Ganesh Sankar, et al. v. California Northstate University, LLC

• Court: District Court, E.D. California
• Decided: December 10, 2025
• Docket: 2:24-cv-00473
• Status: Unknown

Opinion

1 2 3 4 5 6 7 8 UNITED STATES DISTRICT COURT 9 FOR THE EASTERN DISTRICT OF CALIFORNIA 10 11 GANESH SANKAR, et al., No. 2:24-cv-00473-DAD-JDP 12 Plaintiffs, 13 v. ORDER GRANTING PLAINTIFFS’ MOTION FOR PRELIMINARY APPROVAL OF 14 CALIFORNIA NORTHSTATE CLASS ACTION SETTLEMENT UNIVERSITY, LLC, 15 (Doc. No. 42) Defendant. 16

17 18 This matter is before the court on plaintiffs’ motion for preliminary approval of class 19 action settlement of their data breach class action lawsuit brought against defendant California 20 Northstate University, LLC. (Doc. No. 42.) On March 24, 2025, plaintiffs’ motion was taken 21 under submission on the papers pursuant to Local Rule 230(g). (Doc. No. 43.) For the reasons 22 explained below, the court will grant plaintiffs’ motion. 23 BACKGROUND 24 On February 15, 2024, plaintiffs filed this data breach class action. (Doc. No. 1.) On June 25 14, 2024, plaintiffs filed an amended complaint. (Doc. No. 20.) Defendant filed a motion to 26 dismiss on July 15, 2024, which the court administratively terminated after the parties filed their 27 notice of settlement. (Doc. Nos. 22, 32.) Plaintiffs represent that they engaged in the following 28 discovery efforts prior to settlement. 1 Before reaching a settlement, the Parties engaged in both formal and informal discovery to assess the merits of their respective claims and 2 defenses. Plaintiffs propounded written discovery, including interrogatories and requests for production, while Defendant 3 provided information regarding the scope and impact of the Data Incident. In addition, the Parties exchanged informal discovery, 4 including discussions about Defendant’s data security practices, remedial measures taken following the incident, and the potential 5 risks and damages associated with the alleged breach. 6 (Doc. No. 42 at 10) (citations omitted). 7 To facilitate resolution, the Parties agreed to participate in private mediation with an experienced data breach mediator, which was 8 scheduled for December 12, 2024. However, through continued negotiations and a thorough evaluation of the relevant facts and legal 9 issues, the Parties were able to reach a Settlement before the scheduled mediation date, avoiding the time and expense of further 10 litigation. By November 27, 2024, the Parties reached an agreement on the material terms of the Settlement[.] 11 12 (Id.) 13 On March 4, 2025, plaintiffs filed a motion for preliminary approval of the class action 14 settlement. (Doc. No. 42.) The parties attached thereto their executed Settlement Agreement. 15 (Doc. No. 42-1.) In their pending motion plaintiffs seek an order from this court: 16 (1) provisionally certifying the settlement class, for settlement purposes only, with appointment 17 of plaintiffs as class representatives, appointment of plaintiffs’ counsel as class counsel, and 18 approval of Kroll Settlement Administration, LLC (“Kroll”) as the Settlement Administrator; 19 (2) preliminarily approving the parties’ proposed settlement; (3) approving and directing the 20 mailing of the proposed Notices and the Notice Program and approving the Claim Form and the 21 Claim process; (4) establishing procedures and deadlines for Settlement Class members to opt-out 22 and object; and (5) scheduling the hearing date for the final approval of the class settlement. 23 (Doc. No. 42 at 8–9.) On August 23, 2025, defendant filed a statement of non-opposition to the 24 granting of plaintiff’s motion. (Doc. No. 44.) On October 1, 2025, the court ordered that 25 plaintiffs file supplemental briefing addressing areas of concern to the court. (Doc. No. 45.) On 26 October 21, 2025, plaintiffs filed their supplemental briefing. (Doc. No. 46.) 27 ///// 28 ///// 1 THE PROPOSED SETTLEMENT 2 A. The Class 3 For settlement purposes, the parties request approval of the following class (the “Class,” 4 “Class Members,” or “Settlement Class”): “All persons in the United States whose Private 5 Information was potentially accessible as a result of the Data Incident, including those who were 6 sent notification from Defendant that their Private Information was potentially accessible as a 7 result of the Data Incident.” (Doc. No. 42 at 11.) “Excluded from the Settlement Class are: (a) 8 all persons who are governing board members of the Defendant; (b) governmental entities; and 9 (c) the Court, the Court’s immediate family, and Court staff.” (Id.) “‘Data Incident’ means the 10 cybersecurity incident involving Defendant resulting in the unauthorized access to or acquisition 11 of Settlement Class Members’ Private Information between February 12, 2023, and February 13, 12 2023.” (Doc. No. 42-1 at 7.) “‘Private Information’ means information collected by Defendant 13 pertaining to Settlement Class members, including, but not limited to, names and Social Security 14 numbers.” (Id. at 9.) 15 B. Class Period 16 The Class period is February 12, 2023 to the present. (Doc. No. 46 at 10.) 17 C. The Release of Claims 18 Released Parties means “Defendant, and its present and former parents, subsidiaries, 19 divisions, departments, affiliates, predecessors, successors and assigns, and any and all of its past, 20 present, and future directors, officers, executives, officials, principals, stockholders, heirs, agents, 21 insurers, reinsurers, members, attorneys, accountants, actuaries, fiduciaries, advisors, consultants, 22 representatives, partners, joint venturers, licensees, licensors, independent contractors, subrogees, 23 trustees, executors, administrators, clients, customers, data owners, associated third parties, 24 predecessors, successors and assigns, and any other person acting on Defendant’s behalf and/or in 25 their capacity as such.” (Doc. No. 42-1 at 10.) 26 Releasing Parties means “(i) Plaintiffs and all Settlement Class Members, (ii) each of their 27 respective executors, representatives, heirs, predecessors, assigns, beneficiaries, affiliates, 28 successors, bankruptcy trustees, guardians, joint tenants, tenants in common, tenants by the 1 entireties, agents, attorneys, (iii) any entities in which a Plaintiff and/or other participating 2 Settlement Class Member has or had a controlling interest or that has or had a controlling interest 3 in him or her, (iv) any other person or entity (including any governmental entity) claiming by or 4 through, on behalf of, for the benefit of, derivatively for, or as representative of a Plaintiff and/or 5 any other Settlement Class Member, and all those who claim through them or on their behalf, and 6 (v) the respective past and present directors, governors, executive-committee members, officers, 7 officials, employees, members, partners, principals, agents, attorneys, advisors, trustees, 8 administrators, fiduciaries, consultants, service providers, representatives, successors in interest, 9 assigns, beneficiaries, heirs, executors, accountants, accounting advisors, and auditors of any or 10 all of the above persons or entities identified in (i)-(iv).” (Id. at 10–11.) 11 “As of the Effective Date, the Releasing Parties shall automatically be deemed to have 12 fully, finally, and irrevocably released and forever discharged the Released Parties of, and shall 13 be forever barred from instituting, maintaining, or prosecuting, any and all liabilities, rights, 14 claims, actions, causes of action, demands, damages, costs, attorneys’ fees, losses and remedies, 15 whether known or unknown, asserted or unasserted, existing or potential, suspected or 16 unsuspected, liquidated or unliquidated, legal, statutory, or equitable, based on contract, tort or 17 any other theory, whether on behalf of themselves or others, that result from, arise out of, are 18 based upon, or relate to (a) the Data Incident; (b) the Action; or (c) any of the alleged violations 19 of laws or regulations cited in the Complaint.” (Id. at 29.) “Action” refers to this action, “the 20 consolidated lawsuit entitled: Ganesh Sankar, Erika Titus-Lay, Jared Cavanaugh, and Kimberly 21 Vongnalith v. California Northstate University, LLC, Lead Case No. 2:24-cv-00473-DAD-JDP, 22 filed in the United States District Court for the Eastern District of California.” (Id. at 5.) 