1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 MATTHEW BECKER, Case No. 21-cv-03295-JST
8 Plaintiff, ORDER DENYING SECOND MOTION 9 v. FOR PRELIMINARY APPROVAL OF CLASS ACTION SETTLEMENT 10 LISI, LLC, et al., Re: ECF No. 42 Defendants. 11
12 13 Before the Court is Plaintiff Matthew Becker’s second motion for preliminary approval of 14 a class action settlement. ECF No. 42. The Court will deny the motion without prejudice. 15 I. BACKGROUND 16 This putative class action arises out of the alleged failure of Defendants LISI, LLC and 17 AmWins Group, Inc. to adequately secure and safeguard their customers’ personally identifiable 18 information (“PII”). ECF No. 1. Plaintiff brings claims on behalf of all individuals whose PII was 19 compromised as a result of the data breach Defendants announced in July 2020. 20 A. Parties and Claims 21 LISI partners with insurance carriers to market and distribute their products to insurance 22 brokers and agencies. AmWins is LISI’s parent company. In July 2020, Becker, who had 23 previously enrolled in a MetLife insurance plan, received a Notice of Data Breach from LISI. The 24 notice indicated that an employee’s email account had been hacked, and that emails containing 25 class members’ PII—including names, Social Security Numbers, dates of birth, and insurance 26 information—had been forwarded from a LISI email account to an unauthorized third party. 27 Becker alleges that Defendants took inadequate steps to protect class members’ PII, and 1 theft. Among other harms, Becker asserts that fraudulent accounts were opened in his name using 2 his Social Security number, and that he was required to purchase a credit and identity theft 3 monitoring product that he would not otherwise have needed to purchase. 4 Becker’s complaint asserts causes of action for (1) negligence, (2) breach of confidence, 5 (3) injunctive and declaratory relief, and (4) violation of California’s Unfair Competition Law, 6 Cal. Bus. & Prof. Code §§ 17200, et seq. 7 B. Key Terms of Proposed Settlement 8 The Settlement Agreement defines the Settlement Class as “all persons residing in the 9 United States whose [PII] was compromised as a result of the Data Security Incident that was 10 announced by Defendants in July 2020.” ECF No. 38-1 ¶¶ 1.35, 4.1. The class is comprised of 11 approximately 500 individuals.1 12 Defendants agree to provide all class members with access to IDX’s Identity Protection 13 Services for 24 months from the “Effective Date.”2 Id. ¶ 5.2. “This benefit will be provided with 14 the Short Notice as a link with a redeemable code to be used directly with IDX.” Id. Though class 15 members need not submit a claim to access Identity Protection Services, they must enroll by the 16 17 18
19 1 The exact size of the proposed class is unclear. The Settlement Agreement and notice state that the class is composed of 553 individuals. ECF No. 38-1 ¶ 1.37; id. at 46. Becker’s second motion 20 for preliminary approval suggests that the class is composed of 491 individuals. ECF No. 42-3 (chart stating that 491 class members would be bound by the proposed settlement). For the 21 purposes of this order, the Court assumes a class size of 500.
