UNITED STATES DISTRICT COURT WESTERN DISTRICT OF KENTUCKY LOUISVILLE DIVISION
In re OnePoint Patient Care, LLC., Case No. 3:24-cv-649-RGJ Data Breach Litigation Judge Rebecca Grady Jennings
CLASS ACTION
MEMORANDUM OPINION & ORDER
Plaintiffs1 are individuals who allege that their private information was exposed in a data breach as a result of Defendant OnePoint Patient Care, LLC (“OnePoint”) failing to sufficiently protect their information. Plaintiffs now move for preliminary approval of a settlement for a proposed class. [DE 30]. OnePoint does not oppose Plaintiffs’ motion. For the following reasons, the Court ORDERS Plaintiffs to file supplemental briefing on the motion. I. BACKGROUND OnePoint is a Kentucky-based pharmacy and pharmacy benefits manager specializing in hospice care serving over 40,000 patients nationally across various service platforms. During the regular course of its operations, OnePoint collects, maintains, and stores its patients’ and employees’ Private Information,2 which includes personally identifiable information and protected health information. [DE 29 ¶¶ 23-24]. On or about August 8, 2024, OnePoint noticed suspicious activity within its computer systems and network. [Id. ¶ 3]. In October and November of 2024, Defendant began notifying individuals that their Private Information may have been accessed in
1The named individual Plaintiffs and representatives of the putative class are Christopher Russo (“Russo”) and Shannon Cobb (“Cobb”). [DE 29]. 2 Unless otherwise defined, all capitalized terms in this Order have the same definitions as set forth in the parties’ Settlement Agreement. [See DE 30-2 ¶ 52 (defining “Private Information” as “information collected by Defendant, directly or indirectly, pertaining to its current and former patients, including, but not limited to, names, addresses, facility location, and medical information”)]. the Data Incident. [Id. ¶¶ 32, 138]. On November 8, 2024, Plaintiff Russo filed a complaint against OnePoint asserting several causes of action related to its role in the Data Incident.3 [DE 1]. This Court consolidated the Russo action with another putative class action that was materially and substantively identical on January 10, 2025.4 Shortly thereafter, the parties began discussing potential settlement and scheduled a mediation with experienced class action mediator. [DE 30-1
at 241]. In advance of the mediation, Plaintiffs propounded informal discovery requests on OnePoint to which OnePoint responded by “providing information related to, among other things, the nature and cause of the Data Incident, the number and geographic location of victims impacted, the specific type of information breached, and the remedial measures implemented in response to the Data Incident.” [Id. See also DE 30-3 ¶ 8 (“Joint Declaration of Class Counsel”)]. The parties also exchanged mediation statements in advance of the mediation. [DE 30-1 at 241]. The parties participated in the formal mediation on April 9, 2025. Following a full day of negotiations, the parties reached an agreement on the material terms of a class wide settlement. The material terms of the settlement and additional terms agreed to by the parties are memorialized
in the Settlement Agreement. [DE 30-2]. On April 18, 2025, Plaintiffs Russo and Cobb filed the Consolidated Complaint, individually and on behalf of all others similarly situated, alleging negligence, negligence per se, breach of implied contract, unjust enrichment, breach of fiduciary duty, and for declaratory and injunctive relief. Plaintiffs now seek preliminary approval of the Settlement Agreement.
3 “Data Incident” means the cybersecurity incident that took place on or about August 8, 2024, involving the Defendant and resulting in the unauthorized access to or acquisition of Settlement Class members’ Private Information.” [DE 30-2 ¶ 30]. 4 [See DE 19 (Order consolidating 3:24-cv-000649-RGJ (the “Russo Action”), DE 1 at 1, and 3:24-cv- 00695-RGJ (“Howey Action”), DE 1 at 2)]. II. PROPOSED SETTLEMENT AGREEMENT The Settlement Agreement provides that OnePoint will pay $2,115,000 into a non- reversionary common fund (the “Settlement Fund”). [DE 30-1 at 242]. Following final approval, Plaintiffs will ask that up to one-third of the Settlement Fund be allocated to attorneys’ fees. They also will ask that CAFA notice and administration fees, litigation expenses, and a total of $5,000
in plaintiff service awards be deducted from this amount. [Id.]. The Class Members’ Valid Claim claims will then be paid out of the remaining sum. [DE 30-2 ¶ 97]. If monies remain in the Settlement Fund after the date the Class Members’ settlement checks expire, those monies will not revert to OnePoint but will be paid to a proposed cy pres recipient.5 [Id. ¶ 105]. There are approximately 528,452 potential settlement class members. [DE 30-1 at 242]. The Settlement Agreement proposes two alternate payment options. Under the “Cash Payment A” section, Class Members may submit claims for “up to $3,500” for “documented losses related to the Data Incident.” [DE 30-2 ¶ 70]. Class Members seeking compensation under this category will be required to provide reasonable supporting documentation. [Id.] In the event such a claim is deemed deficient (and cannot be cured after a reasonable opportunity), it will be treated
automatically as a request for a “Cash Payment B – Alternate Cash.” [Id.] The second option, for an “Alternate Cash” payment does not require any supporting documentation. Class Members who elect this option will simply submit a claim form indicating