23 D. Summary of the Settlement Terms 24 Under the parties’ Settlement Agreement, defendant will pay a gross settlement amount 25 (“GSA”) of $400,000.00 allocated as follows: (1) up to $100,000 for attorneys’ fees and 26 $1,614.02 in costs; (2) $2,000 incentive awards for each named plaintiff; and (3) up to $75,600 27 for settlement administration costs. (Doc. Nos. 42 at 8, 15; 46 at 7.) The GSA funds are non- 28 reversionary, meaning no portion will revert to defendant for any reason. (Doc. No. 42-1 at 28.) 1 Assuming these allocations are awarded in full, approximately $214,785.98 in a net 2 settlement amount will be available for distribution to the Settlement Class, those who do not 3 submit timely and valid requests to be excluded from the settlement. (Doc. No. 46 at 7.) The 4 settlement is projected to pay each class member an average of $20.62. (Id. at 8.) Class members 5 can elect payment based on documented losses, a flat cash payment, or credit monitoring for one 6 year. (Doc. No. 42 at 11–12.) In the event that there are funds remaining from uncashed checks 7 in the Settlement Fund after 180 days, all remaining funds will be distributed to an appropriate 8 and mutually agreeable cy pres recipient to be approved by the court. (Doc. No. 42-1 at 28.) 9 Finally, plaintiffs “have received assurances” that defendant has “undertaken reasonable steps to 10 further secure their systems and environments.” (Doc. No. 42 at 12.) “Defendant will provide a 11 sworn declaration attesting to the amount of money spent on remediation efforts and security 12 enhancements.”1 (Id.) 13 LEGAL STANDARDS 14 Class actions require the approval of the district court before settlement. Fed. R. Civ. P. 15 23(e) (“The claims, issues, or defenses of a certified class—or a class proposed to be certified for 16 purposes of settlement—may be settled, voluntarily dismissed, or compromised only with the 17 court’s approval.”). “Approval under 23(e) involves a two-step process in which the Court first 18 determines whether a proposed class action settlement deserves preliminary approval and then, 19 after notice is given to class members, whether final approval is warranted.” Haro v. Walmart, 20 Inc., No. 1:21-cv-00239-NODJ-SKO, 2024 WL 1160492, at *4 (E.D. Cal. Mar. 18, 2024) (citing 21 Nat’l Rural Telecomms. Coop. v. DIRECTV, Inc., 221 F.R.D. 523, 525 (C.D. Cal. 2004)). 22 The first step in the two-step process is preliminary approval. During preliminary 23 approval, the court conducts a preliminary fairness evaluation to determine if notice of the class 24 action settlement should issue to class members and, if applicable, whether the proposed 25 settlement class should be certified. See David F. Herr, Ann. Manual Complex Lit. § 21.632 (4th 26 ed.). Under Rule 23(e)(1), the court must direct notice to all class members who would be bound 27 1 In plaintiffs’ motion for final approval, they are directed to clarify whether such efforts will be 28 funded by the GSA and, if so, how the net settlement amount will be affected. 1 by the settlement proposal if the parties show that “the court will likely be able to:” (i) approve 2 the proposal under Rule 23(e)(2)’s fair, reasonable, and adequate standard; and (ii) certify the 3 proposed settlement class. Fed. R. Civ. P. 23(e)(1); see also Lounibos v. Keypoint Gov’t Sols. 4 Inc., No. 12-cv-00636-JST, 2014 WL 558675, at *5 (N.D. Cal. Feb. 10, 2014) (quoting In re 5 Tableware Antitrust Litig., 484 F. Supp. 2d 1078, 1079 (N.D. Cal. 2007)) (noting that federal 6 courts generally grant preliminary approval if “the proposed settlement appears to be the product 7 of serious, informed, non-collusive negotiations, has no obvious deficiencies, does not improperly 8 grant preferential treatment to class representatives or segments of the class, and falls within the 9 range of possible approval”). 10 The second step of the process is the final approval. At the final approval stage, “[i]f the 11 proposal would bind class members, the court may approve it only after a hearing and only on 12 finding that it is fair, reasonable, and adequate.” Fed. R. Civ. P. 23(e)(2). In doing so, the court 13 must consider several factors, including whether: “the class representatives and class counsel 14 have adequately represented the class”; “the proposal was negotiated at arm’s length”; “the 15 proposal treats class members equitably relative to each other”; and “the relief provided for the 16 class is adequate.” Id. When considering whether “the relief provided for the class is adequate,” 17 the court should also take into account the following: 18 (i) the costs, risks, and delay of trial and appeal; 19 (ii) the effectiveness of any proposed method of distributing relief to the class, including the method of processing class-member claims; 20 (iii) the terms of any proposed award of attorney’s fees, including 21 timing of payment; and 22 (iv) any agreement required to be identified under Rule 23(e)(3). 23 Id. In addition to this two-step review process, Rule 23(e) also requires that: (i) the parties 24 seeking approval file a statement identifying the settlement agreement; (ii) class members be 25 given an opportunity to object; and (iii) no payment be made in connection with forgoing or 26 withdrawing an objection, or forgoing, dismissing, or abandoning an appeal. Fed. R. Civ. P. 27 23(e)(3), (5). 28 ///// 1 “Courts have long recognized that settlement class actions present unique due process 2 concerns for absent class members.” In re Bluetooth Headset Prods. Liab. Litig., 654 F.3d 935, 3 946 (9th Cir. 2011) (internal quotation marks and citations omitted). To protect the rights of 4 absent class members, Rule 23(e) requires that the court approve such settlements “only after a 5 fairness hearing and a determination that the settlement is fair, reasonable, and adequate.” Id. 6 When approval is sought of a settlement negotiated before formal class certification, “there is an 7 even greater potential for a breach of fiduciary duty owed the class during settlement.” Id. In 8 such circumstances, the “settlement approval requires a higher standard of fairness” and a “more 9 exacting review” so as “to ensure that class representatives and their counsel do not secure a 10 disproportionate benefit at the expense of the unnamed plaintiffs who class counsel had a duty to 11 represent.” Lane v. Facebook, Inc., 696 F.3d 811, 819 (9th Cir. 2012) (internal quotation marks 12 and citations omitted). Rule 23 also “demand[s] undiluted, even heightened, attention” to the 13 certification requirements when class certification is sought only for purposes of settlement. 14 Amchem Prods., Inc. v. Windsor, 521 U.S. 591, 620 (1997). Accordingly, the district court must 15 examine the propriety of certification under Rule 23 both at this preliminary stage and at a later 16 fairness hearing. See, e.g., Ogbuehi v. Comcast, 303 F.R.D. 337, 344 (E.D. Cal. Oct. 2, 2014). 17 ANALYSIS 18 A. Preliminary Class Certification 19 The class action is a procedural mechanism whereby the “usual rule that litigation be 20 conducted by and on behalf of the named parties only” is swept aside so that multiple parties— 21 unwieldy in number but possessing similar or identical claims—may pursue common redress in 22 an efficient and economical manner. Comcast Corp. v. Behrend, 569 U.S. 27, 33 (2013) (citation 23 omitted). Here, the parties seek preliminary certification of the proposed class under Federal 24 Rule of Civil Procedure 23, which governs class certification and imposes a two-step process in 25 deciding whether a class may be certified. 26 First, Rule 23(a) requires the moving party to demonstrate the existence of four 27 prerequisites: (1) numerosity; (2) commonality; (3) typicality; and (4) adequacy of 28 representation. See Lozano v. AT&T Wireless Servs., Inc., 504 F.3d 718, 730 (9th Cir. 2007). 1 Second, when a putative class satisfies these four prerequisites, it may then proceed to show it 2 also satisfies at least one of the provisions of Rule 23(b). See Hanlon v. Chrysler Corp., 150 F.3d 3 1011, 1022 (9th Cir. 1998), overruled on other grounds by Wal-Mart Stores, Inc. v. Dukes, 564 4 U.S. 338 (2011). The party seeking class certification bears the burden of establishing conformity 5 with this two-step process and must do so by producing facts that “affirmatively demonstrate” 6 that class certification is warranted. Comcast, 569 U.S. at 33. Only after conducting a “rigorous 7 analysis” of the produced facts and determining that they show compliance with Rule 23(a) and 8 (b), may a district court certify a class. Id. at 33–34; see also Patel v. Nike Retail Servs., Inc., No. 9 14-cv-04781-RS, 2016 WL 1241777, at *3 (N.D. Cal. Mar. 29, 2016) (“This ‘rigorous’ analysis 10 applies both to Rule 23(a) and Rule 23(b).”). 