22 2 “Effective Date” is not defined in the Settlement Agreement, as the internal cross-reference in its definition is incorrect. ECF No. 38-11 ¶ 1.11 (defining “Effective Date” as “the first date by 23 which all of the events and conditions specified in ¶ 1.12 herein have occurred and been met”); id. ¶ 1.12 (defining “Fee Application”). 24
The term “Effective Date” is also repeatedly used—without definition—in both the short and long 25 notice. See, e.g., ECF No. 38-1 at 40 (explaining that all class members will be provided credit monitoring services “for a period of 24 months from the Effective Date of the Settlement”); id. at 26 43 (“[S]ervices will be provided for a period of 24 months from the Effective Date of the Settlement.”). For more information regarding the terms of the settlement, the notices direct class 27 members to the Settlement Agreement, available on the settlement website. However, as noted 1 “Election Deadline,” a term not defined in the Settlement Agreement.3 Id. 2 Class members may also submit claims for out-of-pocket losses reasonably traceable to the 3 data breach, including losses relating to fraud or identity theft; fees associated with lawyers, 4 accountants, or credit repair services; costs associated with freezing or unfreezing credit and post- 5 breach credit monitoring; and breach-related notary, fax, postage, copying, mileage, and long- 6 distance telephone charges. Id. ¶ 5.3. Each class member seeking reimbursement for such out-of- 7 pocket losses must submit receipts or other “not ‘self-prepared’” documentation. Id. Class 8 members can also be reimbursed for up to three hours of time spent addressing issues related to 9 the data breach, compensated at $25 per hour, provided they submit an attestation and brief 10 description of the time associated with each action. While Defendants will not create a fund for 11 payment of class members’ claims for reimbursement of out-of-pocket losses and lost time, 12 Defendants will reimburse each claimant up to $1,500, up to an aggregate cap of $200,000. If the 13 value of claims made exceeds this cap, each will be reduced on a pro rata basis. Id. If claims 14 submitted total less than $200,000, Defendants will keep the difference. 15 The Settlement Agreement also identifies “Non-Monetary Relief” in the form of 16 improvements to Defendants’ cybersecurity practices. Id. ¶ 5.7. “In response to the event, 17 following a password reset across the organization, [LISI] enacted multi-factor authentication and 18 tightened policies and practices with regard to the creation of forwarding rules[,] . . . conducted a 19 re-training of its employees[,] . . . instituted annual employee training[,] . . . [and] has also come 20 under the governance of AmWINS Group, Inc.’s central security team, which has standardized 21 anti-malware protections on all endpoints.”4 Id. 22 3 The Settlement Agreement states that, “[i]f a Settlement Class Member elects to receive . . . 23 Identity Protection Services, he or she must make that election by the Election Deadline.” ECF No. 38-1 ¶ 5.3. Because the Settlement Agreement and notices indicate that all class members 24 will receive this benefit, the Court understands the phrase “make that election” to mean that class members must enter the redeemable code on the IDX website prior to the Election Deadline. 25 Neither notice explains that a class member who wishes to enroll in Identity Protection Services must do so by any deadline. 26
4 Despite the fact that the paragraph is titled “Non-Monetary Relief” and appears in a section titled 27 “Settlement Consideration,” nothing in the text of the paragraph, the rest of the Settlement 1 The Settlement Agreement provides that class members agree to release all claims “that 2 result from, arise out of, are based upon, or relate to the [data breach], and conduct that was 3 alleged or could have been alleged in [this action]. . . including [claims] . . . arising out of (1) the 4 unauthorized access of [class members’] personally identifiable information . . .; (2) Defendants’ 5 maintenance of [class members’] personally identifiable information; (3) Defendants’ information 6 security policies or practices; (4) Defendants’ provision of notice to [class members] following the 7 [data breach].” Id. ¶ 9.1. 8 The Settlement Agreement includes a “clear sailing” provision: Defendants agree not to 9 oppose any motion for attorney’s fees and costs of $75,000 or any motion for a service award of 10 no more than $2,000 to Becker. Id. ¶¶ 10.3, 10.7. 11 C. Procedural History 12 Becker filed this action on May 4, 2021. ECF No. 1.