5 Specifically, the Settlement Fund will be allocated as follows: (1) “[w]ithin 21 days following Preliminary Approval,” OnePoint shall pay the Settlement Administrator, Epiq Class Action & Claims Solutions, Inc. (“Epiq”), the “estimated Settlement Administration Costs and CAFA Notice”; (2) “within five days after the Defendant makes the final payment into the Settlement Fund,” the Settlement Administrator will pay out any Court-approved “Attorneys’ Fees and Costs,” as well as any “Service Awards” approved by the court and at the direction of Class Counsel; and (3) “[t]he Settlement Administrator shall distribute the Settlement Class Member Benefits no later than 30 days after the Effective Date or 30 days after the validity review of Cash Payments A is complete, whichever is later.” [DE 30-2 ¶¶ 67, 97, 102, 103]. Any residual funds (e.g. uncashed checks issued for Valid Claims) “shall be distributed to an appropriate mutually agreeable cy pres recipient approved by the Court.” [Id. ¶ 105]. their choice. Notably, the Cash Payment B option is “subject to a pro rata increase in the event the amount of Valid Claims is insufficient to exhaust the entire Settlement Fund. Similarly, in the event the amount of Valid Claims exhausts the amount of the Settlement Fund, the amount of the Cash Payments will be reduced pro rata accordingly.” [Id. ¶ 70]. “Any pro rata increases or decreases . . . will be on an equal percentage basis,” calculated to ensure that the Settlement Fund
is exhausted when the claims are paid out. [Id.]. Finally, in consideration for the benefits conferred to the Class Members, the Settlement Agreement provides that Class Members will release OnePoint from “any and all Released Claims, including but not limited to any state law or common law claims arising out of or relating to the Data Incident that the Releasing Parties may have or had” [Id. ¶ 106]. III. STANDARD The claims of a “class proposed to be certified for purposes of settlement” may be settled “only with the court’s approval.” Fed. R. Civ. P. 23(e); see also Wayside Church v. Van Buren Cnty., Michigan, 103 F.4th 1215, 1222 (6th Cir. 2024). Under Rule 23(e), “class action settlement approval involves a three-step process”: (1) “preliminary approval of the proposed settlement,” (2)
“notice of the settlement to all affected class members,” and (3) a “final approval hearing.” Garner Props. & Mgmt., LLC v. City of Inkster, 333 F.R.D. 614, 620 (E.D. Mich. 2020) (quotation mark omitted); see also Thacker v. Chesapeake Appalachia, LLC, 259 F.R.D. 262, 270 (E.D. Ky. 2009) (citing Tenn. Ass’n of Health Maint. Orgs., Inc. v. Grier, 262 F.3d 559, 565–66 (6th Cir. 2001)). This case has reached the first step. The parties must “show[] that the court will likely be able to” both (1) approve the proposed settlement as “fair, reasonable, and adequate” and (2) “certify the class for purposes of judgment on the proposal.” Fed. R. Civ. P. 23(e)(1)–(2). “[I]f giving notice is justified by the parties’ showing,” the Court “must direct notice in a reasonable manner to all class members who would be bound by the proposal.” Fed. R. Civ. P. 23(e)(1)(B). At step two, after receiving notice, “[a]ny class member may object to the proposal.” Fed. R. Civ. P. 23(e)(5)(A). At step three, a hearing must take place before the Court finally approves any class- action settlement. Fed. R. Civ. P. 23(e)(2). IV. ANALYSIS A. Preliminary Approval of Proposed Settlement At this stage, “[t]he parties must provide the court with information sufficient to enable it
to determine whether to give notice of the proposal to the class.” Fed. R. Civ. P. 23(e)(1)(A). Notice will be given if the parties can show “that the court will likely be able to” (1) “approve the proposal under Rule 23(e)(2)” and (2) “certify the class for purposes of judgment on the proposal.” Fed. R. Civ. P. 23(e)(1)(B). i. Likelihood of Approval Under Rule 23(e)(2) The Court may approve a proposed class action settlement only after a hearing and only on finding that it is fair, reasonable, and adequate after considering” several factors. Fed. R. Civ. P. 23(e)(2). Rule 23 provides “the primary framework” for making that determination. Garner Props. & Mgmt., 333 F.R.D. at 621 n.4 (discussing Fed. R. Civ. P. 23 advisory committee’s note to 2018 amendment). The Court must consider whether:
(A) the class representatives and class counsel have adequately represented the class; (B) the proposal was negotiated at arm’s length; (C) the relief provided for the class is adequate; . . . [and] (D) the proposal treats class members equitably relative to each other.
Fed. R. Civ. P. 23(e)(2). The first two factors are procedural in nature, while the latter two direct the Court to examine the substance of the settlement. See Newberg and Rubenstein on Class Actions § 13:15 (6th ed.) (“The procedural factors ask whether ‘the class representatives and class counsel have adequately represented the class [and whether] the proposal was negotiated at arm’s length.’ The substantive factors look at the adequacy of the class’s relief and the equity of its distribution across the class.”) Further, under a prior version of the Rule, the Sixth Circuit identified additional considerations that guide the inquiry into whether a class settlement is fair, reasonable, and adequate.” McKnight v. Erico Int’l Corp., 655 F. Supp. 3d 645, 655 (N.D. Ohio 2023) (citing
Whitlock v. FSL Mgmt., LLC, 843 F.3d 1084, 1093 (6th Cir. 2016)). The Sixth Circuit factors are: (1) the risk of fraud or collusion; (2) the complexity, expense and likely duration of the litigation; (3) the amount of discovery engaged in by the parties; (4) the likelihood of success on the merits; (5) the opinions of class counsel and class representatives; (6) the reaction of absent class members; and (7) the public interest. Int’l Union, United Auto., Aerospace, & Agr. Implement Workers of Am. v. Gen. Motors Corp. (“UAW v. GMC”), 497 F.3d 615, 631 (6th Cir. 2007). “[I]n considering whether to approve the parties’ proposed settlement, a District Court in the Sixth Circuit should look to both the factors found in Rule 23 as well as the Sixth Circuit’s traditional factors.” Doe v. Ohio, No. 2:91-cv- 00464, 2020 WL 728276, at *3 (S.D. Ohio Feb. 12, 2020), report and recommendation adopted, No. 2:91-cv-464, 2020 WL 996561 (S.D. Ohio Mar. 2, 2020) (citations modified); see also Wilson v. Anthem Health Plans of Kentucky, Inc., No. 3:14-cv-743, 2019 WL 6898662, at *3 (W.D. Ky. Dec. 18, 2019) (“The Advisory Committee, in amending Rule 23(e), did not intend to displace factors developed by the circuit courts in deciding whether to approve a proposed settlement agreement, but rather to ‘focus the court . . . on the core concerns . . . that should guide’ the court’s determination.”) (quoting Federal R. Civ. P. 23(e) advisory committee’s note to 2018 amendment)). “At the stage of preliminary approval, the questions are simpler, and the court is not expected to, and probably should not, engage in analysis as rigorous as is appropriate for final approval.” Lott v. Louisville Metro Gov’t, No. 3:19-cv-271, 2023 WL 2562407, at *1 (W.D. Ky. Mar. 17, 2023) (quoting Spine & Sports Chiropractic, Inc. v. ZirMed, Inc., No. 3:13-cv-00489, 2015 WL 1976398, at *1 (W.D. Ky. May 4, 2015)). “Courts apply a degree of scrutiny sufficient to avoid ‘rubber-stamp[ing]’ a proposed settlement agreement, while still being ‘mindful of the substantial judicial processes that remain to test the assumptions and representations upon which the [proposed settlement agreement] are premised.’” Id. (quoting In re Inter-Op Hip Prosthesis
