1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 EDWARD BATON, et al., Case No. 21-cv-02470-EMC
8 Plaintiffs, ORDER GRANTING IN PART AND 9 v. DENYING IN PART DEFENDANTS' MOTIONS TO DISMISS 10 LEDGER SAS, et al., 11 Defendants. Docket Nos. 153, 154
12 13 I. INTRODUCTION 14 Plaintiffs are customers who purchased a Ledger SAS hardware wallet to protect their 15 cryptocurrency assets. Ledger’s hardware wallets store customer’s “private keys” for their crypto- 16 assets. TAC ¶ 2. The private keys are similar to a bank-account password in that the private key 17 can be used to allow an individual to transfer their crypto-assets. See id. In 2020, Ledger’s 18 customer database was hacked, and Plaintiffs’ personal identifying information (“PII”) was 19 accessed by hackers. Plaintiffs bring a putative class action seeking redress for harms they 20 allegedly suffered stemming from the data breach. See Docket No. 151 (Third Amended 21 Complaint or “TAC”). The data breach occurred when two of TaskUs’s “rogue” employees 22 conspired with a “California man” who accessed and distributed Ledger users’ PII. 23 Plaintiffs bring this action against Ledger, Shopify, and TaskUs. Shopify is Ledger’s 24 subcontractor who helps Ledger with purchases over its website. Shopify was dismissed from the 25 case for forum non conveniens in the last round of briefing. Prior Order MTD (“Prior Order”) re: 26 Second Amended Complaint (“SAC”), Docket No. 148. TaskUs is Shopify’s subcontractor who 27 helps Shopify with Ledger’s customer service operations. 1 Ledger for lack of personal jurisdiction. See Amended Motion to Dismiss Order, Docket No. 79. 2 Plaintiffs appealed and the Ninth Circuit affirmed in part and reversed and remanded in part. 3 Baton v. Ledger SAS, 2022 WL 17352192, at *3 (9th Cir. 2022). The Ninth Circuit reversed the 4 dismissal of Seirafi’s California consumer law claims, but otherwise affirmed the dismissal of the 5 claims against Ledger. Baton v. Ledger SAS, No. 21-17036, 2022 WL 17352192, at *2 (9th Cir. 6 Dec. 1, 2022). The Ninth Circuit also found that Ledger’s forum selection clause was enforceable 7 and that Plaintiffs remaining claims against Ledger should be sent to France, “except with respect 8 to Plaintiffs who are ‘California resident plaintiffs bringing class action claims under California 9 consumer law.’” Baton v. Ledger SAS, No. 21-17036, 2022 WL 17352192, at *2 (9th Cir. Dec. 1, 10 2022) (quoting Doe 1 v. AOL LLC, 552 F.3d 1077, 1084 (9th Cir. 2009)). 11 Plaintiffs then filed a SAC. In this Court’s Order re: the Motion to Dismiss the SAC 12 (“Prior Order”), the Court found “Plaintiffs have standing except with respect to Mr. Seirafi’s 13 injunctive relief claim against Ledger, the California Consumer Subclass is stricken with leave to 14 amend, the Court has personal jurisdiction over Shopify and TaskUs, Ledger’s forum selection 15 clause does not apply to Plaintiffs’ Unfair Competition Law (“UCL”) claim against Ledger, and 16 Shopify may avail itself of Ledger’s forum selection clause.” Further “[w]ith respect to Ledger’s 17 Rule 12(b)(6) motion, Plaintiffs have plausibly pled a UCL claim under the “unfair” and 18 “unlawful” prongs, but Plaintiffs’ CRLA and “fraudulent” UCL claim is dismissed. See Cal. Bus. 19 & Prof. Code § 17200. With respect to TaskUs’s Rule 12(b)(6) motion, Plaintiffs have plausibly 20 pled a negligence claim and a New York Deceptive Trade Practices Act claim, but Plaintiff’s 21 negligence per se claim is dismissed.” Prior Order, Docket No. 148. This effectively removed 22 Shopify from this case, left only UCL and CLRA claims against Ledger, and left unresolved the 23 claims against TaskUs. 24 Defendant TaskUs now brings a motion to dismiss for forum non conveniens, Docket No. 25 153, arguing they are similarly situated, and as “closely related” as Shopify was previously found 26 to be, and should be similarly dismissed in favor of the French forum selection clause in Ledger’s 27 contracts with Plaintiffs. 1 arguing Plaintiff Seirafi (a) lacks Article III standing for injunctive relief; (b) Seirafi fails to satisfy 2 basic pleading standards and the heightened pleading standard for his UCL and CLRA claims, 3 which sound in fraud; (c) Seirafi fails to state a claim for relief under the UCL or CLRA; and (d) 4 Seirafi’s California Consumer Subclass allegations are facially overbroad. Id. at 1. 5 For the following reasons, the Court GRANTS Defendant TaskUs’s Motion, and 6 GRANTS IN PART AND DENIES IN PART Defendant Ledger’s Motion. 7 8 II. FACTS AND BACKGROUND 9 Plaintiff Seirafi entered this case in the First Amended Complaint (“FAC”) filed on June 9, 10 2021. Docket No. 33. Seirafi and other plaintiffs asserted claims against Ledger under the UCL, 11 CLRA, and other statutes, individually and on behalf of several proposed classes, including a 12 California Consumer Subclass. Id. This Court dismissed all of the claims against Ledger for lack 13 of personal jurisdiction. Docket No. 79 at 7-12. Seirafi and other plaintiffs appealed. The Ninth 14 Circuit reversed the dismissal of Seirafi’s California consumer law claims, but otherwise affirmed 15 the dismissal of the claims against Ledger. Baton v. Ledger SAS, No. 21-17036, 2022 WL 16 17352192, at *2 (9th Cir. Dec. 1, 2022). Seirafi then filed a Second Amended Complaint (“SAC”) 17 on December 7, 2023. Docket No. 110. Again, he asserted UCL and CLRA claims against Ledger. 18 Id. This Court partially dismissed Seirafi’s claims against Ledger on July 16, 2024. Prior Order. 19 Seirafi then filed the TAC, once again asserting UCL and CLRA claims against Ledger, 20 individually and on behalf of a California Consumer Subclass. 21 A. Third Amended Complaint (“TAC”) 22 On August 22, 2024, Plaintiffs filed the TAC. In the TAC, Plaintiffs assert claims for 23 negligence, declaratory judgment and injunctive relief, and a claim under the NYDTPA against 24 TaskUs. TAC at ¶¶ 197-214; 269-273. Notably, all of those claims were previously asserted 25 against Shopify in the SAC but were dismissed pursuant to the forum selection clauses. Prior 26 Order at 28-30. 