11 Accordingly, the court will first address the Rule 23(a) requirements followed by the 12 requirements for a Rule 23(b)(3) certification, which plaintiffs contend applies here. (Doc. No. 13 42 at 18–21.) 14 1. Rule 23(a) Requirements 15 a. Numerosity 16 The first Rule 23(a) requirement is that “the class is so numerous that joinder of all 17 members is impracticable.” Fed. R. Civ. P. 23(a)(1). The numerosity requirement demands 18 “examination of the specific facts of each case and imposes no absolute limitations.” Gen. Tel. 19 Co. of Nw., Inc. v. EEOC, 446 U.S. 318, 330 (1980). Courts have found the requirement satisfied 20 when the class comprises as few as thirty-nine members or where joining all class members 21 would serve only to impose financial burdens and clog the court’s docket. See Murillo v. Pac. 22 Gas & Elec. Co., 266 F.R.D. 468, 474 (E.D. Cal. 2010) (citation omitted) (discussing Ninth 23 Circuit thresholds for numerosity and listing cases). 24 Here, plaintiffs estimate that there are approximately 10,414 members in the Settlement 25 Class. (Doc. No. 42 at 18.) This showing with respect to numerosity is certainly adequate to 26 meet the requirements of Rule 23(a)(1). See Arredondo v. Sw. & Pac. Specialty Fin., Inc., No. 27 1:18-cv-01737-DAD-SKO, 2022 WL 396575, at *8 (E.D. Cal. Feb. 9, 2022) (finding the 28 ///// 1 plaintiff’s estimation of 690 members in the proposed settlement class to be an adequate showing 2 with respect to numerosity). 3 b. Commonality 4 The second Rule 23(a) requirement is that “there are questions of law or fact common to 5 the class.” Fed. R. Civ. P. 23(a)(2). To satisfy the commonality requirement, the class 6 representatives must demonstrate that common questions of fact and law will drive or resolve the 7 litigation. See Wal-Mart Stores, Inc., 564 U.S. at 350. “[C]ommonality requires that the class 8 members’ claims depend upon a common contention such that determination of its truth or falsity 9 will resolve an issue that is central to the validity of each claim in one stroke.” Mazza v. Am. 10 Honda Motor Co., 666 F.3d 581, 588 (9th Cir. 2012) (internal quotations omitted) (quoting Wal- 11 Mart Stores, Inc., 564 U.S. at 350). “The plaintiff must demonstrate the capacity of classwide 12 proceedings to generate common answers to common questions of law or fact that are apt to drive 13 the resolution of the litigation.” Id. For example, “[c]ommonality is generally satisfied where the 14 lawsuit challenges a system-wide practice or policy that affects all of the putative class 15 members.” Benitez v. W. Milling, LLC, No. 1:18-cv-01484-SKO, 2020 WL 309200, at *5 (E.D. 16 Cal. Jan. 21, 2020) (internal quotation marks and citations omitted). 17 The commonality requirement does not mandate that all questions of law or fact be 18 common to every single class member and “dissimilarities among class members do not 19 [necessarily] impede the generation of common answers to those questions . . . .” Parsons v. 20 Ryan, 754 F.3d 657, 675 (9th Cir. 2014); but see Wal-Mart Stores, Inc., 564 U.S. at 349 (citation 21 omitted) (noting that “[d]issimilarities within the proposed class . . . have the potential to impede 22 the generation of common answers”) (emphasis added). However, merely raising any common 23 question does not suffice. See Wal-Mart Stores, Inc., 564 U.S. at 349 (noting the language of 24 Rule 23(a)(2) is “easy to misread” because “[a]ny competently crafted class complaint literally 25 raises common ‘questions’”) (quoting Richard A. Nagareda, Class Certification in the Age of 26 Aggregate Proof, 84 N.Y.U. L. Rev. 97, 131–32 (2009)). Instead, the common question must 27 depend upon a common contention; that common contention must be answerable through a 28 ///// 1 classwide proceeding; and that common answer should have the potential to drive the litigation 2 towards resolution. See id. at 349–50. 3 Here, plaintiffs argue that common questions of law and fact arise from the same common 4 event, the Data Incident discovered by defendant on or about February 12, 2023. (Doc. No. 42 at 5 18.) More specifically, plaintiffs argue that those common questions of law and fact include: 6 (1) if defendant failed to implement and maintain reasonable security procedures and practices 7 appropriate to the nature and scope of the information comprised in the Data Breach; (2) if 8 defendant owed a duty to Class Members to safeguard their Private Information; and (3) if 9 plaintiffs and Class Members suffered legally cognizable damages as a result of defendant’s 10 misconduct. (Id.) 11 Because the above issues “would form the basis of each [] plaintiff’s claims,” the court 12 finds that commonality is satisfied here. Bykov v. DC Transp. Servs., Inc., No. 2:18-cv-01691- 13 DB, 2019 WL 1430984, at *3 (E.D. Cal. Mar. 29, 2019) (citation omitted); see also In re Anthem, 14 Inc. Data Breach Litig., 327 F.R.D. 299, 308 (N.D. Cal. 2018) (finding the commonality 15 requirement satisfied where “the Settlement Class Members suffered the same injury—namely, 16 their personal information was stored on the same Anthem data warehouse that was breached by 17 hackers” and “[t]he extensiveness and adequacy of Anthem’s security measures lie at the heart of 18 every claim”). 19 c. Typicality 20 The third Rule 23(a) requirement is satisfied if “the claims or defenses of the 21 representative parties are typical of the claims or defenses of the class.” Fed. R. Civ. P. 23(a)(3). 22 “The typicality requirement looks to whether the claims of the class representatives are typical of 23 those of the class and is satisfied when each class member’s claim arises from the same course of 24 events, and each class member makes similar legal arguments to prove the defendant’s liability.” 25 Rodriguez v. Hayes, 591 F.3d 1105, 1124 (9th Cir. 2010) (citations and internal quotation marks 26 omitted). The typicality requirement is a permissive standard: “[class] representative claims are 27 ‘typical’ if they are reasonably co-extensive with those of absent class members; they need not be 28 substantially identical.” Hanlon, 150 F.3d at 1020. Courts evaluate typicality by considering 1 “whether other [class] members have the same or similar injury, whether the action is based on 2 conduct which is not unique to the named plaintiffs, and whether other class members have been 3 injured by the same course of conduct.” Hanon v. Dataproducts Corp., 976 F.2d 497, 508 (9th 4 Cir. 1992) (citations omitted) (“[C]lass certification is inappropriate where a putative class 5 representative is subject to unique defenses which threaten to become the focus of the 6 litigation.”). 7 Here, plaintiffs argue that “typicality is satisfied because the claims and defenses of 8 Plaintiffs mirror the claims and defenses of the Settlement Class—after all, the claims and 9 defenses of Plaintiffs and Settlement Class members all revolve around the same event (i.e., the 10 Data Incident discovered by Defendant on or around February 12, 2023).” (Doc. No. 42 at 19.) 11 Accordingly, the court finds that the claims brought by plaintiffs are “reasonably co-extensive 12 with those of absent class members.” Hanlon, 150 F.3d at 1020. Thus, the typicality requirement 13 is satisfied here. 14 d. Adequacy of Representation 15 The final Rule 23(a) prerequisite is satisfied if “the representative parties will fairly and 16 adequately protect the interests of the class.” Fed. R. Civ. P. 23(a)(4). Resolution of this issue 17 requires the court to address the following questions: “(a) do the named plaintiffs and their 18 counsel have any conflicts of interest with other class members and (b) will the named plaintiffs 19 and their counsel prosecute the action vigorously on behalf of the class?” Sali v. Corona Reg’l 20 Med. Ctr., 909 F.3d 996, 1007 (9th Cir. 2018); see also Pierce v. County of Orange, 526 F.3d 21 1190, 1202 (9th Cir. 2008). “Adequacy of representation also depends on the qualifications of 22 counsel.” Sali, 909 F.3d at 1007 (citation omitted). 23 Here, plaintiffs argue that “adequacy is satisfied because the interests of Plaintiffs and the 24 Settlement Class align (i.e., to secure relief from the harms arising from the Data Incident 25 discovered by Defendant).” (Doc. No. 42 at 19.) In declarations attached to plaintiffs’ 26 supplemental briefing, each plaintiff further asserts that their “interests are fully aligned with 27 those of the other Class Members[.]” (Doc. Nos. 46-1 at 3; 46-2 at 3; 46-3 at 3; 46-4 at 3.) Based 28 on these assertions and the above description of plaintiffs’ claims, the court is satisfied that 1 plaintiffs’ interests align with those of the proposed Class Members and that plaintiffs would 2 vigorously prosecute the action on behalf of the class. 