Liab. Litig., 204 F.R.D. 330, 338 (N.D. Ohio 2001)). “The question at the preliminary-approval stage is simply whether the settlement is fair enough to begin the class-notice process.” Strano v. Kiplinger Washington Eds., Inc., 649 F. Supp. 3d 546, 553 (E.D. Mich. 2023) (Strano II) (citation modified). Thus, a settlement proposal “warrants preliminary approval if it is within the range of what ultimately could be considered fair, reasonable, and adequate—a determination left to the sound discretion of the Court.” Bowling v. Pfizer, 144 F. Supp. 3d 945, 952 (S.D. Ohio 2015). 1. Adequate Representation and Non-Collusive Negotiations The procedural factors set out in Rule 23(e)(2)(A)-(B) and the first UAW factor weigh in
favor of preliminary approval of the Settlement Agreement. The primary procedural inquiry is whether the settlement “ar[ises] out of arms-length, non-collusive negotiations.” In re AME Church Employee Retirement Fund Litigation, 2025 WL 900003, at *6 (W.D. Tenn. 2025). “Courts presume the absence of fraud or collusion in class action settlements unless there is evidence to the contrary.” Leonhardt v. ArvinMeritor, Inc., 581 F. Supp. 2d 818, 838 (E.D. Mich. 2008) (citation omitted). See also Inter-Op Hip Prosthesis, 204 F.R.D. at 351 (“[W]hen a settlement is the result of extensive negotiations by experienced counsel, the Court should presume it is fair.”). Here, the unopposed motion states that “the Settlement Agreement is the product of a mediation session occurring before . . . an experienced class action and data breach mediator. These negotiations were conducted at arm’s length and in good faith by experienced counsel.” [DE 30-1 at 348]. And Interim Class Counsel6 attest that “the Parties did not discuss Service Awards or attorneys’ fees and costs until after an agreement had been reached on all material settlement terms
regarding Settlement Class Member Benefits.” [DE 30-3 ¶ 24]. Thus, because there is no “evidence to the contrary,” the Court presumes at this stage that the settlement was procedurally fair. Leonhardt, 581 F. Supp. 2d at 838. This presumption is especially strong where, as here, “the participation of an independent mediator in the settlement negotiations virtually assures that the negotiations were conducted at arm’s length and without collusion between the parties.” Hainey v. Parrott, 617 F. Supp. 2d 668, 673 (S.D. Ohio 2007) (citations omitted). Due to the short amount of time between the filing of this action in November 2024 and the filing of the present motion, the record is less developed on whether Plaintiffs and their counsel have adequately represented the putative class. The record does show, however, that Plaintiffs
coordinated multiple related actions, hired competent counsel, produced sufficient evidence to permit investigation of their claims, and ultimately secured a nationwide settlement. [DE 30-1 at 259]. Plaintiffs therefore have shown that the procedural factors weigh in favor of preliminary approval. 2. Adequacy of Relief In determining whether the class-wide relief is adequate under Rule 23(e)(2)(C), the Court considers “the costs, risks, and delay of trial and appeal”; “the effectiveness of any proposed method of distributing relief to the class, including the method of processing class-member
6 Interim Class Counsel are “Tyler J. Bean of Siri & Glimstad LLP, A. Brooke Murphy of Murphy Law Firm, Andrew W. Ferich of Ahdoot & Wolfson, PC, and Jeff Ostrow of Kopelowitz.” [DE 19 at 155]. claims”; “the terms of any proposed award of attorney’s fees, including timing of payment”; and “any agreement required to be identified under Rule 23(e)(3).” 7 Fed. R. Civ. P. 23(e)(2)(C). This analysis overlaps with the second and fourth UAW factors: “the complexity, expense and likely duration of the litigation; [and] . . . the likelihood of success on the merits.” UAW v. GMC, 497 F.3d 615, 631. The latter factor is most important because a court “cannot judge the fairness of a
proposed compromise without weighing the plaintiff’s likelihood of success on the merits against the amount and form of the relief offered in the settlement.” Id. The Sixth Circuit has further explained that [w]hen extinguishing the claims of a large class of people—some of whom may not even be aware that a pending lawsuit affects their rights—courts are required to closely analyze whether the claims that the unnamed class members are giving up are worth the benefits they may receive. Does 1-2 v. Deja Vu Servs., Inc., 925 F.3d 886, 895 (6th Cir. 2019). Thus, Courts routinely deny motions for preliminary approval in the absence of information sufficient to determine the value of the class members’ claims. See, e.g., Cordy v. USS-Posco Industries, 2013 WL 4028627, *4 (N.D. Cal. 2013) (denying preliminary approval where plaintiff provided “no information about the maximum amount that the putative class members could have recovered if they ultimately prevailed on the merits of their claims”); Fraser v. Asus Computer Intern., 2012 WL 6680142, *5 (N.D. Cal. 2012) (“The current record is insufficient to determine whether the benefit under the proposed settlement to class members who submit a valid and timely claim form is fair and reasonable to those class members.”); Sobel v. Hertz Corp., 2011 WL 2559565, *10 (D. Nev. 2011) (finding the court could not “even begin th[e] inquiry” where “the parties ha[d] failed to provide . . . evidence of . . . the total amount of . . . fees that were charged to the class members, let alone potential ranges of recovery and the chances of obtaining it”).