27 In the TAC, Seirafi largely repeats many of the allegations in the SAC, with a few new 1 “would purchase Ledger products again in the future if Ledger’s products, e-commerce, and 2 support services actually maintained the level of security that Ledger promises to uphold— 3 extending to Ledger’s vendors as well.” TAC ¶¶ 23, 109. 4 To support his claims under the UCL and CLRA, Seirafi alleges in the TAC three new 5 statements by Ledger, though he does not allege he saw or relied on any of them. First, he alleges 6 that Ledger made various representations in a short advertisement for the Ledger Nano X on 7 YouTube. Id. ¶ 93. Second, he cites Ledger’s privacy policy dated July 31, 2018 (as captured by 8 web.archive.org on March 31, 2019), quoting various parts and alleging that Ledger omitted 9 disclosing that “customer information would be entrusted to an outsourcing operation that 10 employs individuals located in overseas locations like the Philippines and that Ledger provides no 11 meaningful oversight of such subcontractors.” Id. ¶¶ 242, 259. The July 31, 2018 privacy policy, 12 like the July 28, 2020 privacy policy cited in the SAC, warns that “transmission of information on 13 the Internet is not fully secure.” Id. ¶ 242 n.61 (citing Ledger’s privacy policy). 14 Finally, Seirafi slightly modifies the proposed California Consumer Subclass by limiting it 15 to “prior to December 21, 2020.” TAC ¶ 187. The proposed class now includes all California 16 residents “who purchased a Ledger Nano X wallet or a Ledger Nano S wallet from Ledger or an 17 authorized reseller within the limitations period, as may be extended or tolled by any applicable 18 rule of law or equitable doctrine, prior to December 21, 2020,” regardless of whether their contact 19 information was conveyed to Ledger or whether it was accessed by criminals. Id. 20 Seirafi continues to assert claims under the CLRA and under the “unfair,” “unlawful,” and 21 “fraudulent” prongs of the UCL. TAC ¶¶ 215-268. Seirafi’s CLRA claim and “fraudulent” UCL 22 claim rely on alleged misrepresentations and omissions by Ledger. Id. ¶¶ 240, 257. Seirafi’s 23 “unfair” and “unlawful” UCL claims rely on both the alleged misrepresentations and on an alleged 24 failure by Ledger to “implement and maintain reasonable security measures to protect [his] . . . 25 personal information from unauthorized disclosure, release, data breaches, and theft, which was a 26 direct and proximate cause of the Data Breach.” Id. ¶¶ 225, 229, 234, 237. Because Seirafi defines 27 the “Data Breach” only as the TaskUs incident, his UCL claim regarding Ledger’s security 1 III. LEGAL STANDARD 2 A. Article III Standing 3 Under Rule 12(b)(1), a party may move to dismiss for lack of subject matter jurisdiction. 4 “[L]ack of Article III standing requires dismissal for lack of subject matter jurisdiction under 5 [Rule] 12(b)(1).” Maya v. Centex Corp., 658 F.3d 1060, 1067 (9th Cir. 2011). The “irreducible 6 constitutional minimum” of standing requires that a “plaintiff must have (1) suffered an injury in 7 fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to 8 be redressed by a favorable judicial decision.” Spokeo, Inc. v. Robins (“Spokeo II”), 136 S. Ct. 9 1540, 1547 (2016). These three elements are referred to as, respectively, injury-in-fact, causation, 10 and redressability. Planned Parenthood of Greater Was. & N. Idaho v. U.S. Dep't of Health & 11 Human Servs., 946 F.3d 1100, 1108 (9th Cir. 2020). “The plaintiff, as the party invoking federal 12 jurisdiction, bears the burden of establishing these elements,” which at the pleadings stage means 13 “clearly . . . alleg[ing] facts demonstrating each element.” Spokeo II, 136 S. Ct. at 1547 (quoting 14 Warth v. Seldin, 422 U.S. 490, 518 (1975)). 15 B. Motions to Strike 16 Before responding to a pleading, a party may move to strike from a pleading any 17 “redundant, immaterial, impertinent, or scandalous matter.” Fed. R. Civ. P. 12(f). The essential 18 function of a Rule 12(f) motion is to “avoid the expenditure of time and money that must arise 19 from litigating spurious issues by dispensing with those issues prior to the trial.” Wang v. OCZ 20 Tech. Grp., Inc., 276 F.R.D. 618, 624 (N.D. Cal. Oct. 14, 2011) (quoting Whittlestone, Inc. v. 21 Handi-Craft Co., 618 F.3d 970, 973 (9th Cir. 2010)). Motions to strike are generally disfavored. 22 See Shaterian v. Wells Fargo Bank, N.A., 829 F. Supp. 2d 873, 879 (N.D. Cal. 2011); Platte 23 Anchor Bolt, Inc. v. IHI, Inc., 352 F. Supp. 2d 1048, 1057 (N.D. Cal. 2004). A motion to strike 24 should only be granted if the matter sought to be stricken clearly has no possible bearing on the 25 subject matter of the litigation. See Colaprico v. Sun Microsystems, Inc., 758 F. Supp. 1335, 1339 26 (N.D. Cal. 1991); Fantasy, Inc. v. Fogerty, 984 F.2d 1524, 1527 (9th Cir. 1993), rev’d on other 27 grounds, Fogerty v. Fantasy, Inc., 510 U.S. 517 (1994) (“Immaterial matter is that which has no 1 Statements that do not pertain to, and are not necessary to resolve, the issues in question are 2 impertinent. Id. If there is any doubt whether the portion to be stricken might bear on an issue in 3 the litigation, the Court should deny the motion to strike. Platte Anchor Bolt, 352 F. Supp. 2d at 4 1057. Just as with a motion to dismiss, the Court should view the pleading sought to be struck in 5 the light most favorable to the nonmoving party. Id. 6 C. Personal Jurisdiction 7 Under Rule 12(b)(2), a court must dismiss an action where it does not have personal 8 jurisdiction over a defendant. Fed. R. Civ. P. 12(b)(2). “[T]he plaintiff bears the burden of 9 establishing that jurisdiction is proper.” Mavrix Photo, Inc. v. Brand Techs., Inc., 647 F.3d 1218, 10 1223 (9th Cir. 2011). However, “[w]here, as here, the defendant’s motion is based on written 11 materials rather than an evidentiary hearing, the plaintiff need only make a prima facie showing of 12 jurisdictional facts to withstand the motion to dismiss.” Id. In addition, “[u]ncontroverted 13 allegations in the complaint must be taken as true, and factual disputes are construed in the 14 plaintiff’s favor.” Freestream Aircraft (Berm.) Ltd. v. Aero Law Grp., 905 F.3d 597, 602 (9th Cir. 15 2018). 