3 Plaintiffs further argue that they “retained qualified counsel with substantial experience in 4 complex litigation and data breach class actions.” (Doc. No. 42 at 20); see also Sali v. Corona 5 Reg’l Med. Ctr., 909 F.3d 996, 1008 (9th Cir. 2018); Clesceri v. Beach City Investigations & 6 Protective Servs., Inc., No. 10-cv-03873-JST-RZ, 2011 WL 320998, at *6 (C.D. Cal. Jan. 27, 7 2011) (“In addition, Plaintiffs’ counsel submitted substantial evidence of their experience with 8 class action, complex business, and labor-law litigation, including substantial trial experience. 9 Plaintiffs’ counsel have made an adequate showing of their qualifications” for purposes of this 10 labor law class action.) (citation omitted). According to plaintiffs’ supporting evidence, Strauss 11 Borrelli PLLC has brought several data breach actions and many more class actions. (Doc. No. 12 42-2 at 13–15.) Plaintiffs’ counsel Cassandra Miller is a partner at Strauss Borrelli PLLC whose 13 practice focuses on complex class action litigation, including consumer protection, privacy, data 14 breaches, and product liability. (Id. at 26–27.) Plaintiffs’ counsel Andrew G. Gunem is also an 15 attorney with Strauss Borrelli PLLC whose practice focuses on class and mass litigation, 16 particularly in the areas of data privacy, consumer protection, and the Telephone Consumer 17 Protection Act. (Doc. No. 46 at 5.) Kopelowitz Ostrow P.A. has also brought many class actions, 18 including a substantial number of data breach and privacy suits. (Doc. No. 42-2 at 36.) 19 Plaintiffs’ counsel Kristen Lake Cardoso is a litigation attorney at Kopelowitz Ostrow P.A. 20 focused on consumer class actions and complex commercial litigation. (Id. at 46.) Shamis & 21 Gentile, P.A. has brought many class action suits as well. (Id. at 49–52.) Plaintiffs’ counsel 22 Leanna Loginov is a partner at Shamis & Gentile, P.A. and leads the firm’s Data Privacy 23 department. (Id. at 50.) Her practice primarily focuses on protecting individuals impacted by 24 data privacy breaches. (Id.) Finally, Edelsberg Law, P.A., like the aforementioned firms, has 25 brought many class action suits. (Id. at 54.) Plaintiffs’ counsel Scott Edelsberg is the founding 26 partner of the firm and focuses his practice on the areas of class actions, consumer fraud, and 27 personal injury. (Id. at 55.) 28 ///// 1 Because plaintiffs and their counsel represent that there are no conflicts of interest with 2 the Class Members, plaintiffs’ counsel appear to be experienced in class action litigation on 3 behalf of plaintiffs, and all but one of plaintiffs’ counsel are experienced specifically in bringing 4 data breach class actions, the court finds that the adequacy of representation requirement has been 5 preliminarily satisfied. 6 2. Rule 23(b)(3) Requirements 7 The parties seek class certification under Rule 23(b)(3), which requires a finding that: 8 (1) the questions of law or fact common to class members predominate over any questions 9 affecting only individual members; and (2) a class action be superior to other available methods 10 for fairly and efficiently adjudicating the controversy. See Amchem, 521 U.S. at 615; In re 11 Hyundai and Kia Fuel Economy Litigation, 926 F.3d 539, 556 (9th Cir. 2019) (en banc). The test 12 under Rule 23(b)(3) is “far more demanding” than that of Rule 23(a). Wolin v. Jaguar Land 13 Rover N. Am., LLC, 617 F.3d 1168, 1172 (9th Cir. 2010) (quoting Amchem, 521 U.S. at 623–24). 14 a. Predominance 15 First, common questions must “predominate” over any individual questions. While this 16 requirement is similar to the Rule 23(a)(2) commonality requirement, the standard is higher at this 17 stage of analysis. Wal-Mart Stores, Inc., 564 U.S. at 359. While Rule 23(a)(2) can be satisfied 18 by even a single question, Rule 23(b)(3) requires convincing proof that common questions 19 “predominate” over individual questions. Amchem, 521 U.S. at 623–24. “An individual question 20 is one where ‘members of a proposed class will need to present evidence that varies from member 21 to member,’ while a common question is one where ‘the same evidence will suffice for each 22 member to make a prima facie showing [or] the issue is susceptible to generalized, class-wide 23 proof.’” Tyson Foods, Inc. v. Bouaphakeo, 577 U.S. 442, 453 (2016) (quoting W. Rubenstein, 24 Newberg on Class Actions § 4:50, pp. 196–197 (5th ed. 2012)). “When common questions 25 present a significant aspect of the case and can be resolved for all members of the class in a single 26 adjudication, there is clear justification for handling the dispute on a representative rather than on 27 an individual basis.” Hanlon, 150 F.3d at 1022. 28 ///// 1 Here, plaintiffs argue that predominance is satisfied because the Settlement Class 2 members share common questions of law and fact arising from the same common event—the 3 Data Incident discovered by defendant on or about February 12, 2023. (Doc. No. 42 at 20.) 4 Plaintiffs alleged numerous questions of law and fact that are common to the entire Class, and 5 these common questions are susceptible to common evidence. (Id.) 6 Data breach class actions such as this one, where one common question is whether the 7 defendant used reasonable data security, have been found to satisfy the predominance 8 requirement of Rule 23(b)(3). See In re Anthem, Inc. Data Breach Litig., 327 F.R.D. at 312; 9 Hashemi v. Bosley, Inc., No. 21-cv-00946-PSG-RAO, 2022 WL 2155117, at *4 (C.D. Cal. Feb. 10 22, 2022); In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 16-md-02752-LHK, 2020 11 WL 4212811, at *7 (N.D. Cal. July 22, 2020) (“Indeed, the focus on a defendant’s security 12 measures in a data breach class action ‘is the precise type of predominant question that makes 13 class-wide adjudication worthwhile.’”) (citation omitted), aff’d, No. 20-16633, 2022 WL 2304236 14 (9th Cir. June 27, 2022). The court therefore concludes that the predominance requirement has 15 been met in this case. 16 b. Superiority 17 Rule 23(b)(3) also requires a court to find that “a class action is superior to other available 18 methods for the fair adjudication of the controversy.” Fed. R. Civ. P. 23(b)(3). To resolve the 19 Rule 23(b)(3) superiority inquiry, “the court should consider class members’ interests in pursuing 20 separate actions individually, any litigation already in progress involving the same controversy, 21 the desirability of concentrating in one forum, and potential difficulties in managing the class 22 action—although the last two considerations are not relevant in the settlement context.” Jones v. 23 Tirehub LLC, No. 2:21-cv-00564-DB, 2024 WL 2132611, at *5 (E.D. Cal. May 13, 2024) (citing 24 Palacios v. Penny Newman Grain, Inc., No. 1:14-cv-01804-KJM, 2015 WL 4078135, at *6 (E.D. 25 Cal. July 6, 2015)). 26 Here, plaintiff argues that superiority is readily satisfied in data breach cases like this one. 27 (Doc. No. 42 at 21.) Given that “[a] common nucleus of facts and potential legal remedies” 28 predominate here, the court finds that these questions can be resolved for all members more 1 efficiently and expeditiously in a single action. Hanlon, 150 F.3d at 1022. Therefore, the court is 2 satisfied that the superiority requirement has been met in this case. 3 Accordingly, for all the foregoing reasons, the requirements for preliminary certification 4 under Rule 23 have been satisfied, and the court finds that conditional certification of the Class is 5 appropriate. 6 B. Preliminary Settlement Approval 7 Plaintiffs also seek preliminary approval of the parties’ proposed settlement. Under Rule 8 23(e), a court may approve a proposed class action settlement only if it is a fair, reasonable, and 9 adequate resolution of the dispute. Fed. R. Civ. P. 23(e)(2); Bluetooth, 654 F.3d at 946. 10 Preliminary approval is appropriate when “the court will likely be able to” give final approval 11 under Rule 23(e)(2). As such, “preliminary approval of a settlement has both a procedural and 12 substantive component” and is appropriate if: (1) the proposed settlement appears to be the 13 product of serious, informed, non-collusive negotiations; and (2) the settlement falls within the 14 range of possible approval, has no obvious deficiencies, and does not improperly grant 15 preferential treatment to class representatives or segments of the class. Tableware Antitrust 16 Litig., 484 F. Supp. 2d at 1079 (citation omitted); see also Fed. R. Civ. P. 23(e)(1)(B). 