Duane Morris Class Action Review - 2023 - Report - Page 136
contended that an agent seeking to generate a quote for an individual consumer could
do so by providing only “minimal information” about the consumer, such as a name,
address, and date of birth. The plaintiff further alleged that once an agent requests a
quote through the agency portal, Travelers provided a final insurance quote that autopopulates with PII regarding the individual, including the individual’s driver’s license
number. This PII is allegedly drawn from the relevant state’s department of motor
vehicles (DMV) or other third parties that receive the PII from DMVs. The plaintiffs
claimed their individual and class injury-in-fact was premised on the plaintiffs’ time spent
detecting and preventing any additional misuses of their PII and to protect against “the
heightened risk for fraud and identity theft” for years to come. Id. at *4. The named
plaintiff also claimed she and putative class members “face years of constant
surveillance of their financial and personal records, monitoring, and loss of rights” and
they “are incurring and will continue to incur such damages in addition to any fraudulent
use of their PII.” Id. Accordingly, the court concluded that at this early stage in the
litigation, the allegations sufficiently resemble the type of loss in privacy protected by the
tort of public disclosure of private information such that the loss constituted an injury-infact.
In Almon, et al. v. Conduent Business Services, LLC, 2022 U.S. Dist. LEXIS 55025
(W.D. Tex. Mar. 25, 2022), the plaintiffs, a group of current and former customers of the
defendants, filed a class action alleging that unauthorized users withdrew funds from
their Direct Express accounts and that the defendants failed to properly respond to the
fraudulent transactions, thereby violating the Electronic Fund Transfer Act (EFTA), 15
U.S.C. § 1963, et seq., its implementing regulations (Regulation E), 12 C.F.R. §
1005.1, et seq., and the Terms of Use that constitute the contract between the parties.
The court considered the defendants’ motion for summary judgment, and the plaintiffs’
motion for class certification. The court granted the defendants’ motion for summary
judgment in part as to the plaintiffs’ claims for breach of contract; violations of 12 C.F.R.
§ 1005.11; violation of 15 U.S.C. § 1693f(d); and negligence, negligence per se, and
violations of the California consumer protection laws. The court denied the motion as to
all remaining claims. The court further denied the plaintiffs’ motion for class certification
as to both the proposed breach of contract class and the proposed Regulation E class.
The court granted the plaintiffs leave to file a renewed motion for class certification
amending the proposed class definitions to cure the deficiencies outlined in the opinion.
In reaching this conclusion, the court determined that the amended complaint asserted
claims for negligence, negligence per se, and violations of the California consumer
protection laws and identified a class based on the alleged data breach affecting the
Direct Express Program. However, the court noted that the plaintiffs’ motion for class
certification did not seek to certify such a class. The court concluded that the plaintiffs
conceded in their response to the defendants’ motion for summary judgment that
discovery had produced no evidence tying unauthorized activity on their accounts to a
data breach involving the defendants. Thus, because the plaintiffs could not establish a
causal connection between their injuries and the alleged data breach, the court
concluded that they lacked standing to assert claims arising out of the alleged data
breach.
135
© Duane Morris LLP 2023
Duane Morris Class Action Review – 2023