16 D. 12(b)(6) 17 Federal Rule of Civil Procedure 8(a)(2) requires a complaint to include “a short and plain 18 statement of the claim showing that the pleader is entitled to relief.” Fed. R. Civ. P. 8(a)(2). A 19 complaint that fails to meet this standard may be dismissed pursuant to Rule 12(b)(6). See Fed. R. 20 Civ. P. 12(b)(6). To overcome a Rule 12(b)(6) motion to dismiss after the Supreme Court’s 21 decisions in Ashcroft v. Iqbal, 556 U.S. 662 (2009) and Bell Atlantic Corporation v. Twombly, 550 22 U.S. 544 (2007), a plaintiff’s “factual allegations [in the complaint] ‘must . . . suggest that the 23 claim has at least a plausible chance of success.’” Levitt v. Yelp! Inc., 765 F.3d 1123, 1135 (9th 24 Cir. 2014). The Court “accept[s] factual allegations in the complaint as true and construe[s] the 25 pleadings in the light most favorable to the nonmoving party.” Manzarek v. St. Paul Fire & 26 Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). But “allegations in a complaint . . . may not 27 simply recite the elements of a cause of action [and] must contain sufficient allegations of 1 Levitt, 765 F.3d at 1135 (quoting Eclectic Props. E., LLC v. Marcus & Millichap Co., 751 F.3d 2 990, 996 (9th Cir. 2014)). “A claim has facial plausibility when the Plaintiff pleads factual 3 content that allows the court to draw the reasonable inference that the Defendant is liable for the 4 misconduct alleged.” Iqbal, 556 U.S. at 678. “The plausibility standard is not akin to a 5 ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted 6 unlawfully.” Id. (quoting Twombly, 550 U.S. at 556). 7 8 IV. DISCUSSION 9 A. TaskUs’s Motion to Dismiss for Forum Non Conveniens 10 1. Forum-Selection Clause 11 TaskUs moves to dismiss the claims asserted against it with prejudice pursuant to forum 12 selection clauses contained in the contracts between Plaintiffs and Ledger. “[T]he appropriate way 13 to enforce a forum-selection clause pointing to a state or foreign forum is through the doctrine of 14 forum non conveniens.” Atlantic Marine Const. Co., Inc. v. United States Dist. Ct. for Wester Dist. 15 of Texas, 571 U.S. 49, 60 (2013). “A motion to dismiss based on forum non conveniens is not the 16 same as a motion to dismiss for improper venue. The United States Supreme Court has held that 17 under the doctrine of forum non conveniens, a court has the discretion to dismiss a case ‘even if 18 jurisdiction and proper venue are established.’” Chateau Des Charmes Wines Ltd. v. Sabate USA, 19 Inc., 2003 WL 22682483, at *3 (N.D. Cal. Nov. 10, 2003) (quoting American Dredging Co. v. 20 Miller, 510 U.S. 443, 448 (1994)). 21 In the present case, the Ninth Circuit has already confirmed that Ledger’s three agreements 22 with its consumers “contain extremely broad forum selection clauses providing that covered 23 disputes will be subject to the exclusive jurisdiction of the French courts” which covered the 24 claims in this case with respect to Ledger. Baton, 2022 WL 17352192, at *2 (“These forum- 25 selection clauses are enforceable except with respect to Plaintiffs who are ‘California resident 26 plaintiffs bringing class action claims under California consumer law.’” (citing Doe 1 v. AOL LLC, 27 552 F.3d 1077, 1084 (9th Cir. 2009) (per curiam)). In particular, the Ninth Circuit quoted Ledger’s 1 relating to” the agreement. Id. This Court, in its Prior Order, dismissed previous defendant 2 Shopify due to the forum-selection clause, and stated as follows: 3 “Whether Shopify breached any duty owed to Plaintiffs could well be informed by the terms of the Ledger agreement (and any 4 expressed or implied promise of privacy and security) with the Plaintiffs. Parker, 2017 WL 3034517, at *6 (a non-signatory may 5 be bound by a forum selection clause via “their relation to the contract, not by their relation to the party”). The duties that both 6 Ledger and Shopify owed to Plaintiffs are intertwined. Plaintiffs’ claims against Shopify arose out of their contract with Ledger and 7 Plaintiffs would have had every reason to expect that the privacy rights ensured in their contract with Ledger would obtain to 8 Ledger’s subcontractors. Thus, Shopify’s connection to the conduct at issue is “closely related” to the signatories of the contract with the 9 forum selection clause, and to the contract’s terms and enforcement. See McNally, 2020 WL 7786539, at *2. 10 Since Plaintiffs believed they were entrusting Ledger with their PII, 11 and therefore any of Ledger’s vendors who had access to their PII, it is “foreseeable” that said vendors would be able to enforce their 12 forum selection clause in Plaintiffs’ agreement with Ledger. See Magi XXI, 714 F.3d at 722. As in Robeson, 2014 WL 1392922, and 13 Pat Pelligrini, 2010 WL 1005318, Shopify may avail itself of Ledger’s forum selection clause as an agent or third-party vendor to 14 the Ledger contract, which is closely related to the signatories and the contract at issue. Thus, Shopify is dismissed from this suit in 15 favor of the forum in France which presently does not include any California-specific consumer claims, such as the CLRA and UCL, 16 which would be exempt from the forum selection clause.” To avoid the same fate, Plaintiffs argue that TaskUs is not similarly situated to the Ledger 17 contract, and thus cannot benefit from Ledger’s forum selection clause as a non-signatory. 18 Plaintiffs also contend that regardless, TaskUs has waived this argument for failure to raise in the 19 last round of briefing. The Court takes each argument in turn. 20 a. Non-Signatory Bound 21 In the TAC, Plaintiffs allege that Shopify employed TaskUs to provide “customer support 22 and data security consulting services for Ledger’s sales website and the Ledger Live services, in 23 which Ledger customers could obtain live support for their investments and effectuate transfers of 24 their assets on Ledger’s website.” TAC at ¶ 9. TaskUs was “entrusted with the information 25 collected by the Ledger Live service and Shopify’s collection of the data through their e- 26 commerce services to Ledger. TaskUs therefore had access to, and was entrusted with, the 27 1 TaskUs played an active role in Ledger’s transactions with customers. 