17 1. Procedural Fairness 18 “The court must [next] consider whether the process by which the parties arrived at their 19 settlement is truly the product of arm’s length bargaining and not collusion or fraud.” Haro v. 20 Walmart, Inc., No. 1:21-cv-00239-KES-SKO, 2025 WL 73109, at *10 (E.D. Cal. Jan. 10, 2025) 21 (citing Millan v. Cascade Water Servs., Inc., 310 F.R.D. 593, 613 (E.D. Cal. 2015)). “A 22 settlement is presumed to be fair if it ‘follow[s] sufficient discovery and genuine arm[’]s-length 23 negotiation.’” Cavazos v. Salas Concrete Inc., No. 1:19-cv-00062-DAD-EPG, 2022 WL 506005, 24 at *13 (E.D. Cal. Feb. 18, 2022) (quoting Adoma v. Univ. of Phx., Inc., 913 F. Supp. 2d 964, 977 25 (E.D. Cal. 2012)). 26 Here, plaintiffs argue that the Settlement was secured only after the parties exchanged 27 formal and informal discovery, and the Settlement was the product of arm’s length negotiations. 28 (Doc. No. 42 at 22.) Based on these representations, it appears that the Settlement Agreement 1 was the result of negotiation between capable counsel and, accordingly, the court preliminarily 2 concludes that the parties’ negotiation constituted genuine, informed, and arm’s-length 3 bargaining. 4 2. Substantive Fairness 5 a. Adequacy of the Settlement Amount 6 In evaluating the fairness of a settlement award, “the settlement’s benefits must be 7 considered by comparison to what the class actually gave up by settling.” Campbell v. Facebook, 8 Inc., 951 F.3d 1106, 1123 (9th Cir. 2020) (citing Protective Comm. For Indep. Stockholders of 9 TMT Trailer Ferry, Inc. v. Anderson, 390 U.S. 414, 424–25 (1968) (“Basic to [the] process [of 10 evaluating settlements] . . . is the need to compare the terms of the compromise with the likely 11 rewards of litigation.”)). However, “[i]t is well-settled law that a cash settlement amounting to 12 only a fraction of the potential recovery does not per se render the settlement inadequate or 13 unfair.” In re Mego Fin. Corp. Sec. Litig., 213 F.3d 454, 459 (9th Cir. 2000), as amended (June 14 19, 2000) (citation omitted). To determine whether a settlement “falls within the range of 15 possible approval,” a court must focus on “substantive fairness and adequacy” and “consider 16 plaintiffs’ expected recovery balanced against the value of the settlement offer.” Tableware 17 Antitrust Litig., 484 F. Supp. 2d at 1080. 18 The parties in this case have agreed to a $400,000.00 GSA. (Doc. No. 42 at 8.) Plaintiffs 19 estimate that, most conservatively, the net settlement available to Settlement Class members will 20 be $214,785.98. (Doc. No. 46 at 7.) The entire net settlement amount will be distributed to the 21 Class Members on a proportional and non-reversionary basis, with any uncashed funds to be sent 22 to an appropriate and mutually agreeable cy pres recipient to be approved by the court.2 (Doc. 23 No. 42-1 at 28.) 24 /////

25 2 “[A] district court should not approve a cy pres distribution unless it bears a substantial nexus to the interests of the class members— . . . the cy pres remedy ‘must account for the nature of the 26 plaintiffs’ lawsuit, the objectives of the underlying statutes, and the interests of the silent class 27 members[.]’” Lane, 696 F.3d at 821. In their motion for final approval, plaintiffs are directed to specify the proposed cy pres recipient and explain why the specified recipient should be approved 28 by the court. 1 “Balancing the class’s potential recovery against the amount offered in settlement is 2 perhaps the most important factor to consider in preliminary approval.” In re PostMeds, Inc. 3 Data Breach Litig., No. 23-cv-05710-HSG, 2024 WL 4894293, at *6 (N.D. Cal. Nov. 26, 2024) 4 (citation omitted). Plaintiffs estimate that the maximum potential damages as to their claims are 5 approximately $168,706,800.00 because over the next 50 years, 10,414 Settlement Class 6 members would spend $27 monthly on premium credit monitoring/identity theft service to be 7 made whole. (Doc. No. 46 at 8–9.) Accordingly, the GSA of $400,000 represents approximately 8 0.24% of plaintiffs’ maximum potential recovery as to all of their claims, and the net settlement 9 amount of $214,785.98 represents approximately 0.13% of plaintiffs’ maximum potential 10 recovery for all their claims. 11 Not surprisingly, percentage recoveries that California district courts have found to be 12 reasonable tend to be much higher. See, e.g., Singh v. Roadrunner Intermodal Servs., LLC, No. 13 1:15-cv-01497-DAD-BAM, 2019 WL 316814, at *5 (E.D. Cal. Jan. 24, 2019) (holding that the 14 “amount offered in settlement . . . weigh[ed] in favor of final approval” where the net settlement 15 amount of $5,868,517.01 accounted for almost 7.6% of the maximum damages available as to the 16 plaintiffs’ core claims); Coppel v. SeaWorld Parks & Ent., Inc., No. 21-cv-01430-RSH-DDL, 17 2025 WL 1346873, at *5 (S.D. Cal. May 8, 2025) (preliminarily approving a settlement where the 18 GSA “equals approximately 11.5% of the maximum potential recovery”); In re Splunk Inc. Sec. 19 Litig., No. 20-cv-08600-JST, 2024 WL 923777, at *6 (N.D. Cal. Mar. 4, 2024) (finding “the 20 percentage of recovery fair and reasonable” where “the settlement represents between 21 approximately 5% and 20.5% of the realistic maximum damages for the Settlement Class”); In re 22 Omnivision Techs., Inc., 559 F. Supp. 2d 1036, 1042 (N.D. Cal. 2008) (approving a settlement 23 where the GSA accounted for approximately 9% of the maximum potential recovery, and after 24 accounting for attorneys’ fees and costs, the net settlement gave plaintiffs about 6% of their 25 maximum potential recovery); Hardy v. Embark Tech., Inc., No. 3:22-cv-02090-JSC, 2023 WL 26 6276728, at *9 (N.D. Cal. Sept. 26, 2023) (finding that settlement for 1.1% of maximum potential 27 exposure supports preliminary approval). 28 ///// 1 However as stated above, “[i]t is well-settled law that a cash settlement amounting to only 2 a fraction of the potential recovery will not per se render the settlement inadequate or unfair.” 3 Officers for Justice v. Civil Serv. Comm’n of City & Cty. of San Francisco, 688 F.2d 615, 628 4 (9th Cir. 1982); see also Rivas v. BG Retail, LLC, No. 16-cv-06458-BLF, 2020 WL 264401, at *5 5 (N.D. Cal. Jan. 16, 2020) (“While this percentage recovery [where the GSA is 6.12% of the 6 maximum potential exposure and the net recovery is 2.4% of the potential exposure] is modest 7 compared to the potential maximum, that alone is not sufficient reason to reject the Settlement.”). 8 Further, such a low percentage recovery is certainly not unheard of, particularly in the data breach 9 context. See In re 23andMe, Inc. Customer Data Sec. Breach Litig., No. 24-md-03098-EMC, 10 2024 WL 4982986, at *18 (N.D. Cal. Dec. 4, 2024) (“Given 23andMe’s dire financial situation, 11 settling the case sooner rather than later was a reasonable approach by Class Counsel, and the 12 amount of the settlement [$30 million settlement or 0.06% of the maximum value of $50 13 billion]—though a fraction of the maximum value of the case—was also reasonable.”). 14 “Although the Court may approve a settlement for a low recovery percentage,” the 15 plaintiff must “demonstrate that his claims have been adequately valued.” Guthrie v. ITS 16 Logistics, LLC, No. 1:21-cv-00729-ADA-EPG, 2023 WL 4288943, at *1 (E.D. Cal. June 30, 17 2023); see also Gonzalez v. CoreCivic of Tenn., LLC, No. 1:16-cv-01891-DAD-JLT, 2018 WL 18 4388425, at *9 (E.D. Cal. Sept. 13, 2018) (explaining that “the court must be convinced that the 19 plaintiff knows the value of the claims he proposed to settle and can adequately explain why he 20 has discounted them in reaching the settlement”). Here, plaintiffs face significant risks in 21 continuing the litigation. For instance, “[h]istorically, data breach cases have experienced 22 minimal success in moving for class certification.” Carter v. Vivendi Ticketing US LLC, No. 22- 23 cv-01981-CJC-DFM, 2023 WL 8153712, at *6 (C.D. Cal. Oct. 30, 2023) (citation omitted). 24 “[T]he notion that a district court could decertify a class at any time is an inescapable and weighty 25 risk that weighs in favor of a settlement.” Harbour v. California Health & Wellness Plan, No. 26 5:21-cv-03322-EJD, 2024 WL 171192, at *4 (N.D. Cal. Jan. 16, 2024). “Since only a handful of 27 data breach cases have achieved class certification, the risks and costs associated with this class 28 action litigation support settlement.” PostMeds, 2024 WL 4894293, at *7 (citation omitted). 