7 Plaintiffs report that there are no agreements to be identified under Rule 23(e)(3). [DE 30-3 ¶ 44]. At the preliminary approval stage, courts may choose to compare the proposed settlement amount to the amount plaintiffs recovered in similar cases. See Trombley v. National City Bank, 759 F. Supp. 2d 20, 24–25 (D.D.C. 2011), subsequent determination, 826 F. Supp. 2d 179 (D.D.C. 2011), case dismissed, 2012 WL 556319 (D.C. Cir. 2012) (accepting, for the purposes of preliminary approval, plaintiffs’ argument that settlement amount falls within the range of
reasonableness given settlement amounts approved in comparable cases, but advising settling parties that on final review they “must adequately explain” why the cases they have used as points of comparison are helpful and “offer evidence that enables the Court to calculate the potential trial recovery in this case”) (emphasis added). After careful review, the Court has several concerns regarding the adequacy of the proposed relief. First, the record contains no direct evidence regarding the likelihood that the putative class would succeed on their claims. OnePoint has yet to file a responsive pleading or a motion to dismiss. Although the Plaintiffs report that the parties engaged in initial discovery sufficient “to understand the size of the Settlement Class [and] the issues at hand,” the motion is
silent on what those issues are. [DE 30-1 at 252]. Instead, Plaintiffs contend that data breach cases have “historically . . . face[d] substantial hurdles in surviving even the pleadings stage,” [id. (quoting Hammond v. The Bank of N.Y. Mellon Corp., 2010 U.S. Dist. LEXIS 71996, at *2–4 (S.D.N.Y. June 25, 2010) (collecting cases)], and that even beyond the pleading stage, many courts have observed that “[d]ata breach litigation is evolving; there is no guarantee of the ultimate result . . . [they] are particularly risky, expensive, and complex.” [Id. at 252–53 (quoting Fox v. Iowa Health Sys., 2021 WL 826741, at *5 (W.D. Wis. Mar. 4, 2021))]. In particular, Plaintiffs identify “standing,” untested “damages methodologies,” and “causation” as litigation risks. [Id.]. But these generalizations, standing alone, do not allow the Court to meaningfully evaluate “the costs, risks, and delay of trial and appeal” as required by Rule 23(e)(2)(C). Second, Plaintiffs have not shown that the value of the proposed relief of approximately “$4 per person” falls within the range of reasonableness given settlement amounts approved in comparable cases. Although Plaintiffs cite to a handful of cases approving settlements ranging
from $0.10 to $3.61 per class member, almost all those cases were decided over several years ago and involved much larger class sizes. [See DE 30-3 at 334 (with exception of case involving 877,584 members, all cases range from 2.9–194 million members)]. Indeed, in comparison to more recent, similarly sized data breach class actions, the Settlement Agreement appears to provide relatively low value per person: Case Name Case Number Settlement Class Per Amount Size Person In re OnePoint Patient Care, LLC., No. 3:24-cv-649- $2,115,000 528,452 $4 Data Breach Litigation RGJ Thomsen v. Morley Companies, Inc. No. 1:22-cv-10271 $4,300,000 694,679 $6.19 (E.D. Mich.) Tate v. EyeMed Vision Care, LLC No. 1:21-cv-136 $5,000,000 692,154 $7.22 (S.D. Ohio) Tucker v. Marietta Area Health Care No. 2:22-cv-00184 $1,750,000 216,478 $8.08 (S.D. Ohio) In re Overby-Seawell Co. Data No. 1:23-md-2056 $6,000,000 615,000 $9.76 Security Breach Litigation (N.D. Ga.) In re CorrectCare Data Breach No. 5: 22-319- (E.D. $6,490,000 646,701 $10.04 Litig. Ky.) In re Cinfed Federal Credit Union No. 1:23-cv-776 $700,000 58,000 $12 Data Breach Litig. (S.D. Ohio) Phelps v. Toyotetsu North America No. 6:22-cv-06 (E.D. $400,000 11,916 $33.57 Ky.)