2 TaskUs argues its alleged conduct is “closely related” to Ledger and Shopify; it points to 3 Plaintiffs allegations in the TAC that Ledger had the right to control the conduct of both Shopify 4 and TaskUs, such that both had an active role in Ledger’s relationship with Plaintiffs. TaskUs 5 Reply at 8. Specifically, Plaintiffs allege that: 6 • “Ledger has failed to utilize the promised security measures, employed multiple vendors, 7 and failed to oversee such vendors’ (including Shopify and TaskUs) handling of the 8 data.” TAC at ¶ 8 (emphasis added). 9 • Shopify employed TaskUs to provide “customer support and data security consulting 10 services for Ledger’s sales website and the Ledger Live services, in which Ledger 11 customers could obtain live support for their investments and effectuate transfers of their 12 assets on Ledger’s website.” Id. at ¶ 9. 13 • TaskUs was “entrusted with the information collected by the Ledger Live service and 14 Shopify’s collection of the data through their e-commerce services to Ledger. TaskUs 15 therefore had access to, and was entrusted with, the sensitive user PII . . ..” Id. at ¶ 10. 16 • “Ledger and Shopify failed to oversee the handling of the data [by TaskUs]” such that 17 Ledger and TaskUs should both be liable. Id. at ¶ 15 (emphasis added). 18 As this Court has previously held, “TaskUs engaged in consumer-oriented conduct when it 19 supplied a necessary component of Ledger’s overall product,” and “[t]hus, Plaintiffs have alleged 20 that TaskUs engaged in consumer-oriented conduct given that its subcontractor relationship with 21 Ledger affects the public interest.” Prior Order at 72. As it was contracted to provide an essential 22 component of Shopify’s work for Ledger and its conduct constituted the core of the alleged wrong 23 injurious to Ledger’s customers, TaskUs’ “conduct at issue is ‘closely related’ to the signatories of 24 the contract with the forum selection clause, and to the contract’s terms and enforcement. Id. at 25 20. The duties that Ledger, Shopify, and TaskUs “owed to Plaintiffs are intertwined.” Id. at 50. 26 Plaintiffs’ claims “arose out of their contract with Ledger and Plaintiffs would have had every 27 reason to expect that the privacy rights ensured in their contract with Ledger would obtain to 1 subcontractor of Shopify, and not of Ledger directly, so there is no vertical privity between 2 TaskUs and Ledger. However, vertical privity does exist – there is a straight line of responsibility 3 between Ledger, Shopify, and TaskUs. The fact that Task Us is one step further away from 4 Ledger as Shopify does not negate the line of privity. In any event, vertical privity is not the 5 determining factor for permitting a non-signatory to the Ledger contract to assert rights thereunder 6 where there is otherwise a “close connection,” and Plaintiffs fail to cite any case law to the 7 contrary. It remains that Plaintiffs believed they were entrusting Ledger with their PII, and 8 therefore any of Ledger’s vendors who had access to their PII, it is “foreseeable” that said vendors 9 would be able to enforce their forum selection clause in Plaintiffs’ agreement with Ledger. There 10 is no reason to hold that entrustment would not extend to subcontractors as well as contractors of 11 Ledger. TaskUs may avail itself of Ledger’s forum selection clause as an agent (or sub-agent) or 12 third-party vendor to the Ledger contract. 13 b. No Waiver 14 Plaintiffs argue that Defendant TaskUs has waived their ability to raise the forum-selection 15 clause because in their prior motion to dismiss, they did not raise the clause, and did not join 16 Shopify in arguing for the forum-selection clause’s applicability to them. Further, Plaintiffs argue 17 because the Court has previously decided TaskUs’s previous 12(b)(6) arguments, it is too late to 18 raise this procedural issue. 19 As a general matter, courts have found waiver of forum-selection clauses when “the party 20 invoking it has taken actions inconsistent with it, or delayed its enforcement, and enforcement 21 would prejudice other parties.” Azod v. Robinson, 2023 WL 1479076 (C.D. Cal. Jan. 30, 2023) at 22 *7 (quoting S&J Rentals, Inc. v. Hilti, Inc., 294 F.Supp.3d 978, 984 (E.D. Cal. 2018)). “The party 23 waiving their right to enforce the clause must demonstrate ‘clear, decisive, and unequivocal 24 conduct manifesting such an intent.” Id. (quoting Bindman v. MH Sub I, LLC, 2020 WL 978618, 25 at *2 (N.D. Cal. Feb. 28, 2020)). This happens when a party ‘substantially participated in the 26 litigation to a point inconsistent with an intent.’” S.E. Power. Grp., Inc. v. Vision 33, Inc., 855 Fed 27 App’x 531, 534 (11th Cir. 2021). Courts have found an intent to not enforce a forum-selection 1 Grp., 855 Fed.App’x at 534-39 (finding waiver where a party served initial disclosures, 2 propounded discovery, and began exchanging discovery); Edwards Vacuum, LLC v. Hoffman 3 Instrumentation Supply, Inc., 2021 U.S. Dist. LEXIS 108095, at *15 (D. Or. June 9, 2021) 4 (finding waiver where a party waived its right to enforce the forum selection clause through its 5 litigation efforts by moving to bifurcate and stay counterclaims); Cable News Network L.P. v. 6 CNNews.com, 177 F.Supp.2d 506, 515, 528 (E.D. Va. 2001) (denying a motion for forum non 7 conveniens based on public policy factors whereby Virginia had a substantial interest in the 8 litigation and where the defendant delayed the filing for eight months, in the interim engaging in 9 “a period of discovery [and] the parties filed cross motions for summary judgment.”). 10 There is no waiver here. Defendant TaskUs has participated in only one round of motion to 11 dismiss briefing. No discovery has been propounded, and no summary judgment motions have 12 been filed. The case is still within the pleading stage, as Plaintiffs filed their TAC just a few short 13 months ago. Though TaskUs did not raise this issue in the last round of briefing, this slight delay 14 does not arise to the level of a waiver. Plaintiffs could have foreseen that any subcontractors to the 15 Ledger contract would raise the forum-selection clause issue. 