1 More broadly, evaluating the strength of a data breach case is difficult because “there have been 2 no data breach cases tried to verdict, and only a handful of cases have achieved class 3 certification.” Id. at *6 (citation omitted). 4 The court observes that $20.62, the amount that the average putative Class Member can 5 expect to receive under the proposed settlement, is significant as compared to other privacy class 6 settlements. Carter, 2023 WL 8153712, at *5 (“[O]ther courts have approved settlements in 7 privacy and security cases when each class member received just a few dollars or less.”); see, e.g., 8 In re Anthem, Inc. Data Breach Litig., 327 F.R.D. at 318–19 (approving settlement that averaged 9 $1.45 per class member). 10 While “a larger award was theoretically possible, ‘the very essence of a settlement is 11 compromise, a yielding of absolutes and an abandoning of highest hopes.’” Barbosa v. Cargill 12 Meat Sols. Corp., 297 F.R.D. 431, 447 (E.D. Cal. 2013) (citing Linney v. Cellular Alaska P’ship, 13 151 F.3d 1234, 1242 (9th Cir. 1998) (internal citations and quotation marks omitted)). For all of 14 these reasons, the court will preliminarily approve the settlement amount reflected in the parties’ 15 proposed settlement as being adequate. 16 b. Attorneys’ Fees 17 When a negotiated class action settlement includes an award of attorneys’ fees, the district 18 court “ha[s] an independent obligation to ensure that the award, like the settlement itself, is 19 reasonable, even if the parties have already agreed to an amount.” Bluetooth, 654 F.3d at 941; see 20 also Knisley v. Network Assocs., Inc., 312 F.3d 1123, 1125 (9th Cir. 2002) (citation omitted). 21 Where, as here, fees are to be paid from a common fund, the relationship between the class 22 members and class counsel “turns adversarial.” In re Mercury Interactive Corp. Sec. Litig., 618 23 F.3d 988, 994 (9th Cir. 2010) (citation omitted). As a result, the district court must assume a 24 fiduciary role for the class members and “act with a jealous regard to the rights of those who are 25 interested in the fund in determining what a proper fee award is.” Id. (internal quotation marks 26 and citations omitted). 27 In evaluating the award of attorneys’ fees, “courts have discretion to employ either the 28 lodestar method or the percentage-of-recovery method.” Bluetooth, 654 F.3d at 942 (citations 1 omitted). Under either approach, “[r]easonableness is the goal, and mechanical or formulaic 2 application of either method, where it yields an unreasonable result, can be an abuse of 3 discretion.” Fischel v. Equitable Life Assurance Soc’y of U.S., 307 F.3d 997, 1007 (9th Cir. 4 2002). 5 Under the percentage of the fund method, the court may award class counsel a percentage 6 of the common fund recovered for the class; in the Ninth Circuit, the benchmark as to such fees is 7 25%. Id.; see also Bluetooth, 654 F.3d at 942; Norton v. Strategic Staffing Sols., L.C., No. 3:23- 8 cv-06648-JSC, 2025 WL 1666143, at *8 (N.D. Cal. June 12, 2025) (“The Ninth Circuit uses a 25 9 percent of the fund ‘benchmark’ for awarding fees.”). Special circumstances that could justify 10 varying the benchmark award include when counsel achieves exceptional results for the class, 11 undertakes extremely risky litigation, generates benefits for the class beyond simply the cash 12 settlement fund, or handles the case on a contingency basis. See In re Online DVD-Rental 13 Antitrust Litig., 779 F.3d 934, 954–55 (9th Cir. 2015). An explanation is necessary when the 14 court departs from the 25% benchmark, Powers v. Eichen, 229 F.3d 1249, 1256–57 (9th Cir. 15 2000), but either way, “[s]election of the benchmark or any other rate must be supported by 16 findings that take into account all of the circumstances of the case.” Vizcaino v. Microsoft Corp., 17 290 F.3d 1043, 1048 (9th Cir. 2002). 18 Under the lodestar method, the court multiples the number of hours the prevailing party 19 reasonably spent litigating the case by a reasonable hourly rate for counsel. Bluetooth, 654 F.3d 20 at 941. The product of this computation, the “lodestar” amount, yields a presumptively 21 reasonable fee. See Gonzalez v. City of Maywood, 729 F.3d 1196, 1202 (9th Cir. 2013). 22 The Ninth Circuit has recommended that district courts apply one method but then cross- 23 check the appropriateness of the determined amount by employing the other as well. See 24 Bluetooth, 654 F.3d at 944. This diligence is particularly important when “counting all hours 25 expended,” in a case “where the plaintiff has achieved only limited success,” would yield an 26 “excessive amount” of fees, or when awarding a percentage of a “megafund would yield windfall 27 profits for class counsel in light of the hours spent on the case.” Id. at 942; see also id. at 945 28 (“Just as the lodestar method can confirm that a percentage of recovery amount does not award 1 counsel an exorbitant hourly rate, the percentage-of-recovery method can likewise be used to 2 assure that counsel’s fee does not dwarf class recovery.”) (internal quotation marks and citations 3 omitted). Similarly, an upward adjustment may be justified if the recovery is “too small . . . in 4 light of the hours devoted to the case or other relevant factors.” Six (6) Mexican Workers v. 5 Arizona Citrus Growers, 904 F.2d 1301, 1311 (9th Cir. 1990). 6 Here, “[t]he Settlement is not contingent on approval of the request for attorneys’ fees and 7 costs or Service Awards, and if the Court denies the request or grants amounts other than what 8 was requested, the remaining provisions of the Agreement shall remain in force.” (Id.) 9 Accordingly, at this time the court does not have an independent obligation to determine the 10 reasonableness of the award plaintiffs will seek. Bluetooth, 654 F.3d at 941. Still, the court notes 11 that Class counsel will seek an award of $100,000, equivalent to 25% of the GSA (Doc. No. 42 at 12 15), which matches the Ninth Circuit’s benchmark percentage, Fischel, 307 F.3d at 1007. 13 The court cautions counsel that when they do seek attorneys’ fees, the court will carefully 14 re-examine the proposed award of attorneys’ fees and conduct a final lodestar cross-check. At 15 that point, the court will expect plaintiffs’ counsel to provide the court the requisite billing 16 records and calculations for cross check purposes and in justifying the fees they seek.3 17 Additionally, plaintiffs’ counsel must provide an accounting or invoices documenting the 18 requested litigation expenses. 19 c. Incentive Payment 20 While incentive awards are “fairly typical in class action cases,” they are discretionary 21 sums awarded by the court “to compensate class representatives for work done on behalf of the 22 class, to make up for financial or reputational risk undertaken in bringing the action, and, 23 sometimes, to recognize their willingness to act as a private attorney general.” Rodriguez v. W. 24 Publ’g Corp., 563 F.3d 948, 958–59 (9th Cir. 2009); see also Staton v. Boeing Co., 327 F.3d 938, 25 977 (9th Cir. 2003) (“[N]amed plaintiffs . . . are eligible for reasonable incentive payments.”). 26 3 “Though the court may well grant an award of [the size sought] under certain circumstances, 27 the court cannot abdicate its obligation to protect the rights of absent members by simply defaulting to the method [of determining attorneys’ fees] proffered by plaintiffs.” Perez v. All Ag, 28 Inc., No. 1:18-cv-00927-DAD-EPG, 2020 WL 1904825, at *9 (E.D. Cal. Apr. 17, 2020). 1 Such payments are to be evaluated individually, and the court should look to factors such as “the 2 actions the plaintiff has taken to protect the interests of the class, the degree to which the class has 3 benefitted from those actions . . . the amount of time and effort the plaintiff expended in pursuing 4 the litigation . . . and reasonabl[e] fear[s of] workplace retaliation.” Staton, 327 F.3d at 977 5 (citation omitted). 