Riordan v. Western Digital Corporation

CourtDistrict Court, N.D. California
DecidedJune 7, 2022
Docket5:21-cv-06074
StatusUnknown

This text of Riordan v. Western Digital Corporation (Riordan v. Western Digital Corporation) is published on Counsel Stack Legal Research, covering District Court, N.D. California primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook
Riordan v. Western Digital Corporation, (N.D. Cal. 2022).

Opinion

1 2 3 4 UNITED STATES DISTRICT COURT 5 NORTHERN DISTRICT OF CALIFORNIA 6 SAN JOSE DIVISION 7 8 KEVIN RIORDAN, et al., Case No. 5:21-cv-06074-EJD

9 Plaintiffs, ORDER GRANTING MOTION TO DISMISS 10 v.

11 WESTERN DIGITAL CORPORATION, Re: Dkt. No. 22 Defendant. 12

13 Plaintiffs Kevin Riordan, Ashley Laurent, Jeremy Bobo, and Nagui Sorial bring claims for 14 injunctive and monetary relief for harm arising out of a data breach. See Plaintiffs’ Complaint for 15 Damages, Injunctive and Equitable Relief (“Compl.”), Dkt. No. 1. Defendant Western Digital 16 Corporation moves to dismiss Plaintiffs’ Complaint. See Defendant Western Digital 17 Corporation’s Motion to Dismiss Plaintiffs’ Complaint (“Mot.”), Dkt. No. 22. On October 21, 18 2021, Plaintiffs filed an opposition, to which Defendant filed a reply. See Plaintiffs’ Opposition to 19 Defendant’s Motion to Dismiss Plaintiffs’ Complaint (“Opp.”), Dkt. No. 24; Defendant’s Reply in 20 Support of Motion to Dismiss Plaintiffs’ Complaint (“Reply”), Dkt. No. 25. Having considered 21 the record in this case, the Parties’ papers, and the relevant law, the Court GRANTS Defendant’s 22 motion to dismiss.1 23 I. BACKGROUND 24 Defendant Western Digital is a leading global and data storage brand that offers 25 technologies, devices, systems, and solutions to businesses and consumers. Compl. ¶ 46. On June 26