Free access — add to your briefcase to read the full text and ask questions with AI
1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 7 MATTHEW BECKER, Case No. 21-cv-03295-JST
8 Plaintiff, ORDER DENYING SECOND MOTION 9 v. FOR PRELIMINARY APPROVAL OF CLASS ACTION SETTLEMENT 10 LISI, LLC, et al., Re: ECF No. 42 Defendants. 11
12 13 Before the Court is Plaintiff Matthew Becker’s second motion for preliminary approval of 14 a class action settlement. ECF No. 42. The Court will deny the motion without prejudice. 15 I. BACKGROUND 16 This putative class action arises out of the alleged failure of Defendants LISI, LLC and 17 AmWins Group, Inc. to adequately secure and safeguard their customers’ personally identifiable 18 information (“PII”). ECF No. 1. Plaintiff brings claims on behalf of all individuals whose PII was 19 compromised as a result of the data breach Defendants announced in July 2020. 20 A. Parties and Claims 21 LISI partners with insurance carriers to market and distribute their products to insurance 22 brokers and agencies. AmWins is LISI’s parent company. In July 2020, Becker, who had 23 previously enrolled in a MetLife insurance plan, received a Notice of Data Breach from LISI. The 24 notice indicated that an employee’s email account had been hacked, and that emails containing 25 class members’ PII—including names, Social Security Numbers, dates of birth, and insurance 26 information—had been forwarded from a LISI email account to an unauthorized third party. 27 Becker alleges that Defendants took inadequate steps to protect class members’ PII, and 1 theft. Among other harms, Becker asserts that fraudulent accounts were opened in his name using 2 his Social Security number, and that he was required to purchase a credit and identity theft 3 monitoring product that he would not otherwise have needed to purchase. 4 Becker’s complaint asserts causes of action for (1) negligence, (2) breach of confidence, 5 (3) injunctive and declaratory relief, and (4) violation of California’s Unfair Competition Law, 6 Cal. Bus. & Prof. Code §§ 17200, et seq. 7 B. Key Terms of Proposed Settlement 8 The Settlement Agreement defines the Settlement Class as “all persons residing in the 9 United States whose [PII] was compromised as a result of the Data Security Incident that was 10 announced by Defendants in July 2020.” ECF No. 38-1 ¶¶ 1.35, 4.1. The class is comprised of 11 approximately 500 individuals.1 12 Defendants agree to provide all class members with access to IDX’s Identity Protection 13 Services for 24 months from the “Effective Date.”2 Id. ¶ 5.2. “This benefit will be provided with 14 the Short Notice as a link with a redeemable code to be used directly with IDX.” Id. Though class 15 members need not submit a claim to access Identity Protection Services, they must enroll by the 16 17 18
19 1 The exact size of the proposed class is unclear. The Settlement Agreement and notice state that the class is composed of 553 individuals. ECF No. 38-1 ¶ 1.37; id. at 46. Becker’s second motion 20 for preliminary approval suggests that the class is composed of 491 individuals. ECF No. 42-3 (chart stating that 491 class members would be bound by the proposed settlement). For the 21 purposes of this order, the Court assumes a class size of 500.
22 2 “Effective Date” is not defined in the Settlement Agreement, as the internal cross-reference in its definition is incorrect. ECF No. 38-11 ¶ 1.11 (defining “Effective Date” as “the first date by 23 which all of the events and conditions specified in ¶ 1.12 herein have occurred and been met”); id. ¶ 1.12 (defining “Fee Application”). 24
The term “Effective Date” is also repeatedly used—without definition—in both the short and long 25 notice. See, e.g., ECF No. 38-1 at 40 (explaining that all class members will be provided credit monitoring services “for a period of 24 months from the Effective Date of the Settlement”); id. at 26 43 (“[S]ervices will be provided for a period of 24 months from the Effective Date of the Settlement.”). For more information regarding the terms of the settlement, the notices direct class 27 members to the Settlement Agreement, available on the settlement website. However, as noted 1 “Election Deadline,” a term not defined in the Settlement Agreement.3 Id. 2 Class members may also submit claims for out-of-pocket losses reasonably traceable to the 3 data breach, including losses relating to fraud or identity theft; fees associated with lawyers, 4 accountants, or credit repair services; costs associated with