Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
<b><i>Online Extra:</b></i> Lyft Blasts Uber for 'Witch Hunt' Over Data Breach
Uber Technologies Inc.'s push to hold someone accountable for a 2014 data breach has focused heavily on an unnamed Lyft Inc. employee. Now Lyft is saying its market-leading rival has gone too far, launching a discovery effort that amounts to a “witch hunt.”
Lyft on Feb. 18 filed a motion for a protective order that would prevent Uber from learning more about a Lyft employee, who is not named in court papers but who has previously been named in the press as a high-ranking executive. Lawyers for Lyft said that Uber has ulterior motives in its numerous subpoenas for information that it filed to try to beat back a lawsuit by a driver who says he was a victim of the data breach.
“Uber is abusing this court's discovery power to harass a third party, X, and to uncover internal, confidential, trade-secret information about Lyft ' X's employer and Uber's chief competitor,” wrote Lyft's lawyers at Keker & Van Nest, entering their first appearance in the driver's lawsuit, in which the company is neither plaintiff or defendant. “The court must put a stop to Uber's unbounded discovery campaign, which now includes at least 11 third-party subpoenas targeting information from X and Lyft.”
Keker & Van Nest partner Rachael Meny, who signed the brief, did not return a phone call seeking comment. Gibson, Dunn & Crutcher partner Michael Li-Ming Wong, who defends Uber in the suit by the driver, declined to comment.
A Lyft spokesperson provided the following statement: “There is no evidence that any Lyft employee downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach.”'
The unnamed Lyft employee is the subject of the discovery even though Lyft is not a party to the litigation because Uber is attempting to find out the identity of those responsible for the 2014 breach that affected the information of up to 50,000 Uber drivers. Uber filed suit in federal court in San Francisco against a John Doe defendant, seeking to find the identity of anyone involved. A Reuters report in October said Uber identified its primary suspect as Lyft's chief technology officer, Chris Lambert. Lyft's attorneys only refer to the targeted worker as “employee X.”
Lyft says the broad-ranging, burdensome discovery” includes inspection of the employee's electronic devices, Google searches and communication between the employee and Lyft. U.S. Magistrate Judge Laurel Beeler approved the subpoenas in December, saying that “the 'breadth' of material they ask for, the 'time period' they cover, and the 'particularity' with which they describe the target material ' are, for the most part, appropriately limited to information related to the data breach that underlies the plaintiff's case.”
The active discovery efforts come even after Beeler dismissed the former driver's suit, with leave to amend. In March, 2015, Sasha Antman, sued the company, claiming the breach allowed someone to fraudulently take out a credit card in his name. Uber's lawyers at Gibson Dunn argued that it was impossible to put the blame on Uber, as only names and driver's license numbers were compromised in the data breach. Beeler agreed, saying that, “without a hack of information such as Social Security numbers, account numbers, or credit card numbers, there is no obvious, credible risk of identity theft that risks real, immediate injury.”
Beeler said Antman could amend his complaint, but Uber moved to delay the litigation, rare for a defendant in a case.
Keker & Van Nest attorneys called the tactic suspicious.
“Lyft has not found a single reported case in which a defendant has won a motion to dismiss and then proceeded to stall dismissal of the case to conduct its own discovery,” the Keker lawyers wrote. “Clearly, Uber saw an opportunity to exploit this case for its own purposes and proceeded to do so.”
In asking Beeler to rein in the discovery, Keker's Meny blasted Uber.
“Uber is using this case, this plaintiff and this court's subpoena power to conduct its own witch-hunt, to distract attention from its long and storied history of data breaches, to harass X, and to dig into its competitor's internal, confidential and trade-secret information,” Meny wrote. “Enough is enough.”
A hearing is set for March 24.
'
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.