16 c. Public Interest Factors 17 Finally, and for good measure, the Court addresses whether the public interest factors favor 18 a dismissal for forum non conveniens. The factors are: 19 [T]he administrative difficulties flowing from court congestion; the local interest in having localized controversies decided at home; the 20 interest in having the trial of a diversity case in a forum that is at home with the law that must govern the action; the avoidance of 21 unnecessary problems in conflict of laws, or in the application of foreign law; and the unfairness of burdening citizens in an unrelated 22 forum with jury duty. White Knight Yacht, 407 F. Supp 3d. at 948 (quoting Piper Aircraft Co. v. Reyno, 454 U.S. 235, 23 241 n.6 (1981)). 24 This case arises from Plaintiffs who “purchased a crypto wallet from a French company 25 pursuant to a contract with a French forum selection clause. France has the greater interest in this 26 case.” TaskUs Reply at 15. The forum selection clause holds France to be the proper forum for 27 1 law differs from American law, France has been found to be an adequate forum. Harris v. France 2 Telecom, S.A., 2011 WL 3705078, *4-5 (N.D. Ill. Aug. 22, 2011) (finding France adequate 3 alternative forum even though state statutory claims had no equivalents in France because 4 “avenues for redress need not be as comprehensive or favorable as the specific causes of action 5 pursued in the American jurisdiction.”). It would be inefficient for this Court to determine 6 TaskUs’s liability, when TaskUs is only in this case through its connections with Shopify, and 7 Shopify has been dismissed from this case due to the forum-selection clause. Shopify’s and 8 TaskUs’s liabilities are intertwined. It would be inefficient to try the two similar sets of claims in 9 different forums. Further, only one of the four Plaintiffs is from California. California does not 10 have a strong interest in deciding TaskUs’s liability in this case. 11 Accordingly, Defendant TaskUs’s Motion to dismiss for forum non conveniens is 12 GRANTED. Defendant TaskUs is dismissed from the case. 13 14 B. Ledger’s Motion to Dismiss the TAC 15 1. Standing for Injunctive Relief 16 Plaintiff Seirafi contends he has standing for two forms of injunctive relief: (i) an order 17 prohibiting Ledger from making misrepresentations and omissions; and (ii) an order compelling 18 Ledger to “implement and maintain reasonable security measures.” Opp. at 5:27-6:10. 19 The Court previously dismissed Seirafi’s claim for injunctive relief against Ledger because 20 the Court found that under Davidson, Seirafi does not plead any sort of actual imminent harm. 21 “Mr. Seirafi does not allege that he seeks to purchase Ledger’s products in the future or otherwise 22 rely on Ledger’s advertisements or labels. Thus, Mr. Seirafi does not have standing to seek 23 prospective injunctive relief against further misrepresentations.” Prior Order at 24-25.1 24 1 “In Davidson, Plaintiff had standing for injunctive relief because she alleged that she would be 25 unable to rely on the product’s label in future when deciding whether to purchase the product and that the company’s false advertising threatened to invade her statutory right, created by the UCL, 26 CLRA, and FAL, to receive truthful information about the product at issue. Id. at 966-67. In addition, a consumer may have standing if they might purchase the product in the future on the 27 incorrect assumption that the product is as represented. See id. at 969 (“Knowledge that the 1 Seirafi has added in additional language in their TAC to reach this Davidson bar as the 2 Court previously articulated. Specifically, he now alleges: “Seirafi would purchase Ledger 3 products again in the future if Ledger’s products, e-commerce, and support services actually 4 maintained the level of security that Ledger promises to uphold—extending to Ledger’s vendors 5 as well.” TAC at ¶ 23. 6 Defendant Ledger argues these are just “rote and conclusory” statements that include 7 “Broad-sweeping buzzwords—‘products, e-commerce, and support services’—and the absence of 8 any specifically alleged promises on the part of Ledger render the meaning of this allegation 9 entirely unclear.” Ledger Motion at 7. Relying on Julian v. TTE Tech., Inc. No. 20-CV-02857- 10 EMC, 2021 WL 810228, at *9 (N.D. Cal. Mar. 3, 2021) (Chen, J.), whose complaint the Court 11 dismissed for failure to plead an imminent purchase, Ledger argues Plaintiffs fail to specifically 12 describe their intent to purchase the wallet again—and in fact, Ledger states this type of wallet is a 13 one-time purchase altogether, so Plaintiff cannot plausibly plead an intent to repurchase this type 14 of “durable good” that is not susceptible to repeat purchases. Ledger Motion at 5; Ledger Reply at 15 5. Further Ledger argues that there is no “false or misleading” conduct to enjoin (which the Court 16 addresses below). 17 Ledger argues that Plaintiff’s allegation of an intent to purchase another wallet within the 18 near or reasonably foreseeable future strains credibility and that conclusory allegation of such 19 intent are not sufficient to establish standing for injunctive relief. As Ledger contends, there is a 20 distinction between durable and non-durable goods. That distinction is especially pronounced 21 where the good at issue is of a nature of being a one-time purchase at least for a foreseeable period 22 of time. 23 In Julian v. TTE Tech., Inc., No. 20-CV-02857-EMC, 2021 WL 810228, at *9 (N.D. Cal. 24 Mar. 3, 2021), this Court recognized the distinction between durable and consumable goods with 25 respect to standing: 26 The Court concludes that, based on the current allegations in the pleading, Plaintiffs have failed to establish standing to seek 27 injunctive relief. Plaintiffs’ conclusory allegation that they intend to purchase a TTE television without any factual allegations to suggest sufficient, at least in the context where, as here, the goods are not, 1 e.g., consumable items that are bought on a repeat basis as in Davidson, but rather a durable good not typically purchased on a 2 regular basis. The Court, however, shall have Plaintiffs one final opportunity to cure this deficiency, if they can do so in good faith. 