices and notify customers promptly of a breach. Significantly, the court noted that although allegations of concrete and imminent harm are sufficient to establish standing at the pleading stage, the plaintiffs here failed to adequately show that they had or were likely to suffer greater injury on account of any incremental delay in Adobe’s notification of the breach. No injury could be linked to that conduct.

The court also dismissed, without prejudice, the claims for injunctive relief of two named plaintiffs arising under the California’s Unfair Competition Law (“UCL”). Plaintiffs alleged that they suffered an injury, because they paid more money for Adobe products than they would have, if they had known Adobe’s security standards were allegedly below industry. The court found that for two of the six named plaintiffs, their claims did not allege injuries sufficient to establish standing. The court allowed the other plaintiffs to proceed with their action for injunctive relief under the UCL as well as all of the plaintiffs’ claims for restitution under UCL. Finally, the court also found that plaintiffs’ claims for declaratory relief pertaining to Adobe’s contractual obligation to provide reasonable security controls, could survive the motion to dismiss.

Cisco Systems Inc.

A federal district judge dismissed claims against Cisco Systems Inc. for lack of jurisdiction under the Alien Tort Statute, finding that despite Cisco’s United States presence, the allegations of human rights abuses did not have sufficient connection with the U.S. to establish jurisdiction. The suit arose out of claims from members of a religious group in China that Cisco had intentionally designed and sold surveillance systems to the Chinese government with the knowledge that such equipment would be used to monitor and intercept communications among members of that persecuted religious group.

 Feature Photo by Matthew Keefe from Flickr