freezing or unfreezing credit and post- 5 breach credit monitoring; and breach-related notary, fax, postage, copying, mileage, and long- 6 distance telephone charges. Id. ¶ 5.3. Each class member seeking reimbursement for such out-of- 7 pocket losses must submit receipts or other “not ‘self-prepared’” documentation. Id. Class 8 members can also be reimbursed for up to three hours of time spent addressing issues related to 9 the data breach, compensated at $25 per hour, provided they submit an attestation and brief 10 description of the time associated with each action. While Defendants will not create a fund for 11 payment of class members’ claims for reimbursement of out-of-pocket losses and lost time, 12 Defendants will reimburse each claimant up to $1,500, up to an aggregate cap of $200,000. If the 13 value of claims made exceeds this cap, each will be reduced on a pro rata basis. Id. If claims 14 submitted total less than $200,000, Defendants will keep the difference. 15 The Settlement Agreement also identifies “Non-Monetary Relief” in the form of 16 improvements to Defendants’ cybersecurity practices. Id. ¶ 5.7. “In response to the event, 17 following a password reset across the organization, [LISI] enacted multi-factor authentication and 18 tightened policies and practices with regard to the creation of forwarding rules[,] . . . conducted a 19 re-training of its employees[,] . . . instituted annual employee training[,] . . . [and] has also come 20 under the governance of AmWINS Group, Inc.’s central security team, which has standardized 21 anti-malware protections on all endpoints.”4 Id. 22 3 The Settlement Agreement states that, “[i]f a Settlement Class Member elects to receive . . . 23 Identity Protection Services, he or she must make that election by the Election Deadline.” ECF No. 38-1 ¶ 5.3. Because the Settlement Agreement and notices indicate that all class members 24 will receive this benefit, the Court understands the phrase “make that election” to mean that class members must enter the redeemable code on the IDX website prior to the Election Deadline. 25 Neither notice explains that a class member who wishes to enroll in Identity Protection Services must do so by any deadline. 26
4 Despite the fact that the paragraph is titled “Non-Monetary Relief” and appears in a section titled 27 “Settlement Consideration,” nothing in the text of the paragraph, the rest of the Settlement 1 The Settlement Agreement provides that class members agree to release all claims “that 2 result from, arise out of, are based upon, or relate to the [data breach], and conduct that was 3 alleged or could have been alleged in [this action]. . . including [claims] . . . arising out of (1) the 4 unauthorized access of [class members’] personally identifiable information . . .; (2) Defendants’ 5 maintenance of [class members’] personally identifiable information; (3) Defendants’ information 6 security policies or practices; (4) Defendants’ provision of notice to [class members] following the 7 [data breach].” Id. ¶ 9.1. 8 The Settlement Agreement includes a “clear sailing” provision: Defendants agree not to 9 oppose any motion for attorney’s fees and costs of $75,000 or any motion for a service award of 10 no more than $2,000 to Becker. Id. ¶¶ 10.3, 10.7. 11 C. Procedural History 12 Becker filed this action on May 4, 2021. ECF No. 1. After several stipulations to extend 13 time to respond to the complaint, Becker filed a motion for preliminary approval of class action 14 settlement on February 25, 2022. ECF No. 38. The Court denied the motion without prejudice. 15 ECF No. 39. Becker filed this second unopposed motion for preliminary approval on October 28, 16 2022. ECF No. 42. 17 II. JURISDICTION 18 The Court has jurisdiction pursuant to 28 U.S.C. § 1332. 19 III. LEGAL STANDARD 20 The Ninth Circuit maintains a “strong judicial policy” that favors the settlement of class 21 actions. Class Plaintiffs v. City of Seattle, 955 F.2d 1268, 1276 (9th Cir. 1992). Rule 23 requires 22 courts to employ a two-step process in evaluating a class action settlement. First, the parties must 23 show “that the court will likely be able to . . . (i) approve the proposal under Rule 23(e)(2).” Fed. 24 R. Civ. P. 23(e)(1)(B). In other words, a court must make a preliminary determination that the 25 settlement “is fair, reasonable, and adequate” when considering the factors set out in Rule 26 23(e)(2). Fed. R. Civ. P. 23(e)(2). If no class has yet been certified, a court must make a 27 preliminary finding that it “will likely be able to . . . (ii) certify the class for purposes of judgment 1 “must direct notice in a reasonable manner to all class members who would be bound by the 2 proposal.” Id. Second, courts must hold a hearing pursuant to Rule 23(e)(2) to make a final 3 determination of whether the settlement is “fair, reasonable, and adequate.” Fed. R. Civ. P. 4 23(e)(2). 