3 See Fed. R. Civ. P.11. 4 Julian v. TTE Tech., Inc., No. 20-CV-02857-EMC, 2021 WL 810228, at *9 (N.D. Cal. Mar. 3, 2021). 5 The likelihood of repurchase of a durable good is even further diminished where the good 6 is not likely to be purchased again. The likelihood of repurchasing a cryptowallet where there is 7 no indication of a problem with the product – the problem lay with the security of the personal 8 data obtained from the purchasers when the wallet was purchased, not the security of the 9 information contained in the hard wallet itself – is less than the likelihood of, e.g., a television in 10 Julian, a solid state hard drive in In re Sandisk SSDS Litig., 2024 WL 3422597, at *2 (N.D. Cal. 11 June 5, 2024), or a bicycle product in Hawkins v. Shimano N. Am. Bicycle Inc., No. 8:23-CV- 12 02038-JVS (JDE), 2024 WL 2105596, at *7 (C.D. Cal. Apr. 12, 2024). Under the circumstances 13 and the nature of the particular product of this case, more specific allegations demonstrating an 14 intent to repurchase a cryptowallet than those alleged by Plaintiffs herein are required. 15 Plaintiffs lack standing to seek injunctive relief. Accordingly, Defendant’s motion to 16 dismiss Plaintiffs’ claim for injunctive relief is GRANTED. 17
18 2. Claim Under UCL and CLRA 19 The Plaintiffs charge Ledger with violations of the UCL and the CLRA. The UCL defines 20 “unfair competition” to include “any unlawful, unfair or fraudulent business act or practice” and 21 “unfair, deceptive, untrue or misleading advertising.” Cal. Bus. & Prof. Code § 17200. The law’s 22 scope is “broad.” Cel-Tech Commc’ns, Inc. v. L.A. Cellular Tel. Co., 20 Cal. 4th 163, 180-81 23 (1999). The UCL’s prongs on “unlawful,” “unfair” or “fraudulent” practices give rise to separate 24 and distinct theories of liability. See id. at 180. “Whether a practice is deceptive, fraudulent, or 25 unfair is generally a question of fact which requires ‘consideration and weighing of evidence from 26 both sides’ and which usually cannot be made on demurrer.” Linear Tech. Corp. v. Applied 27 Materials, Inc., 61 Cal. Rptr. 3D 221, 236 (Cal. App. Ct. 2007) (quoting McKell v. Washington 1 Mutual, Inc., 142 Cal. App. 4th 1472, 1473 (Cal. App. Ct. 2006)). 2 “The ‘unfair’ prong of the UCL creates a cause of action for a business practice that is 3 unfair even if not proscribed by some other law.” Korea Supply Co. v. Lockheed Martin Corp., 29 4 Cal. 4th 1134, 1143 (2003). Under the “unlawful” prong of the UCL, violations of state or federal 5 law are “unlawful practices that the unfair competition law makes independently actionable.” 6 Velazquez v. GMAC Mortg. Corp., 605 F. Supp. 2d 1049, 1068 (C.D. Cal. 2008) (citations 7 omitted). Under the “fraudulent” prong of the UCL, claims for misrepresentation may be 8 “affirmative untrue statements[,]” “false” representations, and “a broader category of 9 representations that have ‘a capacity, likelihood[,] or tendency to deceive or confuse the public.’” 10 Rothman v. Equinox Holdings, Inc., 2021 WL 1627490, at *10 (C.D. Cal. Apr. 27, 2021) (quoting 11 Colgan v. Leatherman Tool Grp., Inc., 135 Cal.App.4th 663, 683 (2003); Williams, 552 F.3d at 12 938). 13 The Court has already held that Plaintiffs’ claims for fraud are “subject to Rule 9(b)’s 14 heightened pleading standard.” Prior Order at 51. Plaintiff’s claims under the UCL and CLRA 15 centrally allege that Ledger misrepresented the security of purchaser’s personal data underlying 16 the purchase of its hardware wallets and that Ledger failed to prevent the incident involving 17 employees of its sub-sub-contractor TaskUs. TAC ¶¶ 6, 19, 21. 18 The Court previously analyzed Plaintiffs’ claims and rejected Seirafi’s misrepresentation 19 theory because: 20 • “[C]onsumers could not have been misled into thinking that providing Ledger with 21 their PII online would be fully secure;” 22 • “Ledger’s representations regarding the security of its hardware wallets do not pertain 23 to the security of Mr. Seirafi’s PII which was not on the hardware wallet at all;” and 24 • “Since Shopify did not announce this incident to Ledger until December, Ledger could 25 not have noticed its customers of Shopify’s involvement in the incident in May and 26 July.” 27 Prior Order at 54-56. 1 UCL and CLRA claim should be dismissed because Seirafi’s misrepresentation claim has again 2 failed “because he still (1) fails to plausibly identify any statements or omissions that are 3 misrepresentations, and (2) fails to identify the purported statements or omissions on which he 4 relied.” Ledger Motion at 9. Further, Ledger argues Plaintiffs’ UCL “unfair” and “unlawful” 5 claims fall because Plaintiffs fail to describe “with reasonable particularity the facts supporting the 6 violation.” Ledger Motion at 13. 7 a. Misrepresentations, CLRA and “fraudulent” prong of UCL 8 “Misrepresentation claims brought pursuant to the UCL … and CLRA are each judged 9 against the same ‘reasonable consumer’ test, which asks whether ‘members of the public are likely 10 to be deceived’ by the alleged misrepresentation.” Rothman v. Equinox Holdings, Inc., 2021 WL 11 1627490, at *9 (C.D. Cal. Apr. 27, 2021) (quoting Williams v. Gerber Prod. Co., 52 F.3d 934, 938 12 (9th Cir. 2008)). Claims for misrepresentation may be “affirmative untrue statements[,]” “false” 13 representations, and “a broader category of representations that have ‘a capacity, likelihood[,] or 14 tendency to deceive or confuse the public.’” Id. at *10 (quoting Colgan v. Leatherman Tool Grp., 15 Inc., 135 Cal. App. 4th 663, 683 (2003); Williams, 552 F.3d at 938). “Under … the UCL or the 16 CLRA, when a defendant truthfully and clearly discloses an alleged misrepresentation or 17 omission, a plaintiff cannot plausibly state a claim for relief.” Hammerling v. Google, LLC, 615 18 F. Supp. 3d 1069, 1082 (N.D. Cal. 2022) (citing Dinan v. Sandisk LLC, 2019 WL 2327923, at *2 19 (N.D. Cal. May, 31, 2019)); see also Fabozzi v. StubHub, Inc., 2021 WL 506330, at *6 (N.D. Cal. 20 Feb. 15, 2012) (J., Chen) (a ticket reseller did not fraudulently omit that it sold its tickets at a 21 “premium” compared to the ticket’s face value because the ticket reseller disclosed on its website 22 that its tickets “may be … above face value.”). 