Law Firm Clients' Hacking Claims Still Fail, Insurers Say
By: Shayna Posses
Law360, New York (November 1, 2016, 6:56 PM EDT) -- Berkshire Hathaway Homestate Insurance Co. and two other insurers asked a California federal judge Monday to toss the latest version of a proposed class action brought by law firm clients who accuse the companies of hacking into their attorneys’ database and stealing personal files, contending that the revamped claims don't save the litigation.
Adela Gonzales’ first amended complaint added another plaintiff, Tomas Montano, removed six claims and asserted two new ones for trespass and medical privacy violations, but Berkshire Hathaway Homestate, Cypress Insurance Co. and Zenith Insurance Co. argued that the changes aren’t enough to save allegations that the insurers conspired to steal 33,000 workers’ compensation case files from HQ Sign-Up Services Inc., an intake service used by the law firm Reyes & Barsoum LLP.
"The basic story ... is the same as in the prior complaint," the insurer said, adding that the repeated claim for violating the Stored Communications Act and the new allegations for trespass to chattel and violations of the California Medical Information Act "should be dismissed because none of them are legally viable."
The insurers first asked the court to dismiss the matter in June, arguing that the suit was identical to another action previously filed in the same court that missed the class certification deadline. Much of Gonzales’ complaint revolved around the plaintiff in that earlier suit, but the facts of her case remain a mystery, the insurers argued, contending that she doesn’t identify how she was harmed by the alleged hacking incident and how that alleged injury was tied to the defendants.
She shot back in August that the evidence was so overwhelming that dismissal wasn’t warranted. After all, Gonzales said, Oliver Glover, an insurance investigator employed by Zenith, admitted to taking the files and the insurer was caught red-handed using them in separate litigation.
U.S. District Judge Andrew J. Guilford sided with the insurers later that month, concluding that Gonzales didn’t sufficiently allege an injury-in-fact but giving her a chance to fix her allegations.
However, the insurers said Monday, the September amended complaint doesn’t hold up either.
For one, Gonzales’ new trespass to chattel claim fails because the cause of action only applies to cyber-related conduct if a computer system has been damaged or impaired, which they said is not the case here. Additionally, they said, the clients don’t contend that they owned the computers that were purportedly hacked, another essential element of the claim.
The workers also seek statutory damages under CMIA, but that act doesn’t apply to the insurance defendants, they argued. The act mentions specific persons and entities, like health care providers, that are required to protect patient medical information and specifically carves out insurance companies, as well as information maintained as part of the workers’ compensation system, the insurers said.
Finally, the insurers said, the SCA claim still fails because the litigation has nothing to do with the type of stored communications addressed by the act. The act protects facilities used by internet service providers and other online communication providers to enable wire or electronic communications, which isn’t the service the workers say HQSU provided, they said.
Rather, the workers claim that HQSU provides off-site file management for attorneys, which doesn’t make the company an internet service provider, email system or other kind of online communication provider covered by the statute, they said.
And the allegations don’t satisfy the act’s requirement that the electronic communications be “in electronic storage,” which is defined as temporary, intermediate storage incidental to the transmission of the communication or backup storage, according to the insurers.
In this case, the workers say attorneys use HQSU as a permanent repository for client files and don’t provide facts to support a conclusion that it’s an electronic communication service storing communications for backup protection purposes, the insurers said.
In Gonzales’ original April complaint, she said the companies broke into HQSU’s servers and stole information that included her "full name, Social Security number, birth date, home address, legal status, driver's license information, salary information, medical information and confidential legal information.”
A similar class action — the one that the insurers alleged Gonzales based her suit on — was brought in June 2015 in the same district by Hector Casillas. At that time, though, Casillas and his lawyers were aware of only 5,000 stolen Reyes & Barsoum case files.
James Robert Noblin of Green & Noblin PC, who represents the plaintiffs, told Law360 on Tuesday that they disagree with the defendants' position and will "oppose it strenuously."
Representatives for the defendants didn't immediately return request for comment.
The workers are represented by Mark Ravis, David Martin and Ivo Genchev of the Law Office of Mark Ravis & Associates and Robert S. Green and James Robert Noblin of Green & Noblin PC.
Berkshire and Cypress are represented by Deborah Stein, Colin Rolfs and Joanne Jennings of Simpson Thacher & Bartlett LLP.
Zenith is represented by Lary Alan Rappaport, Jacquelyn Ferry and Courtney Bowman of Proskauer Rose LLP.
Glover is represented by Dennis B. Kass of Manning & Kass Ellrod Ramirez Trester LLP.
The case is Gonzalez v. Berkshire Hathaway Homestate Cos. et al., case number 2:16-cv-02690, in the U.S. District Court for the Central District of California.
--Additional reporting by Kat Sieniuc and Steven Trader. Editing by Brian Baresch.