On the other hand, the remaining Rule 23(e)(2)(C) considerations weigh in favor of finding that the proposed relief is adequate. The proposed “method of distributing relief to the class, including the method of processing class-member claims” appears reasonably calculated to provide effective relief to the class. Fed. R. Civ. P. 23(e)(2)(C). The claims process is relatively simple, and the few administrative burdens appear reasonably intended to deter fraudulent claims. And the parties’ proposed Settlement Administrator, Epiq, appears qualified to handle the Notice Program and Settlement Administration as set forth in the Settlement Agreement. [DE 30-1 at 246
(citing DE 30-3 at 331)]. Additionally, the Court finds the proposed allocation of attorneys’ fees and costs reasonable at this stage. The Settlement Agreement provides for attorneys’ fees “not to exceed one-third of the Settlement Fund as well as reimbursement of litigation expenses,” which is within a range commonly found acceptable. [DE 30-1 at 245]. See In re CorrectCare Data Breach Litig., No. CV 5:22-319-DCR, 2024 WL 4211480, at *4 (E.D. Ky. Sept. 17, 2024) (approving one-third of the settlement fund as class counsels’ fee). But see In re Cinfed Fed. Credit Union Data Breach Litig., No. 1:23-CV-776, 2025 WL 1637686, at *15 (S.D. Ohio June 10, 2025) (reducing attorneys’ fees from one-third of fund to one-fourth given “the limited work necessary to reasonably pursue
this action”). Notably, “the Settlement Agreement doesn’t require payment of any specific amount of attorneys’ fees, it just says that class counsel will seek” an amount up to one-third of the Settlement Fund, in addition to reasonable costs. Hawes v. Macy’s Inc., No. 1:17-CV-754, 2023 WL 8811499, at *12 (S.D. Ohio Dec. 20, 2023). Thus, even if the Court ultimately finds the requested fees or costs to be unreasonable, this would not make the Settlement Agreement unreasonable at the preliminary approval stage.8
8 The same is true for the Settlement Agreement’s allocation of plaintiff service awards. As with attorneys’ fees, the provision of Service Awards to Russo and Cobb presents no issue at this time because the Settlement Agreement provides that “[t]he Class Representatives may seek Service Awards of up to $2,500.00 each, subject to Court approval.” [DE 30-2 ¶ 102 (emphasis added)]. Nevertheless, the Court is unable to find that this factor supports granting preliminary approval given the lack of information regarding the value of the class members’ claims and their likelihood of success. To the extent that comparable cases are relevant to show the proposed relief is reasonable, they tend to show that the Settlement Agreement is on the lower end of what courts regularly approve. The Court is mindful that “[e]ach case is different and must be evaluated on its
own merits,” and, therefore, the fact that the proposed Settlement Fund here is lower than in comparable cases does not necessarily mean that the proposed relief is inadequate. Schulte v. Fifth Third Bank, 805 F. Supp. 2d 560, 584 (N.D. Ill. 2011). Yet Plaintiffs do not explain why the proposed relief in this case is lower than in facially similar class actions or, conversely, why this case should be compared to the much larger class actions Plaintiffs cite in support of their motion. [See DE 30-3 at 334]. As a result, the Court lacks sufficient information to appropriately weigh this factor. 3. Equitable Treatment of Class Members The final Rule 23(e)(2) requirement requires the Court to consider whether “the proposal
treats class members equitably relative to each other.” Fed. R. Civ. P. 23(e)(2)(D). Relevant here, the Settlement Agreement makes all Class Members eligible “to receive either reimbursement for their documented losses stemming from the Data Incident [up to $3,500] or to receive a cash payment” of approximately “$100” on a pro rata basis. [DE 30-1 at 243, 250]. Additionally, all Class Members will benefit from additional data security measures implemented by OnePoint pursuant to the Settlement Agreement. [DE 30-2 at 280 (providing that “Prior to Final Approval, upon request, Defendant will provide Class Counsel with a written attestation regarding the security measures it implemented following the Data Incident.”)].9 The Court notes that the Settlement Agreement employs a common payment structure approved in similar data breach class action settlements, with one important distinction. In Phelps v. Toyotetsu N. Am., for example, the district court granted preliminary approval of a proposed
settlement which contained the following payment structure: The Settlement Fund would be used to pay $250 to each Class Member who submits a valid claim, to be increased or decreased pro rata after paying any Class Member’s documented monetary losses (up to $5,000 per claimant for documented losses that are fairly traceable to the Data Breach), for attorneys’ fees and expenses, for the proposed $5,000 Class Representative Service Award, and for the costs of Settlement Administration. No. 6:22-cv-106-CHB, slip op. at 17 (E.D. Ky. April 25, 2023). See also In re Cinfed Fed. Credit Union Data Breach Litig., 2025 WL 1637686, at *2 (providing for reimbursement of “up to $5,000.00 per individual” and projected pro rata payments of “$120–$168 per valid claimant”). Unlike those cases, the Settlement Agreement in this case requires Class Members to choose between a reimbursement-type claim and a pro rata claim. Class Members are not eligible to receive both. Though some courts have found that this type of “proposal treats class members equitably relative to each other by offering all individuals the same option of benefits,” Smith v. Specialty Networks LLC, No. 1:24-CV-286, 2025 WL 1944022, at *4 (E.D. Tenn. July 15, 2025), at least one court has found it inequitable where claimants must choose between two payment options and there is a possibility that the settlement fund is depleted by reimbursement-type claims to the exclusion of all Cash Payment B claimants. See In re CorrectCare Data Breach Litig., 2024 WL
9 Although the Motion [DE 30] and the Settlement Agreement [DE 30-2] do not state what additional security measures will be implemented, the Court will have an opportunity to evaluate the adequacy of these measures when reviewing the equitable benefit to Class Members at the Final Approval Hearing. 1403075, at *7 (E.D. Ky. Apr. 1, 2024) (denying motion for preliminary approval because the settlement provided that “any valid out-of-pocket claims will be subtracted from the Net Settlement Fund before class members seeking an alternative cash payment can obtain any relief”); In re CorrectCare Data Breach Litig., 2024 WL 1854711, at *1 (E.D. Ky. Apr. 29, 2024) (finding “[t]he parties’ revised Settlement remedie[d] that problem”).