23 Plaintiffs predicate their fraud claim entirely on a combination of a misrepresentation and 24 an omission in Ledger’s July 2018 privacy policy. Plaintiffs argue that Ledger misrepresented its 25 level of supervision over its contractors and omitted Ledger’s failure to supervise its 26 subcontractors from this privacy policy. Plaintiffs argue that Ledger’s privacy policy states it will 27 (i) implement certain safeguards to secure data “throughout our Services,” (ii) enforce those 1 (iv) “ensure” that “service providers acting on [their] behalf” provide for the “necessary 2 guarantees with respect to the [General Data Protection Regulation.]” (“GDPR”). Opp. at ¶¶ 7:10- 3 21 (citing TAC ¶¶ 242, 259). From those statements, Seirafi argues that Ledger omitted that it did 4 not take steps to oversee TaskUs or to ensure that TaskUs followed certain measures, such as 5 Ledger’s guidelines and the GDPR. (Opp. at 7:24-8:18.) Plaintiffs do not allege standalone 6 omissions not tied to the privacy policy statements. 7 Plaintiffs have pled with sufficient particularity their fraud claim in the TAC. Though the 8 promises Ledger made in its privacy policy are not particularly specific, Defendant Ledger is on 9 sufficient notice of the alleged affirmative statements and omissions to defend against Plaintiffs’ 10 assertions that Ledger did not apply its own safeguards or those under the GDPR. See In re Yahoo! 11 Inc. Customer Data Sec. Breach Litig., 2017 WL 3727318, *26-27 (N.D. Cal. Aug. 30, 2017) 12 (finding defendants’ representation that they had “physical, electronic, and procedural safeguards 13 that comply with federal regulations to protect personal information about you” actionable.”). 14 However, Plaintiffs failed to plead any allegations that Plaintiff actually saw or relied on 15 the July 31, 2018 privacy policy, a predicate to their claim of fraud – the alleged omissions is tied 16 to the statements made therein. Thus, absent reliance, their claim for misrepresentation under the 17 CLRA and the “fraudulent” prong under the UCL both fail. In re Actimmune Marketing Litig., No. 18 08-02376 MHP 2010 WL 3463491, at *8 (N.D. Cal. Sept. 1, 2010) (holding a plaintiff’s claim 19 “grounded in misrepresentation or deception” must plead “actual reliance” on the alleged 20 deception). Plaintiff was put on notice in the Court’s last order that reliance was a requirement of 21 a fraud claim. Prior Order at 56 n.15. Though Plaintiffs try to save their claim by pointing to cases 22 that allow fraud claims rooted in “omissions” to proceed without pleading reliance, Opp. at 10-11, 23 these cases are inapposite as Plaintiffs’ fraud claims are not based purely on an omission, but 24 rather omissions tied to express misrepresentations in the privacy policy. TAC ¶¶ 242, 259 (“And 25 these representations also give rise to a claim based on Ledger’s omissions”). When asked about 26 this at the hearing, Plaintiff agreed to the Court that their fraud theory was one of a 27 misrepresentation that then led to an omission. Therefore, Plaintiffs have failed to plead any 1 Accordingly, Defendant Ledger’s motion as to Plaintiff’s CLRA claim and “fraudulent” 2 prong of the UCL is GRANTED. 3 b. UCL “unfair” and “unlawful prong” 4 To support Plaintiffs’ claim under the UCL “unfair” and “unlawful” prong, Seirafi relies 5 on the same allegations as noted above to claim that Ledger erred by “fail[ing] to implement and 6 maintain reasonable security measures to protect” his personal information from disclosure in the 7 TaskUs incident. TAC ¶¶ 229, 237. Plaintiffs further allege: 8 Had Defendants been diligent and responsible, they would have known about and acted upon warnings published in 2017 that 93% 9 of data security breaches were avoidable and the key avoidable causes for data security incidents are: 10 • Lack of a complete risk assessment, including internal, third-party, and cloudbased systems and services; 11 • Not promptly patching known/public vulnerabilities, and not having a way to process vulnerability reports; 12 • Misconfigured devices/servers; • Unencrypted data and/or poor encryption key management and 13 safeguarding; • Use of end-of-life (and thereby unsupported) devices, operating 14 systems, and applications; • Employee errors and accidental disclosures — lost data, files, 15 drives, devices, computers, improper disposal; • Failure to block malicious email; and 16 • Users succumbing to business email compromise (BEC) and social exploits. 17 TAC ¶ 173. 18 To succeed on bringing a claim under the “unlawful” prong of the UCL, Plaintiffs must 19 “plead with particularity how the facts of this case pertain to that specific statute.” Baba v. 20 Hewlett-Packard Co., No. C 09-05946 RS, 2010 WL 2486353, at *6 (N.D. Cal. June 16, 2010). 21 “By proscribing any unlawful business practice, section 17200 borrows violations of other laws 22 and treats them as unlawful practices that the unfair competition law makes independently 23 actionable.” Chabner v. United of Omaha Life Ins. Co., 225 F.3d 1042, 1048 (9th 24 Cir.2000). Plaintiffs connect the alleged deficiencies of Ledger in supervising TaskUs to the 25 following statutes: 26 Ledger’s failures to implement and maintain reasonable security measures also were contrary to legislatively declared public policy 27 that seeks to protect consumers’ data and ensure that entities that are trusted with it use appropriate security measures. These policies are California’s Consumer Records Act, Cal. Civ. 1 Code § 1798.81.5.