5 The court’s task at the preliminary approval stage is to determine whether the settlement 6 falls “within the range of possible approval.” In re Tableware Antitrust Litig., 484 F. Supp. 2d 7 1078, 1079 (N.D. Cal. 2007) (quoting Schwartz v. Dallas Cowboys Football Club, Ltd., 157 F. 8 Supp. 2d 561, 570 n.12 (E.D. Pa. 2001)). Courts “must be particularly vigilant not only for 9 explicit collusion, but also for more subtle signs that class counsel have allowed pursuit of their 10 own self-interests and that of certain class members to infect the negotiations.” In re Bluetooth 11 Headset Prods. Liab. Litig., 654 F.3d 935, 947 (9th Cir. 2011). Preliminary approval is 12 appropriate if “the proposed settlement appears to be the product of serious, informed, non- 13 collusive negotiations, has no obvious deficiencies, does not improperly grant preferential 14 treatment to class representatives or segments of the class, and falls within the range of possible 15 approval.” Tableware, 484 F. Supp. 2d at 1079 (quoting Schwartz, 157 F. Supp. 2d at 570 n.12). 16 The proposed settlement need not be ideal, but it must be fair and free of collusion, consistent with 17 counsel’s fiduciary obligations to the class. Hanlon v. Chrysler Corp., 150 F.3d 1011, 1027 (9th 18 Cir. 1998), overruled on other grounds by Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338 (2011) 19 (“Settlement is the offspring of compromise; the question we address is not whether the final 20 product could be prettier, smarter or snazzier, but whether it is fair, adequate and free from 21 collusion.”). To assess a settlement proposal, courts must balance a number of factors:
22 [T]he strength of the plaintiffs’ case; the risk, expense, complexity, and likely duration of further litigation; the risk of maintaining class 23 action status throughout the trial; the amount offered in settlement; the extent of discovery completed and the stage of the proceedings; 24 the experience and views of counsel; the presence of a governmental participant; and the reaction of the class members to the proposed 25 settlement. 26 Id. at 1026 (quoting Torrisi v. Tucson Elec. Power Co., 8 F.3d 1370, 1375 (9th Cir. 1993)). The 27 proposed settlement must be “taken as a whole, rather than the individual component parts,” in the 1 substitute certain provisions”; the settlement “must stand or fall in its entirety.” Id. (quoting 2 Officers for Justice, 688 F.2d at 630). 3 IV. DISCUSSION 4 Becker’s second motion for preliminary approval addresses some, but not all, of the 5 deficiencies identified by the Court in its prior order. 6 In its prior order, the Court explained that Becker’s initial motion did not comply with 7 certain sections of the Procedural Guidelines, and that “failure to address the issues discussed in 8 the Guidelines is a proper ground for denying a motion for preliminary . . . approval.” ECF 9 No. 41 at 8 (quoting Bakhtiar v. Info Res., Inc., No. 17-cv-04559-JST, 2020 WL 11421997, at *8 10 (N.D. Cal. Jan. 30, 2020)).5 Becker’s second motion does not comply with certain sections of the 11 Guidelines. 12 A. Section 1(c) 13 The Guidelines require an explanation of “[t]he class recovery under the settlement 14 (including details about and the value of injunctive relief), the potential class recovery if plaintiffs 15 had fully prevailed on each of their claims, claim by claim, and a justification of the discount 16 applied to the claims.” Guidelines § 1(c). 17 Such information permits courts to determine whether a proposed settlement is reasonable. 18 “Balancing the class’s potential recovery against the amount offered in settlement is ‘perhaps the 19 most important factor to consider’ in preliminary approval.” Haralson v. U.S. Aviation Servs. 20 Corp., 383 F. Supp. 3d 959, 970 (N.D. Cal. 2019) (quoting Cotter v. Lyft, Inc., 176 F. Supp. 3d 21 930, 935 (N.D. Cal. 2016)). “Plaintiffs seeking preliminary approval should show their work by 22 explaining the relative value of their claims in significant detail.” Id. (quoting Eddings v. DS 23 Servs. of Am., Inc., No. 15-cv-02576-VC, 2016 WL 3390477, at *1 (N.D. Cal. May 20, 2016)). 24