Additionally, the Settlement Agreement does not distinguish between class members who reside in California and who may be giving up more valuable claims. [See DE 30-2 ¶ 106 (releasing any causes of action arising “under California’s Consumer Privacy Act, California Civil Code section 1798.100, et seq. and/or California’s Unfair Competition Law, California Civil Code section 17200 et seq.”)]. In comparison, settlement agreements in other cases involving nationwide classes in the data breach context have included additional benefits for class members releasing their statutory claims. See, e.g., Thomsen v. Morley Companies, Inc., 639 F. Supp. 3d 758, 768– 69 (E.D. Mich. 2022) (granting preliminary approval of settlement agreement providing that “class members who were residents of California during the Data Incident are eligible to request $75.00
‘as compensation for their statutory claim(s)’” in addition to benefits all class members were eligible to claim). Despite these potential concerns, at this stage, the Court finds the proposal appears to equitably compensate the Class Members. As the court in CorrectCare noted, the risk of “Cash Payment A” claims depleting the Settlement Fund prior to any allocations to “Cash Payment B” claimants appears unlikely. 2024 WL 1403075, at *7. Moreover, despite the release language, it is unclear whether the allegations in the Consolidated Complaint would support statutory causes of action arising under either California’s or other states’ consumer privacy statutes. See Lurry v. PharMerica Corp., No. 3:23-CV-297-RGJ, 2024 WL 2965642, at *12 (W.D. Ky. June 12, 2024) (dismissing claims under the California Consumer Privacy Act due to statute’s exemption for healthcare providers). In any event, the Plaintiffs may choose to address the fairness of the proposed payment structure in the additional briefing ordered herein. The Court finds this factor weighs in favor of preliminary approval. 4. Remaining UAW Factors
The only UAW factors the Court has yet to address are “(3) the amount of discovery engaged in by the parties; . . . (5) the opinions of class counsel and class representatives; (6) the reaction of absent class members; and (7) the public interest.” UAW v. GMC, 497 F.3d at 631. Though it appears that only minimal discovery was conducted prior to mediation, Plaintiffs’ counsel state that the parties engaged in initial discovery sufficient “to understand the size of the Settlement Class [and] the issues at hand” and that Plaintiffs and their counsel agree that “the Settlement Fund provides a favorable resolution to Plaintiffs’ claims in light of the risks of continued litigation.” [DE 30-1 at 252, 255]. Under the circumstances, settlement also furthers the public’s interest. See Green v. Platinum Restaurants Mid-Am. LLC, No. 3:14-CV-439, 2022 WL
1240432, at *5 (W.D. Ky. Apr. 27, 2022) (“[T]here is a strong public interest in encouraging settlement of complex litigation and class action suits because they are ‘notoriously difficult and unpredictable’ and settlement conserves judicial resources.”) (citation modified). The Court finds these factors weigh in favor of granting preliminary approval. 5. More Information Is Needed Having reviewed all the relevant factors, the Court is unable to conclude that the Settlement is “fair enough to begin the class-notice process.” Strano II, 649 F. Supp. at 553. The Court reiterates its concerns about the adequacy of the proposed relief set forth in the Settlement Agreement. Specifically, the Court is unable to balance the proposed relief against the value of the Released Claims. That said, any concerns that the settling parties have undervalued the Class Members’ Released Claims are mitigated in part by the fact that the Settlement Agreement is the product of the adversarial process. See In re Dry Max Pampers Litig., 724 F.3d 713, 717–18 (6th Cir. 2013) (explaining that reliance on the adversary process extends “to the amount the defendant will pay, not the manner in which that amount is allocated between the class representatives, class
counsel, and unnamed class members.”) (emphasis in original). And the Court has already found that the proposed service awards, attorneys’ fees, and the claims structure appear reasonable. Accordingly, because the factors are in near equipoise, the Court ORDERS Plaintiffs to file a supplemental memorandum addressing the foregoing concerns about the fairness of the settlement. ii. Likelihood of Class Certification “To be certified, a class must satisfy all four of the Rule 23(a) prerequisites—numerosity, commonality, typicality, and adequate representation—and fall within one of the three types of class actions listed in Rule 23(b).” Young v. Nationwide Mut. Ins. Co., 693 F.3d 532, 537 (6th Cir. 2012); see also Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338, 345 (2011). Plaintiffs assert that all
four Rule 23(a) prerequisites are met and that this case falls within the third type of class action enumerated by Rule 23(b), which requires (1) “that the questions of law or fact common to class members predominate over any questions affecting only individual members” and (2) “that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed. R. Civ. P. 23(b)(3). [See also DE 30-1 at 256–62]. “A district court may certify a class only if it ‘is satisfied, after a rigorous analysis,’ that the requirements of Rule 23(a) and (b) ‘have been satisfied.’” Wayside Church, 103 F.4th at 1222 (quoting Gen. Telephone Co. of Sw. v. Falcon, 457 U.S. 147, 161 (1982)). “Moreover, some of those requirements ‘demand undiluted, even heightened, attention in the settlement context.’” Id. (quoting Amchem Prods., 521 U.S. at 620). But at this preliminary stage, rigorous analysis under Rule 23(a)–(b) is not necessary. See id. at 1222–23 (noting that “orders entered under Rule 23(e)(1) . . . often contain little or no analysis concerning the requirements of Rule 23(a) and (b)”). The question is simply whether “the court will likely be able to . . . certify the class for purposes of judgment on the proposal.” Fed. R. Civ. P. 23(e)(1)(B). This is part of the Court’s “preliminary