2 Ledger has engaged in “unlawful” business practices by violating multiple laws, including California’s Consumer Records Act, Cal. 3 Civ. Code §§ 1798.81.5 (requiring reasonable data security measures) and 1798.82 (requiring timely breach 4 notification); California’s Consumers Legal Remedies Act, Cal. Civ. Code § 1780, et seq.; the FTC Act, 15 U.S.C. § 45; and California 5 common law. 6 TAC ¶¶ 238, 239. 7 Plaintiffs have thus met their pleading burden, alleging at minimum, a violation of the 8 California’s Consumer Records Act which requires that “a business that owns, licenses, or 9 maintains personal information about a California resident shall implement and maintain 10 reasonable security procedures and practices appropriate to the nature of the information, to 11 protect the personal information from unauthorized access, destruction, use, modification, or 12 disclosure.” Cal. Civ. Code § 1798.81.5. 13 To succeed on bringing a claim under the “unfair” prong of the UCL, courts have split on 14 the appropriate test to apply. See Svenson v. Google Inc., No. 13–CV–04080–BLF, 2015 WL 15 1503429, at *9 (N.D. Cal. Apr. 1, 2015) (explaining the split in California Courts of Appeal): 16 With respect to the unfair prong [. . .] [t]hree lines of authority have developed among the California Courts of Appeal. In the first line, 17 the test requires “that the public policy which is a predicate to a consumer unfair competition action under the unfair prong of the 18 UCL must be tethered to specific constitutional, statutory, or regulatory provisions.” Drum v. San Fernando Valley Bar Ass'n, 182 19 Cal.App. 4th 247, 257 (2010) (internal quotation marks and citation omitted). A second line of cases applies a test to determine whether 20 the identified business practice is “immoral, unethical, oppressive, unscrupulous or substantially injurious to consumers and requires 21 the court to weigh the utility of the defendant's conduct against the gravity of the harm to the alleged victim.” Id. (internal quotation 22 marks and citation omitted). The third test draws on the definition of “unfair” from antitrust law and requires that “(1) the consumer 23 injury must be substantial; (2) the injury must not be outweighed by any countervailing benefits to consumers or competition; and (3) it 24 must be an injury that consumers themselves could not reasonably have avoided.” Id. 25 The Court notes that nowhere in either Parties’ briefing do they address either of the three 26 tests. Nevertheless, the Court finds that Plaintiffs allegations are sufficient to allege that 27 Defendant’s conduct, at minimum, violated the balancing test. “Plaintiffs allege that Defendants 1 promised in their Privacy Policy to protect their customers’ data, but that Defendants knowingly 2 failed to employ adequate safeguards to protect their customers’ data, in violation of Defendants’ 3 Privacy Policy.” See In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-MD-02752- 4 LHK, 2017 WL 3727318, *24 (N.D. Cal. Aug. 30, 2017) (finding plaintiffs adequately alleged 5 unfair conduct under the balancing test where the complaint alleged that defendant failed to 6 adequately protect customer data, which was allegedly in violation of several statutes that reflected 7 California's public policy of protecting customer data) (collecting cases). 8 Accordingly, Plaintiffs have adequately plead claims under the “unfair” and “unlawful” 9 prongs under the UCL. The motion to dismiss those prongs of the UCL claim is DENIED. 10 i. Adequate remedy at law 11 Ledger argues Plaintiffs again fail to plead no adequate remedy at law, as is required to 12 state a claim for equitable relief under the UCL or CLRA. Sonner v. Premier Nutrition Corp., 971 13 F.3d 834, 841 (9th Cir. 2020). The Court previously deferred ruling on this until the pleadings 14 were settled. The Court has now dismissed with prejudice Plaintiffs’ remaining CLRA claim, the 15 legal basis for recovery of damages. Thus, Sonner does not apply, as Plaintiffs do not have a 16 remedy at law. This is not a case where the plaintiff’s failure to exercise diligence resulted in the 17 forfeiture of an otherwise available legal remedy. Cf Guzman v. Polaris Industries Inc., 49 F.4th 18 1308, 1312 (9th Cir. 2022) (finding Sonner did apply wherein the plaintiff had a viable CLRA 19 claim except that it was time-barred because a plaintiff “cannot have neglected his opportunity to 20 pursue his CLRA damages claim, which was an adequate remedy at law, and then be rewarded for 21 that neglect with the opportunity to pursue his equitable UCL claim in federal court.”). Instead, 22 the facts do not afford the Plaintiffs a right under the CRLA but do afford a basis to assert 23 equitable claims under the UCL. 24 Therefore, Defendant Ledger’s motion as to Plaintiff’s remaining claims of the UCL is 25 DENIED. 26 3. Motion to Strike California Subclass 27 In the Court’s Prior Order, the Court held that the California Consumer Subclass was 1 incidents occurred and were thus [presumably] aware of the alleged ‘inadequate’ security 2 practices at the time of their purchase.” Prior Order at 26 (quoting Ledger Reply at 15). 3 Accordingly, Plaintiffs revised the class definition in the TAC so it ends in December 2020, TAC, 4 ¶ 187, which is when Ledger first made a public announcement making clear the massive scope of 5 the data breach and a hacker published Ledger customer data online, TAC, ¶¶ 158, 161. 6 Ledger argues the current class definition is still too broad because it includes individuals 7 who never purchased their wallet from Ledger, and thus there is “no nexus with Seirafi’s claims 8 and Seirafi, who seeks to represent them, is atypical.” Ledger Reply at 14. 9 The Court previously found it appropriate to strike overly broad class definition because 10 the claims were not typical of the class. In the Court’s Prior Order, the Court found that Seirafi 11 alleged an injury-in-fact because his contact information was disclosed. See Prior Order at 15-20 12 (holding Plaintiff’s claims for privacy injury, benefit-of-the-bargain injury, and lost value of PII 13 stemmed from disclosure of his information). Thus, if a putative class member did not purchase 14 their wallet from Ledger, it is unclear, and Plaintiffs do not allege, that such an indirect purchaser 15 would have given their contact information to Ledger, which was then share with Shopify and 16 TaskUs and became subject to exfiltration. Though Plaintiffs attempt to argue that a class 17 member’s connection to the alleged breach is not relevant because Plaintiffs argue under a 18 “benefit-of-the-bargain” theory, the value of all Ledger wallets was depreciated by this alleged 19 breach, the Court is not persuaded. Here, there is no allegation that the product itself was defective 20 – the basis of the typical benefit-of-the-bargain or “premium price” theory. See, e.g. Siqueiros v. 21 General Motors LLC, 2022 WL 74182, at *11 (N.D. Cal. Jan 7, 2022); see also Nguyen v. Nissan 22 N. Am., Inc., 932 F.3d 811, 819–822 (9th Cir. 2019). Here the problem lay with the PII Ledger 23 obtained in connection with the sale of the wallet, not the wallet itself. If an indirect purchaser 24 never provided PII to Ledger in the process of purchasing the wallet, it was not exposed to the data 25 breach and there would be no basis of asserting overpayment of a premium price. 26 Accordingly, Plaintiffs must redefine the class definition to include only purchases of 27 Ledger’s wallet who purchased directly from Ledger. 1 V. CONCLUSION 2 For the foregoing reasons, the Court GRANTS Defendant TaskUs’s Motion, and 3 GRANTS IN PART AND DENIES IN PART Defendant Ledger’s Motion. Plaintiffs’ third 4 || cause of action against Ledger under the “unjust” and “unlawful” prongs of the UCL is all that 5 |} remains. 6 Plaintiffs are granted leave solely to modify the class definition and shall have 30 days 7 from the date of this Order to file the amended complaint. Otherwise, as this is already the third 8 || amended complaint, Plaintiffs’ claims that are inadequately plead are dismissed with prejudice. 9 10 11 IT IS SO ORDERED. 3s 12
13 Dated: February 6, 2025
EDWA . CHEN A 16 United States District Judge
Z 18 19 20 21 22 23 24 25 26 27 28