25 5 The Procedural Guidelines were updated on August 4, 2022. The Court’s prior order evaluated Becker’s first motion for preliminary approval under the prior version of the Procedural 26 Guidelines, which were in effect at the time of the motion’s filing. Because Becker’s second motion was filed after August 4, 2022, the Court here evaluates Becker’s compliance with the 27 current Procedural Guidelines, available at https://www.cand.uscourts.gov/forms/procedural- 1 In its prior order, the Court instructed Becker that any future motion should state the 2 maximum value of the class’s claims and explain the basis for this value. Becker’s second motion 3 argues that such a calculation is not possible, and instead suggests that a market theory 4 approach—which estimates the black-market value of class members’ stolen Social Security 5 numbers—properly estimates the measure of damages at trial:
6 Plaintiff is unaware of any data breach cases that have proceeded to trial to provide illustration for the recovery that would be awarded if 7 Plaintiff had fully prevailed on each of his claims on a class wide basis. While class wide data breach damage models remain largely 8 untested, the typical measure of damages proffered has been a market value of PII based upon black market rates for the data points 9 involved. . . . Under a market theory approach, Settlement Class Members may have been able to recovery [sic] $2[-]$25 per person 10 for their Social Security numbers involved in the Data Security Incident. . . . At the highest amount of $25, Plaintiff would only have 11 been able to recover $12,500 for the class as a whole. 12 ECF No. 42 at 8-9 (citations omitted). Becker argues that, compared to the $12,500 maximum 13 recovery calculated using the market theory approach, the proposed settlement offers clear 14 benefits: Defendants have agreed to pay up to $200,000 in valid claims for out-of-pocket expenses 15 and time lost, and all class members will be offered 24 months of IDX’s Identity Protection 16 Services, which “provides more than $117,250.00 in [estimated retail] value to the Class for the 17 free two years of coverage.” ECF No. 42 at 8. 18 Becker argues that the “typical measure of damages” in data breach cases is the market 19 value theory, citing two cases in which courts denied Daubert challenges to the use of dark web 20 market values as a basis for damages models. ECF No. 42 at 9. But neither case suggests that 21 dark web values provide the “typical measure” for damages in data breach cases, and Becker does 22 not explain why this is the best measure of the value of his claims. Becker does not explain 23 whether or how his proposed market theory approach accurately captures “the potential class 24 recovery if plaintiffs had fully prevailed on each of their claims, claim by claim.” Guidelines 25 § 1(c) (emphasis added). 26 It is not clear how well the dark web value of class members’ Social Security numbers 27 reflects the potential class recovery in this action. Becker’s complaint pleads claims for 1 relief. Becker alleges that, as a result of Defendant’s conduct, class members faced:
2 ongoing, imminent, certainly impending threat of identity theft crimes, fraud and other misuse, resulting in monetary loss and 3 economic harm; actual identity theft crimes, fraud, and other misuse, resulting in monetary loss and economic harm; loss of the value of 4 their privacy and the confidentiality of the stolen PII; illegal sale of the compromised PII on the black market; mitigation expenses and 5 time spent on credit monitoring, identity theft insurance, and credit freezes and unfreezes; reviewing bank statements, payment card 6 statements, and credit report; expenses and time spent initiating fraud alerts; decreased credit scores and ratings; lost work time; lost value 7 of the PII; lost benefit of their bargains and overcharges for services; and other economic and non-economic harm. 8 ECF No. 1 ¶¶ 112, 122. The potential class recovery, if Becker had fully prevailed on his claims, 9 would not seem to be measured by the market theory approach. 10 Without information about the class’s potential recovery, the Court cannot evaluate 11 whether the proposed settlement is reasonable. Any future motion should state “the potential class 12 recovery if plaintiffs had fully prevailed on each of their claims, claim by claim, and a justification 13 of the discount applied to the claims.” Guidelines § 1(c). 