6 The four named plaintiffs in this action have requested incentive payments of $2,000 each. 7 (Doc. No. 42 at 24.) Plaintiffs argue that such incentive payments are justified because “[t]he 8 Class Representatives have actively participated in this litigation from its inception, providing 9 valuable information to Class Counsel, reviewing and approving pleadings, and dedicating 10 themselves to pursuing litigation on behalf of the Settlement Class.” (Id.) 11 If the four named plaintiffs receive $2,000 each, such awards would represent 2% of the 12 $400,000 GSA. “1–2% of the total settlement fund . . . is consistent with other court-approved 13 enhancements.” Rhom v. Thumbtack, Inc., No. 16-cv-02008-HSG, 2017 WL 4642409, at *8 14 (N.D. Cal. Oct. 17, 2017). Further, the requested incentive award of $2,000 is “at or below the 15 Ninth Circuit’s benchmark award for representative plaintiffs.” In re Yahoo! Inc. Customer Data 16 Sec. Breach Litig., 2020 WL 4212811, at *44 (approving the requested $2,500 to $5,000 17 incentive awards for eight of the Settlement Class Representatives in data breach action). 18 As noted, under the proposed settlement, the average putative Class Member will receive 19 $20.62. Thus, proposed incentive awards of $2,000 are roughly 100 times the average amount 20 each putative Class Member could expect to receive from the proposed settlement. The Ninth 21 Circuit has repeatedly urged district courts to be “vigilant in scrutinizing all incentive awards to 22 determine whether they destroy the adequacy of the class representatives.” Radcliffe v. Experian 23 Info. Sols. Inc., 715 F.3d 1157, 1163 (9th Cir. 2013) (citation omitted). However, the Ninth 24 Circuit has also upheld a district court’s determination that awarding $5,000 each to nine class 25 representatives was appropriate even though objectors argued it was significantly larger than the 26 $12 each unnamed class members would receive. See In re Online DVD-Rental Antitrust Litig., 27 779 F.3d at 941–43; see also id. at 943 (“The amount sought and awarded was relatively small, 28 ///// 1 well within the usual norms of ‘modest compensation’ paid to class representatives for services 2 performed in the class action.”). 3 Having reviewed the proposed $2,000.00 incentive awards for the named plaintiffs, the 4 court notes that the amount requested may be disproportionate given the possible disparity with 5 the settlement’s average or median award. However, in recognition of the initiative demonstrated 6 by the named plaintiffs, the court will preliminarily approve the proposed incentive awards on the 7 condition that plaintiffs demonstrate at the final approval stage that the requested awards are 8 commensurate with and do not dwarf the average or median award to be received by the Class 9 Members.4 10 e. Release of Claims 11 All Settlement Class Members, members of the Settlement Class who have not opted out 12 of the Settlement, and all other Releasing Parties will be deemed to have released defendant and 13 other Released Parties from the Released Claims. (Doc. No. 42-1 at 10–11.) Released Claims 14 means those claims, “whether known or unknown, asserted or unasserted, existing or potential, 15 suspected or unsuspected, liquidated or unliquidated, legal, statutory, or equitable, based on 16 contract, tort or any other theory, whether on behalf of themselves or others, that result from, 17 arise out of, are based upon, or relate to (a) the Data Incident; (b) th[is] Action;5 or (c) any of the 18 alleged violations of laws or regulations cited in the Complaint.” (Id. at 29.) “A settlement 19 agreement may preclude a party from bringing a related claim in the future ‘even though the 20 claim was not presented and might not have been presentable in the class action,’ but only where 21 the released claim is ‘based on the identical factual predicate as that underlying the claims in the 22 settled class action.’” Hesse v. Sprint Corp., 598 F.3d 581, 590 (9th Cir. 2010). 23

24 4 Plaintiffs have provided the court with the average award expected from the settlement but have not provided the court with estimates regarding the expected median, minimum, or maximum 25 awards. Plaintiffs are directed to provide this information in their motion for final approval.

26 5 Although this language might, standing alone, imply that Class Members also release 27 Settlement Agreement enforcement claims, the Settlement Agreement later specifies that “this Settlement shall be the exclusive remedy for any and all Released Claims of Plaintiffs and 28 Settlement Class Members.” (Doc. No. 42-1 at 31.) 1 Here, the Released Claims are on the broader end of what is acceptable but still 2 appropriately track plaintiffs’ claims in this action, and the settlement does not appear to release 3 unrelated claims that the Settlement Class may have against defendant. “With the understanding 4 that, under the release, the settlement class members are not giving up claims unrelated to those 5 asserted in this action, the court finds that the release adequately balances fairness to absent class 6 members and recovery for plaintiffs with defendants’ business interest in ending this litigation.” 7 Dodge v. PHH Corp., No. 15-cv-01973-FMO-AFM, 2018 WL 11358417, at *11 (C.D. Cal. Jan. 8 29, 2018); see also In re Stable Rd. Acquisition Corp., No. 2:21-cv-05744-JFW-SHK, 2024 WL 9 3643393, at *2 (C.D. Cal. Apr. 23, 2024) (finding that release of claims, known or unknown, that 10 are asserted in the complaint or that “arise out of, or relate to, or are based upon” the factual basis 11 for the plaintiff’s claims “is commonplace in court-approved securities class action settlements, 12 and appropriately restricts the scope of the release to the facts underlying this Action”). 13 C. Proposed Class Notice and Administration 14 For proposed settlements under Rule 23, “the court must direct notice in a reasonable 15 manner to all class members who would be bound by the proposal.” Fed. R. Civ. P. 23(e)(1); see 16 also Hanlon, 150 F.3d at 1025 (“Adequate notice is critical to court approval of a class settlement 17 under Rule 23(e).”). For a class certified under Federal Rule of Civil Procedure 23(b)(3), the 18 notice must contain, in plain and clear language: (1) the nature of the action; (2) the definition of 19 the class certified; (3) the class claims, issues, or defenses; (4) the right of a class member to 20 appear through an attorney, if desired; (5) the right to be excluded from the settlement; (6) the 21 time and manner for requesting an exclusion; and (7) the binding effect of a class judgment on 22 members of the class. Fed. R. Civ. P. 23(c)(2)(B). A class action settlement notice “is 23 satisfactory if it generally describes the terms of the settlement in sufficient detail to alert those 24 with adverse viewpoints to investigate and to come forward and be heard.” Churchill Vill., LLC 25 v. Gen. Elec., 361 F.3d 566, 575 (9th Cir. 2004) (internal quotation marks and citations omitted). 26 Here, the Settlement Agreement provides that “Defendant will coordinate to make 27 available to the Settlement Administrator the Class List no later than 5 days after entry of the 28 Preliminary Approval Order.” (Doc. No. 42-1 at 19.) “Within 30 days following entry of the 1 Preliminary Approval Order, the Settlement Administrator shall commence the Notice 2 Program[.]” (Id.) The Notice Program involves mailing a Postcard Notice to the Settlement 3 Class with information regarding a website containing more information and upon request 4 mailing Long Form Notices and paper Claim Forms to individuals in the Settlement Class. (Id. at 5 17.) The proposed Notice Program also includes a Settlement telephone line. (Id. at 8.) “The 6 Settlement Administrator shall perform reasonable address traces for Postcard Notices that are 7 returned as undeliverable.” (Id. at 22.) “No later than 60 days before the original date set for the 8 Final Approval Hearing, the Settlement Administrator shall complete the re-mailing of Postcard 9 Notice to those Settlement Class members whose new addresses were identified as of that time 10 through address traces.” (Id.) Additionally, “[t]he Notice Program shall be completed no later 11 than 60 days before the original date set for the Final Approval Hearing.” (Id.) The Settlement 12 Administrator shall “[p]rovide weekly reports to Class Counsel and Defendant’s Counsel that 13 summarize the number of Claims submitted, Claims approved and rejected, Notices of Deficiency 14 sent, opt-out requests and objections received that week, the total number of opt-out requests and 15 objections received to date, and other pertinent information[.]” (Id. at 18.) “In advance of the 16 Final Approval Hearing,” the Settlement Administrator shall “prepare a declaration confirming 17 the Notice Program was completed in accordance with the terms of this Agreement and the 18 Preliminary Approval Order, describing how the Notice Program was completed, indicating the 19 number of Claim Forms received, providing the names of each individual in the Settlement Class 20 who timely and properly requested to opt-out from the Settlement Class, indicating the number of 21 objections received, and other information as may be necessary to allow the Parties to seek and 22 obtain Final Approval[.]” (Id.) The Settlement Administrator’s declaration shall be completed no 23 later than 14 days before the Final Approval Hearing. (Doc. No. 46 at 11.) 