27 1 On May 27, 2022, the Court found this motion appropriate for decision without oral argument pursuant to Civil Local Rule 7-1(b). See Dkt. No. 33. 1 23, 2021, Defendant announced that two of its legacy Internet-connected hard drives, My Book 2 Live and My Book Live Duo (the “Covered Products”), had been attacked by third-party hackers. 3 Compl. ¶ 58. The hackers accessed the Covered Products through vulnerabilities that allowed 4 them to execute malicious code in the storage devices’ operating systems and initiate a factory 5 reset. Compl. ¶ 59. Through the factory reset, the hackers remotely erased data stored on certain 6 Covered Products. Compl. ¶ 4. Specifically, Plaintiffs allege that the Covered Products had 7 “multiple security flaws present in their software from their creation that allowed remote hackers 8 to remove customer data thereon and perform a ‘factory reset’ of the devices without the 9 customers’ login information.” Compl. ¶ 8. 10 Plaintiffs purchased the Covered Products “in reliance on [Defendant’s] representation that 11 [the products] were secure, and that [Defendant] was committed to safely preserving their data.” 12 Compl. ¶ 8. As a result of Defendant’s failure to meet this expectation, Plaintiffs contend that 13 they have “suffered damages, including but not limited to years-worth of lost sensitive, intimate, 14 and valuable personal, commercial and/or proprietary information (the ‘Stored Data’).” Compl. 15 ¶ 5. The nature of the Stored Data ranges from “important financial information to priceless 16 personal items such as family photos of vacations, childbirths, graduations and holidays.” Compl. 17 ¶ 5. Plaintiffs allege that they stored massive amounts of data on the Covered Products, all of 18 which has been deleted. In many instances, Plaintiffs “kept little or no inventory of what 19 information was stored on their Covered Products, meaning that the full extent of their loss may 20 never be fully known.” Compl. ¶ 7. Plaintiffs worry that their private information is being used 21 by cyber criminals. Compl. ¶ 94. 22 The My Book Live and My Book Live Duo devices were manufactured by Western Digital 23 in the early 2010s. However, the Covered Products have not been supported by Western Digital 24 since 2015. Compl. ¶ 68. Following the attack, Defendant offered affected users access to a free 25 data recovery service program and the option to trade in impacted devices for upgraded products. 26 Compl. ¶ 62. Affected users were instructed to contact Western Digital’s support center by July 27 31, 2021, to participate in these programs. Compl. ¶ 62. Plaintiffs do not allege that they 1 participated in the data recovery or trade-in programs that Defendant offered. However, Plaintiffs 2 do allege that “such data recovery operations traditionally have mixed rates of success.” Compl. 3 ¶ 63. Plaintiffs speculate that even if “some data might be recovered,” “it is highly probable that a 4 significant portion . . . would be gone forever” or “corrupted.” Compl. ¶ 63. 5 Plaintiffs argue that Defendant had a “duty to design and provide products that would not 6 jeopardize [Plaintiffs’] Stored Data” and that Defendant “breached this duty by allowing known 7 issues and/or vulnerabilities with the products to remain without any remedy or notification— 8 issues and abilities that were ultimately used by cyber-criminals to access and/or delete massive 9 volumes of Class Member data.” Compl. ¶ 8. Based on these allegations, Plaintiffs bring claims 10 for: (1) violation of the Song-Beverly Consumer Warranty Act (the “SBA”), Cal. Civ. Code 11 § 1792, et seq.; (2) violation of the Magnuson-Moss Warranty Act (the “MMWA”), 15 U.S.C. 12 § 2301, et seq.; (3) negligence/failure to warn; (4) breach of the covenant of good faith and fair 13 dealing; (5) unfair business practices (“UCL”), Cal. Bus. & Prof. Code § 17200, et seq.; and (6) 14 unjust enrichment. Defendant argues that Plaintiffs’ claims must be dismissed under either 15 Federal Rule of Civil Procedure 12(b)(1) or Federal Rule of Civil Procedure 12(b)(6). 16 II. LEGAL STANDARD 17 A motion to dismiss under Rule 12(b)(1) is a challenge to the court’s subject matter 18 jurisdiction. The party mounting a Rule 12(b)(1) challenge may bring a facial challenge and show 19 that the on the face of the pleadings, the court lacks jurisdiction, or may present extrinsic evidence 20 for the Court’s consideration. See White v. Lee, 227 F.3d 1214, 1242 (9th Cir. 2000) (“Rule 21 12(b)(1) jurisdictional attacks can be either facial or factual”). “In a facial attack, the challenger 22 asserts that the allegations contained in a complaint are insufficient on their face to invoke federal 23 jurisdiction.” Safe Air for Everyone v. Meyer, 373 F.3d 1035, 1039 (9th Cir. 2004). 24 In ruling on a Rule 12(b)(1) motion attacking the complaint on its face, the Court accepts 25 the allegations of the complaint as true. See, e.g., Wolfe v. Strankman, 392 F.3d 358, 362 (9th Cir. 26 2004). “By contrast, in a factual attack, the challenger disputes the truth of the allegations that, by 27 themselves, would otherwise invoke federal jurisdiction.” Safe Air, 373 F.3d at 1039. 1 “With a factual Rule 12(b)(1) attack . . . a court may look beyond the complaint to matters 2 of public record without having to convert the motion into one for summary judgment. It also 3 need not presume the truthfulness of the plaintiff[’s] allegations.” White, 227 F.3d at 1242 4 (internal citation omitted); see also Thornhill Pub. Co., Inc. v. Gen. Tel. & Elecs. Corp., 594 F.2d 5 730, 733 (9th Cir. 1979) (“Where the jurisdictional issue is separable from the merits of the case, 6 the judge may consider the evidence presented with respect to the jurisdictional issue and rule on 7 that issue, resolving factual disputes if necessary . . .

Free access — add to your briefcase to read the full text and ask questions with AI

Related

Warth v. Seldin
422 U.S. 490 (Supreme Court, 1975)
Lujan v. Defenders of Wildlife
504 U.S. 555 (Supreme Court, 1992)
Kokkonen v. Guardian Life Insurance Co. of America
511 U.S. 375 (Supreme Court, 1994)
Krottner v. Starbucks Corp.
628 F.3d 1139 (Ninth Circuit, 2010)
Richard Augustine v. United States
704 F.2d 1074 (Ninth Circuit, 1983)
Frank v. Gaos
586 U.S. 485 (Supreme Court, 2019)
TransUnion LLC v. Ramirez
594 U.S. 413 (Supreme Court, 2021)
White v. Lee
227 F.3d 1214 (Ninth Circuit, 2000)
Safe Air for Everyone v. Meyer
373 F.3d 1035 (Ninth Circuit, 2004)
Wolfe v. Strankman
392 F.3d 358 (Ninth Circuit, 2004)
In re Linkedin User Privacy Litigation
932 F. Supp. 2d 1089 (N.D. California, 2013)

Cite This Page — Counsel Stack

Bluebook (online)
Riordan v. Western Digital Corporation, Counsel Stack Legal Research, https://law.counselstack.com/opinion/riordan-v-western-digital-corporation-cand-2022.