<b><i>Online Extra:</b></i> Lyft Blasts Uber for 'Witch Hunt' Over Data Breach

Keker & Van Nest partner Rachael Meny, who signed the brief, did not return a phone call seeking comment. Gibson, Dunn & Crutcher partner Michael Li-Ming Wong, who defends Uber in the suit by the driver, declined to comment.

A Lyft spokesperson provided the following statement: “There is no evidence that any Lyft employee downloaded the Uber driver information or database, or had anything to do with Uber's May 2014 data breach.”'

The unnamed Lyft employee is the subject of the discovery even though Lyft is not a party to the litigation because Uber is attempting to find out the identity of those responsible for the 2014 breach that affected the information of up to 50,000 Uber drivers. Uber filed suit in federal court in San Francisco against a John Doe defendant, seeking to find the identity of anyone involved. A Reuters report in October said Uber identified its primary suspect as Lyft's chief technology officer, Chris Lambert. Lyft's attorneys only refer to the targeted worker as “employee X.”

Lyft says the broad-ranging, burdensome discovery” includes inspection of the employee's electronic devices, Google searches and communication between the employee and Lyft. U.S. Magistrate Judge Laurel Beeler approved the subpoenas in December, saying that “the 'breadth' of material they ask for, the 'time period' they cover, and the 'particularity' with which they describe the target material ' are, for the most part, appropriately limited to information related to the data breach that underlies the plaintiff's case.”

The active discovery efforts come even after Beeler dismissed the former driver's suit, with leave to amend. In March, 2015, Sasha Antman, sued the company, claiming the breach allowed someone to fraudulently take out a credit card in his name. Uber's lawyers at Gibson Dunn argued that it was impossible to put the blame on Uber, as only names and driver's license numbers were compromised in the data breach. Beeler agreed, saying that, “without a hack of information such as Social Security numbers, account numbers, or credit card numbers, there is no obvious, credible risk of identity theft that risks real, immediate injury.”

Beeler said Antman could amend his complaint, but Uber moved to delay the litigation, rare for a defendant in a case.

Keker & Van Nest attorneys called the tactic suspicious.

“Lyft has not found a single reported case in which a defendant has won a motion to dismiss and then proceeded to stall dismissal of the case to conduct its own discovery,” the Keker lawyers wrote. “Clearly, Uber saw an opportunity to exploit this case for its own purposes and proceeded to do so.”

In asking Beeler to rein in the discovery, Keker's Meny blasted Uber.

“Uber is using this case, this plaintiff and this court's subpoena power to conduct its own witch-hunt, to distract attention from its long and storied history of data breaches, to harass X, and to dig into its competitor's internal, confidential and trade-secret information,” Meny wrote. “Enough is enough.”

A hearing is set for March 24.

David Ruiz is a Reporter for The Recorder, the San Francisco-based ALM sibling of e-Commerce Law & Strategy. He can be reached at'[email protected].

'