24 A review of the amended Postcard Notice and Long Form Notice confirms that they 25 provide adequate information regarding the nature of the litigation, the essential terms of the 26 settlement, how a Class Member would object to the settlement, and how a Class Member would 27 request to be excluded from the settlement. (Doc. No. 46-7 at 10.) The Long Form Notice also 28 identifies the Class Counsel; specifies the amounts that will be sought for the named plaintiffs’ 1 incentive payments and Class counsel’s fees and expenses; and explains how to obtain additional 2 information, including a blank for a link to a website. (Doc. No. 46-9 at 10, 12.) The Long Form 3 Notice also adequately informs the Class Members of the scope of the Released Claims. (Id. at 4 9.) 5 However, plaintiffs’ notice does not disclose the maximum cost of administering the 6 settlement, $75,600, or the fact that attorneys’ fees and settlement administration costs will be 7 deducted from the GSA. (Id. at 12.) Particularly because this proposed maximum cost is on the 8 higher end, plaintiffs are directed to add this information prior to initiation of the Notice Program. 9 Erickson v. Corinthian Colleges, Inc., No. 13-cv-07466-GHK-PJW, 2015 WL 12001275, at *3 10 (C.D. Cal. Dec. 22, 2015) (“To adequately inform putative class members of the settlement’s 11 material terms, the Notice shall conspicuously state the estimated Claims Administrator costs and 12 that those costs will be deducted from the GSA.”). 13 The court finds that the notice and the manner of notice proposed by plaintiffs otherwise 14 meet the requirements of Federal Civil Procedure Rule 23(c)(2)(B) and 29 U.S.C. § 216(b) and 15 that the proposed postcard mail delivery is appropriate under these circumstances. In re 16 QuantumScape Sec. Litig., No. 21-cv-00058-WHO, 2024 WL 3491039, at *2 (N.D. Cal. July 18, 17 2024) (“find[ing] that the mailing and distribution of the Postcard Notice, the posting of the 18 Notice and Claim Form online, and the publication of the Summary Notice in the manner and 19 form set forth in this Order (i) is the best notice practicable under the circumstances”); see also 20 Evans v. Wal-Mart Stores, Inc., No. 2:17-cv-07641-AB-KK, 2022 WL 22879278, at *6 (C.D. 21 Cal. June 30, 2022) (approving postcard notice). 22 D. Settlement Administrator and Settlement Administration Costs 23 The parties have agreed to retain Kroll Settlement Administration, LLC to handle the 24 notice and claim administration process and request that Kroll Settlement Administration, LLC be 25 appointed to serve as the Settlement Administrator. (Doc. No. 42 at 8.) 26 As stated above, the cost of administering this settlement is capped at $75,600, which will 27 be deducted from the GSA. (Doc. No. 46 at 7.) This cap is on the higher end of administration 28 fees proposed in other settlements submitted to this court. See, e.g., Mondrian v. Trius Trucking, 1 Inc., No. 1:19-cv-00884-DAD-SKO, 2022 WL 2306963, at *21 (E.D. Cal. June 27, 2022) 2 (administration costs of “less than $15,000” for a $995,000 settlement); Castro v. Paragon Indus., 3 Inc., No. 1:19-cv-00755-DAD-SKO, 2020 WL 1984240, *19 (E.D. Cal. Apr. 27, 2020) 4 (administration costs of $15,000 for a $3.75 million settlement); Gonzalez v. CoreCivic of Tenn., 5 LLC, No. 1:16-cv-01891-DAD-JLT, 2020 WL 1475991, at *14 (E.D. Cal. Mar. 26, 2020) 6 (administration costs of $15,000 for a $3.2 million settlement); Dakota Med., Inc. v. RehabCare 7 Grp., Inc., No. 1:14-cv-02081-DAD-BAM, 2017 WL 1398816, at *5 (E.D. Cal. Apr. 19, 2017) 8 (administration costs of $94,000 for a $25 million settlement); Aguilar v. Wawona Frozen Foods, 9 No. 1:15-cv-00093-DAD-EPG, 2017 WL 117789, at *7 (E.D. Cal. Jan. 11, 2017) (administration 10 costs of $45,000 for a $4.5 million settlement). Other data breach actions do feature similar or 11 higher administrative costs, though the court notes that the settlement amounts were much higher 12 in those cases. 23andMe, 2024 WL 4982986, at *5 (administration costs of $727,000–$1,038,000 13 for a $30 million settlement in a data breach action); Carter, 2023 WL 8153712, at *2 14 (administrative costs of $114,000 for a $3 million settlement). Though higher administrative 15 costs “are not unprecedented[,]” they have been approved where unusual expenses justify the 16 departure. Farrar v. Workhorse Grp., Inc., No. 21-cv-02072-CJC-PVC, 2023 WL 5505981, at *9 17 (C.D. Cal. July 24, 2023) (collecting cases). 18 Since plaintiffs have not explained why the proposed maximum administrative costs are 19 set so high, they are directed to justify the final requested administrative costs in their motion for 20 final approval. With this caveat, the court will appoint Kroll Settlement Administration, LLC as 21 the Settlement Administrator. 22 E. Implementation Schedule 23 The court sets the following implementation schedule, which is based on timelines set out 24 in the Settlement Agreement, the pending motion, and plaintiffs’ supplemental brief: 25 ///// 26 ///// 27 ///// 28 ///// 1 Event Date 2 Defendant will coordinate to make available No later than 5 days after entry of the 3 to the Settlement Administrator the Class List Preliminary Approval Order 4 The Settlement Administrator will commence Within 30 days following entry of the 5 the Notice Program Preliminary Approval Order 6 The Settlement Administrator will complete 60 days before the Final Approval Hearing the Notice Program 7 Motion for Final Approval (including Fee 45 days before new Final Approval Hearing 8 Motion) date 9 End of Objection Period 30 days before Final Approval Hearing date 10 End of Opt-Out Period 30 days before Final Approval Hearing date 11 Claim Form Deadline 15 days before Final Approval Hearing date 12 Administrator’s Declaration 14 days before Final Approval Hearing date 13 Final Approval Hearing April 20, 2026 at 1:30 p.m. PST 14 15 Defendant will deposit the Settlement Fund Within 25 days after the Effective Date into the Settlement Escrow Account 16 17 In addition to the dates identified in this implementation schedule, the parties and Kroll 18 are instructed to follow the remaining dates and time restrictions identified in the Settlement 19 Agreement. 20 CONCLUSION 21 For the reasons explained above: 22 1. Plaintiffs’ motion for preliminary approval of class action settlement (Doc. No. 42) 23 is GRANTED; 24 2. The proposed Settlement Class identified in the Settlement Agreement (Doc. No. 25 42-1) is CERTIFIED for settlement purposes; 26 3. Plaintiffs’ counsel, Kristen Lake Cardoso of Kopelowitz Ostrow P.A., Leanna A. 27 Loginov of Shamis & Gentile, P.A., Scott Edelsberg of Edelsberg Law, P.A., and 28 ///// 1 Cassandra Miller of Strauss Borrelli PLLC, are APPOINTED as Class counsel for 2 settlement purposes; 3 4. The named plaintiffs Ganesh Sankar, Erika Titus-Lay, Jared Cavanaugh, and 4 Kimberly Vongnalith are APPOINTED as Class representatives for settlement 5 purposes; 6 5, Kroll Settlement Administration, LLC is APPROVED as the Settlement 7 Administrator; 8 6. The proposed Notice Program (Doc. Nos. 46-7, 46-8, 46-9) is APPROVED in 9 accordance with Federal Rule of Civil Procedure 23; 10 7. Before executing the Notice Program, the court DIRECTS the parties or Kroll to 11 add the maximum cost of administering the settlement, $75,600, and the fact that 12 attorneys’ fees and settlement administration costs will be deducted from the GSA, 13 and to fill in all blank or bracketed placeholders in the Notice Program with the 14 appropriate information; 15 8. The proposed settlement detailed herein is APPROVED on a preliminary basis as 16 fair and adequate; 17 9. The hearing for final approval of the proposed settlement is SET for Monday, 18 April 20, 2026 at 1:30 p.m. before the undersigned in Courtroom 4; and 19 10. The settlement implementation schedule set forth above is ADOPTED. 20 IT IS SO ORDERED. Dated: _ December 9, 2025 Dek A. 2, Arye 22 DALE A. DROZD 33 UNITED STATES DISTRICT JUDGE

24 25 26 27 28 29