14 Finally, the “Settlement Consideration” section of the Settlement Agreement discusses 15 “Non-Monetary Relief” in the form of post-breach actions taken by Defendants. ECF No. 38-1 16 ¶ 5.7. If this is non-monetary relief to class members, any future motion must provide details 17 about and estimate the value of such relief. 18 B. Section 1(f) 19 The Guidelines require that, where a settlement involves a claim form, the motion should 20 state “an estimate of the expected claim rate in light of the experience of the selected claims 21 administrator and/or counsel based on comparable settlements, the identity of the examples used 22 for the estimate, and the reason for the selection of those examples.” Guidelines § 1(f). 23 Becker’s second motion estimates a claims rate of 4%, in which case Defendants would 24 pay up to $30,000 to 20 class members.6 ECF No. 42 at 10. An exhibit explains that proposed 25 claims administrator Angeion Group reached this estimated claims rate by “sampl[ing] and 26 27 1 compar[ing] 5 data breach cases Angeion Group has administered that [it] believe[s] to be 2 instructive here” and provides a chart comparing the class size, number of claims, and claims rate 3 in each of those cases. ECF No. 42-2 at 6. Neither the motion nor the exhibit discloses the 4 identity of the examples used for the estimate or the reason for selection of those examples, as 5 required by the Guidelines. 6 C. Section 1(g) 7 “[I]n light of Ninth Circuit case law disfavoring reversions,” the Guidelines require 8 motions for preliminary approval to state “whether and under what circumstances money 9 originally designated for class recovery will revert to any defendant, the expected and potential 10 amount of any such reversion, and an explanation as to why a reversion is appropriate.” 11 Guidelines § 1(g). 12 Becker acknowledges that, like all claims-made settlements, “the Settlement Agreement 13 allows Defendants to retain any unclaimed amounts, which is in essence a reversion.” ECF No. 38 14 at 22. At Becker’s estimated claims rate of 4%—which would result in Defendants paying out a 15 maximum of $30,000 in claims—Defendants will keep at least $170,000 in funds they are willing 16 to pay class members in consideration of their release of claims. 17 Neither of Becker’s motions for preliminary approval explains why a reversionary 18 settlement is appropriate in this case. Becker’s initial motion argued that “the circumstances of 19 this matter coupled with the benefits in the proposed Settlement do not weigh against a reversion,” 20 and that “[c]ompensating Settlement Class Members for their actual losses, which can be precisely 21 calculated, is a fair form of compensation, as opposed to an equal distribution of a fund.” ECF 22 No. 38 at 22. But the motion did not address why a reversionary claims-made settlement—as 23 opposed to, for example, a settlement fund from which claims are paid, in which unpaid funds do 24 not revert to Defendants—is appropriate in this particular case. Becker’s second motion for 25 preliminary approval does not address this issue. 26 Becker’s initial motion argued that “the provision of the additional 24 months of IDX 27 Identity Protection Services is not subject to any cap,” which “adds to the overall value of the 1 collusion.” ECF No. 38 at 22-23. Becker estimates that the provision of Identity Protection 2 Services—for which all class members are automatically eligible—adds $117,250 in value to the 3 class. ECF No. 42 at 8. Per the Settlement Agreement, “[t]his benefit will be provided with the 4 Short Notice as a link with a redeemable code to be used directly with IDX.” ECF No. 38-1 ¶ 5.2. 5 “If a Settlement Class Member elects to receive . . . Identity Protection Services, he or she must 6 make that election by the Election Deadline.” Id. This language suggests that the redeemable 7 codes expire or otherwise cannot be used after the Election Deadline. It is not clear whether this 8 provision of the agreement is also reversionary.7 9 Any future motion for preliminary approval should clearly state “whether and under what 10 circumstances money originally designated for class recovery will revert to any defendant, the 11 expected and potential amount of any such reversion, and an explanation as to why a reversion is 12 appropriate.” Guidelines § 1(g). The Court emphasizes that reversionary clauses “require ‘even 13 greater scrutiny than is ordinarily demanded.’” Rollins v. Dignity Health, No. 13-CV-01450-JST, 14 2019 WL 8165915, at *8 (N.D. Cal. Oct. 28, 2019) (quoting In re Bluetooth, 654 F.3d at 949). 