Consumer Electronics Daily was a Warren News publication.
'Ignored Panel's Order'

Plaintiff Opposes Defendant's Motion to Vacate CTO in MOVEit MDL

Matthew Gorman’s class action against Sovos Compliance should remain in the In re MOVEit Customer Data Security Breach Litigation multidistrict litigation (MDL), said the plaintiff’s interested party response (docket 3083) Thursday to Sovos’ motion to vacate conditional transfer order 15 (CTO-15) before the U.S. Judicial Panel on Multidistrict Litigation. Midland States Bank, a defendant in Gorman’s action, filed notice in support of Sovos’ motion the same day.

Gorman filed his class action (docket 3:23-cv-50397) related to Progress Software Corp.’s (PSC) May MOVEit file transfer software data breach on Nov. 2 vs. Sovos, PSC and Midland States Bank in U.S. District Court for Northern Illinois. His counsel then notified the JPML Gorman’s case was a suitable candidate for transfer to the MDL, said Gorman’s response.

On Nov. 13, U.S. District Judge Angel Kelley for Massachusetts in Boston granted a motion to consolidate two other cases against Sovos involving the MOVEit breach, Stadnik v. Sovos and Yenca v. Sovos in the Massachusetts district court where the MDL has been centralized. On Nov. 16, the panel finalized CTO-15 with no objection, transferring the Gorman action against Sovos, and one against Valley National Bank, to the MDL, said Gorman’s response.

On Nov. 28, two days before the first MDL status conference before U.S. Judge Allison Burroughs, who’s presiding over the MDL in U.S. District Court for Massachusetts, Sovos entered mediation with the Stadnik and Yenca plaintiffs, “where they apparently made ‘progress’ towards settlement,” before reaching an agreement in principle to “resolve the claims of approximately 490,000 class members” on Nov. 30, said Gorman’s response. On Dec. 4, Sovos objected to the Gorman action being transferred to the MDL and asked the panel to vacate CTO-15 (see 2312050066). On Dec. 8, Stadnick and Yenca plaintiffs moved Kelley to grant preliminary approval of the proposed class action settlement.

The JPML determined that “the most efficient means of addressing the myriad overlapping class actions” arising from the MOVEit data breach “is to send them to a single judge for coordinated proceedings,” said Gorman’s response. But Sovos “ignored” the panel’s order, “engaged in third-party mediation outside the supervision of Judge Burroughs, and now asks the Panel to validate its actions by vacating its prior transfer order because it wants a different judge to evaluate whether its proposed settlement of a MOVEit case should be approved,” it said.

It would be “inefficient” for two judges in the same district “to evaluate potentially conflicting settlements arising from the same MOVEit breach,” said Gorman’s response. The panel previously recognized that various actions “reflect an ‘interconnectedness among defendants’ with some defendants potentially wanting to bring third-party claims against other defendants, and it would be impossible for Judge Kelley to fully appreciate how approving Sovos’ proposed settlement will affect the rights of other plaintiffs and defendants involved in the MDL,” Gorman’s response said. Burroughs “is much better situated to consider whether Sovos’ proposed settlement is fair, adequate, and reasonable and satisfies the other requirements" of Federal Rule of Civil Procedure 23 related to class actions, it said.

The Gorman, Stadnik and Yenca actions involve one or more common questions of fact and common legal theories as the In re MOVEit Customer Data Security Breach Litigation, said Gorman’s response. The three cases involve an alleged vulnerability in the MOVEit file transfer software application, a “massive security breach” that “adversely impacted tens-of-millions of consumers and patients nationwide,” it said.

Gorman v. Sovos “should remain in the MDL and ultimately be joined by the Stadnik and Yenca actions so that the motion for preliminary approval of a settlement regarding the same facts as the MDL can be heard by Judge Burroughs,” the response said. The panel should deny Sovos’ motion to vacate CTO-15, it said.

In its response in support of Sovos’ motion to vacate CTO-15, Midland, a Sovos customer, said it is a named defendant only in Gorman’s action, not in any other lawsuit involving the MOVEit data breach. Midland is “explicitly included in the terms of the preliminary settlement agreement as a customer of Sovos,” the company said. Under terms of the agreement and unopposed motion for preliminary approval of class action settlement filed in the consolidated action, claims against both Sovos and Midland in Gorman’s action “will be settled in the near term as part of a resolution of the Sovos Consolidated Action,” it said. In the interest of judicial economy and efficiency, the panel should vacate CTO-15, said Midland’s response.

PSC, meanwhile, said in its Dec. 22 response to Sovos’ motion to vacate that Sovos’ situation “is not unique and does not change the Panel’s reasoning in authorizing centralization,” it said. Burroughs and the parties in the MDL “intend to create an early resolution settlement track” for defendants like Sovos that wish to proceed with early resolution, said the response. “Alternatively, once transferred to the MDL, Sovos can request that Judge Burroughs sever and remand its claims in the Gorman Action and permit the claims against Progress to proceed in the MDL,” it said.

The panel’s reasoning in centralizing cases into an MDL “does not leave room to exempt those cases where a defendant wishes to pursue early resolution outside of the MDL,” said PSC’s response. “Rather, the Panel’s rationale applies with full force to such cases, as there is almost certainly a cross-section of cases that will also seek early resolution,” it said. That is especially true where PSC is a named party in an action and “exclusion will force Progress to be burdened with separately defending the action outside of the MDL,” it said.