determination (as to certification of a class and approval of a proposed settlement).” Wayside Church, 103 F.4th at 1222; see also Fed. R. Civ. P. 23 advisory committee’s note to 2018 amendment (encouraging the simultaneous “preliminary approval” of both “the prospect of class certification” and “the proposed settlement”). Here, Plaintiffs ask the Court to certify the following proposed class: [a]ll living individuals residing in the United States whose Private Information may have been accessed during the Data Incident, including those individuals who were sent a notice by OnePoint that their Private Information may have been impacted in the Data Incident. [DE 30-2 ¶ 62]. 1. Numerosity While “there is no strict numerical test” for numerosity, Daffin, 458 F.3d at 552, a class comprised of “approximately 528,452 members” which Plaintiffs estimate in this case certainly suffices. [DE 30-1 at 242]. Compare with Afro Am. Patrolmen’s League v. Duck, 503 F.2d 294, 298 (6th Cir. 1974) (35 class members). 2. Commonality Commonality “requires ‘a common contention’ that, if resolved, would resolve claims of all class members ‘in one stroke.’” Strano II, 649 F. Supp. 3d at 554 (quoting Wal-Mart Stores, 564 U.S. at 350). “To be common, a question must (1) yield a common answer with common evidence and (2) meaningfully progress the lawsuit.” Speerly v. Gen. Motors, LLC, 143 F.4th 306, 316 (6th Cir. 2025). To meaningfully progress the lawsuit, a question must affect at least one disputed element of each of the class’s claims, which often overlaps “with the merits inquiry.” Speerly, 143 F.4th at 316–18. In this way, “not every question with a common answer meets” Rule 23(a)(2)’s commonality requirement. Id. at 316. Only those which “affect at least one” disputed “element” of the class’s claims suffice. Id. (citation modified). Moreover, “[t]he decisionmaker
must be able to resolve the question with ‘a yes-or-no answer for the class in one stroke.’” Id. at 316–317 (citation modified). “[T]he court must ‘walk through each cause of action, identify the relevant elements, and evaluate which elements, if any, submit to common answers.’” Id. at 317. Plaintiffs identify multiple questions which they contend are common among the class. [t]he common questions in this case include, inter alia, whether [OnePoint] was negligent in and whether express or implied contracts were breached due to OnePoint’s handling of Class Members data in the lead up to the Data Incident, whether the OnePoint utilized appropriate data security practices leading up to the Incident, and whether OnePoint provided notice to the Class in a timely manner. Though Plaintiffs fail to address which elements of their claims these common questions resolve, each cause of action in the Consolidated Complaint alleges that OnePoint “fail[ed] to adequately protect Plaintiffs’ and Class Members’ Private Information.” [DE 29 ¶ 180. See also id. ¶¶ 174, 186, 187, 199, 204 (containing substantially identical allegations)]. Commonality is likely met here because, as Plaintiffs observe, “the central question raised by the litigation is whether [OnePoint] took reasonable steps to protect the PII of Class Members.” [DE 30-1 at 257]. And because “this issue depends on the acts and omissions of [OnePoint], rather than facts particular to any one class member,” it presents a yes-or-no question common to the class which would meaningfully progress the lawsuit if resolved. [Id.]. Other courts have found this factor satisfied in similar data breach cases. See, e.g., In re Countrywide Fin. Corp. Customer Data Sec. Breach Litig., No. 3:08-MD-01998, 2009 WL 5184352, at *3 (W.D. Ky. Dec. 22, 2009) (finding “whether [defendant] acted negligently in collecting and storing Settlement Class Members’ Private Information” presented a common question of law or fact); In re Cinfed Fed. Credit Union Data Breach Litig., 2025 WL 1637686, at *6 (holding “whether Cinfed negligently secured their personal data” was a common question). Although the Court ultimately concludes that commonality is likely satisfied, the Court is mindful of the Sixth Circuit’s recent guidance that, to certify a class “[a] court may not simply ask
whether generalized questions yield a common answer.” Speerly, 143 F.4th at 318. Speerly’s requirement that a court “walk through each cause of action” and “identify the relevant elements” is particularly onerous in the context of certifying a nationwide class, as Plaintiffs seek in this case. Id. at 317.10 3. Typicality “A claim is typical if it arises from the same event or practice or course of conduct that gives rise to the claims of other class members, and if his or her claims are based on the same legal theory.” Beattie v. CenturyTel, Inc., 511 F.3d 554, 561 (6th Cir. 2007) (quotation marks omitted). As discussed above, Plaintiffs’ and the class members’ claims all arise from the same alleged acts
and omissions of OnePoint and seek relief related to the alleged Data Incident. Typicality is likely established. 4. Adequate Representation “There are two criteria for determining whether the representation of the class will be adequate: 1) The representative must have common interests with unnamed members of the class, and 2) it must appear that the representatives will vigorously prosecute the interests of the class through qualified counsel.” Senter v. Gen. Motors Corp., 532 F.2d 511, 524–25 (6th Cir. 1976).