15 D. Section 11 16 The Guidelines also require information about one or more prior, comparable settlements, 17 namely “[t]he claims being released, the total settlement fund, the total number of class members, 18 the total number of class members to whom notice was sent, the method(s) of notice, the number 19 and percentage of claim forms submitted, the average recovery per class member or claimant, the 20 amounts distributed to cy pres recipients, the administrative costs, the attorneys’ fees and costs, 21 [and] the total exposure if the plaintiffs had prevailed on every claim.” Guidelines § 11(a). For 22 settlements which entitle class members to non-monetary relief, counsel must additionally state 23 “the number of class members availing themselves of such relief and the aggregate value 24 redeemed by the class members and/or by any assignees or transferees of the class members’ 25
26 7 If Defendants are paying a discounted bulk rate for credit monitoring services, regardless of how many class members enroll, the provision is not reversionary. If, however, Defendants are 27 permitted to retain the value of any unredeemed codes after that date—that is, if Defendants do not 1 interests.” Id. § 11(b). For settlements involving “injunctive and/or other non-monetary relief,” 2 counsel must also “discuss the benefit conferred on the class.” Id. § 11(c). 3 In its prior order, the Court noted that Becker’s first motion for preliminary approval 4 provided some, but not all, of the information required concerning the past comparable settlements 5 he identifies. Becker’s second motion attaches a chart of comparable data breach settlements that 6 does not address all of the requirements of Section 11. ECF No. 42-3. The chart lists six data 7 breach settlements and provides the total monetary settlement, number of class members, number 8 of noticed class members, number of claims received, administrative costs, and “total exposure on 9 market value theory” for each settlement.8 The chart additionally notes that one of the settlements 10 included a distribution to a cy pres recipient. The chart does not identify the claims being 11 released, the methods of notice, the average recovery per class member, or attorney’s fees and 12 costs, nor does it identify whether class members in those settlements were entitled to non- 13 monetary relief and, if so, how many class members availed themselves of such relief.9 14 Any future motion for preliminary approval should fully address the requirements of 15 Section 11 of the Guidelines. 16 CONCLUSION 17 From the information provided in Becker’s second motion for preliminary approval, the 18
19 8 While Becker offers no explanation for his calculation of “total exposure on market value theory” for each of these settlements, the amounts appear to have been calculated by multiplying 20 the black-market value of a single Social Security number by the number of class members. See ECF No. 42-3 (calculating total exposure of $5,944,125 for class size of 237,765, based on 21 estimated black-market value of $25). As discussed above, Becker does not adequately support an inference that this is an adequate measure of “total exposure if the plaintiffs had prevailed on 22 every claim,” nor does Becker suggest that the plaintiffs in these cases measured exposure in this way. 23
9 Such details permit the Court to evaluate this settlement against past comparable settlements. 24 See, e.g., Giroux v. Essex Prop. Tr., Inc., No. 16-cv-01722-HSG, 2018 WL 2463107, at *1-2 (N.D. Cal. June 1, 2018) (noting that, pursuant to settlement agreement, the defendant would 25 establish a gross settlement fund of $350,000; the defendant would purchase an additional three years of credit monitoring and identity protection coverage; notice would be sent via email and 26 U.S. mail; and the parties anticipated an average recovery of $70, excluding the value of identity protection services); Giroux v. Essex Prop. Tr., Inc., No. 16-cv-01722-HSG, 2019 WL 1207301, 27 at *6 (N.D. Cal. Mar. 14, 2019) (granting $140,000 in attorney’s fees, $9,498.64 in costs, and 1 Court cannot make a preliminary determination that the proposed settlement is fair, reasonable, 2 and adequate, or that the settlement falls within the range of possible approval. The motion is 3 therefore denied. 4 Becker may submit a revised motion for preliminary approval within 90 days of this order. 5 IT IS SO ORDERED.
6 Dated: May 25, 2023 JON S. TIGAR 8 nited States District Judge 9 10 11 12
© 15 16
= 17
Z 18 19 20 21 22 23 24 25 26 27 28