10 Speerly was not decided until after Plaintiffs’ motion was filed. Thus, Plaintiffs have not addressed whether and to what extent Speerly changes the analysis under Fed. R. Civ. P. 23 (e)(1)(B)(ii). The Court has no reason at this time to doubt Plaintiffs or their counsel on either criterium. [See DE 30-1 at 259 (addressing criteria)]. 5. Predominance and Superiority Finally, Plaintiffs have established that the proposed class action likely satisfies the requirements of predominance and superiority under Rule 23(b)(3). “Predominance is satisfied if
the Class’s individual questions of law or fact ‘are sufficiently cohesive to warrant adjudication by representation.’” Strano II, 649 F. Supp. 3d at 555 (quoting Amchem Prods. v. Windsor, 521 U.S. 591, 623 (1997)). “The superiority requirement . . . is met if the class action is a better way than individual litigation to adjudicate a claim.” Calloway v. Caraco Pharm. Lab’ys, Ltd., 287 F.R.D. 402, 407 (E.D. Mich. 2012) (citing Daffin v. Ford Motor Co., 458 F.3d 549, 554 (6th Cir. 2006)). At this stage, the Court is satisfied that common questions related to the adequacy of OnePoint’s cyber security and its response to the Data Incident predominate and that class action litigation is superior in light of the size of the proposed class and the relatively small amount in dispute per class member. See In re Countrywide Fin. Corp. Customer Data Sec. Breach Litig., 2009 WL
5184352 at *6–7 (same). Accordingly, while it appears “that the court will likely be able to” approve the proposed settlement as “fair, reasonable, and adequate” and “certify the class for purposes of judgment on the proposal,” some questions remain after the Sixth Circuit’s recent decision in Speerly. Fed. R. Civ. P. 23(e)(1). The Court ORDERS Plaintiffs to file a supplemental memorandum addressing Speerly, including by identifying the elements of each cause of action. B. Notice to Putative Class Members Similarly, the Court is unable to approve the proposed notice at this time. “After preliminarily approving a settlement, the court must direct notice of the proposed settlement to all class members who would be bound by the proposal.” Strano II, 649 F. Supp. 3d at 560 (citing Fed. R. Civ. P. 23(e)(1)(B)). Here, because the putative class is a Rule 23(b)(3) class, “notice must be ‘the best notice practicable’ and include ‘individual notice to all members who can be identified through reasonable effort.’” Id. (quoting Fed. R. Civ. P. 23(c)(2)(B)). “To comport with the requirements of due process, notice must be ‘reasonably calculated to reach interested parties.’” Fidel v. Farley, 534 F.3d 508, 514 (6th Cir.2008) (quoting Karkoukli’s, Inc. v. Dohany, 409 F.3d
279, 283 (6th Cir.2005)). Additionally: The notice must clearly and concisely state in plain, easily understood language:
(i) the nature of the action; (ii) the definition of the class certified; (iii) the class claims, issues, or defenses; (iv) that a class member may enter an appearance through an attorney if the member so desires; (v) that the court will exclude from the class any member who requests exclusion; (vi) the time and manner for requesting exclusion; and (vii) the binding effect of a class judgment on members under Rule 23(c)(3).
Fed. R. Civ. P. 23(c)(2)(B). There are two deficiencies with Plaintiffs’ proposed notices. [See DE 30-2 at 305–319 (Exhibits 1 and 2)]. First, both the postcard notice and the long-form notice incorrectly define the Settlement Class as “all living individuals residing in the United States who were sent a notice by Defendant that their Private Information may have been impacted in the Data Incident,” [DE 30-2 at 307], which is narrower than the Settlement Class as defined in the Settlement Agreement. [Cf. id. at 311 (defining the class as “[a]ll living individuals residing in the United States whose Private Information may have been accessed during the Data Incident, including those individuals who were sent a notice by OnePoint that their Private Information may have been impacted in the Data Incident) (emphasis added); id. at ¶ 62 (same)]. Second, the notices do not “clearly and concisely state in plain, easily understood language . . . the class claims, issues, or defenses.” Fed. R. Civ. P. 23(c)(2)(B). Instead, the long-form notice merely directs Class Members to “Section XIII of the Settlement Agreement,” which “describes the Releases, Released Claims, and Released Parties, in necessary legal terminology.” [DE 30-2 at 314 (emphasis added)]. While the notices are clear that the Settlement relates to the Data Incident and that “[t]he Plaintiffs and Defendant do not agree about the legal claims made in this lawsuit,” there is no explanation of what the “legal claims” are,
or why the “Defendant denies [them].” [Id. at 312]. Next, the Notice Plan provides that the postcard notices will direct Class Members to the settlement website, which Plaintiffs represent “will post the Claim Form, the long-form notice, and key pleadings in the case, including the attorneys’ fee application once it is filed.” [DE 30-1 at 263]. In addition to these documents, the Court finds that providing “the best notice practicable” means the website should also include access to other important Court documents, including the Motion for Preliminary Approval [DE 30], this Order, and the Preliminary Approval Order, in the event the Plaintiffs’ motion is granted. See, e.g., Weidman v. Ford Motor Co., No. 18-CV-12719, 2022 WL 1658777, at *2 (E.D. Mich. May 25, 2022) (approving class notice procedure where
“[t]he case website . . . provide[d] class members access to Court documents and other important information about the case”). Providing access to these documents will necessarily address many of the items enumerated in Fed. R. Civ. P. 23(c)(2)(B). Otherwise, the Court finds that the proposed notices contain all the necessary information pursuant to Rule 23(c)(2)(B) and that the Notice Program provides the best notice practicable under the circumstances, for each member of the class. “The proposed notice program provides for direct mail postcard notice, with skip traces to be conducted and remailing to be attempted for any undeliverable notices returned.” [DE 30-1 at 263]. The postcard notices will be mailed to all members on the “Class List”—a list developed by OnePoint, comprised of “all individuals whose information may have been accessed in the Data Incident,” less those individuals who the parties have confirmed are deceased—in other words, all ascertainable members of the Class. [DE 30-2 at 283]. These postcard notices will direct Class Members to the settlement website containing important case documents. [DE 30-1 at 263]. Finally, “[t]he Settlement Administrator will also establish a toll-free number for class members to call with questions.” [/d.]. Taken together, this meets the requirements of Rule 23(c)(2)(B) and Rule 23(e)(1). See In re Ins. Brokerage Antitrust Litig., 297 F.R.D. 136, 151-52 (D.N.J. 2013) (finding notice complied with Rules 23(c)(2)(B) and 23(e)(1) where postcard included the essential information about the settlement and class and postcard was supplemented by a detailed notice that was mailed to those who requested it and published on the settlement website). Nevertheless, the proposed notices as presented are currently incomplete for the reasons discussed above. Therefore, in addition to the supplemental briefing ordered herein, the Court ORDERS Plaintiffs to submit revised versions of the long-form notice and postcard notice curing the deficiencies set forth above. V. CONCLUSION For all these reasons, and the Court being otherwise sufficiently advised, IT IS ORDERED that, within 30 days of the entry of this Order, Plaintiffs shall supplement their Motion [DE 30] with additional briefing regarding the fairness of the settlement, the likelihood of class certification, and with revised notices, consistent with this Opinion.
Cc: counsel of record 24