18 September 2024. U.S. District Judge Rodolfo Ruiz II issued a favorable order on the Motion to Dismiss (MTD) in the ongoing multidistrict litigation (MDL) involving NationsBenefits LLC and other companies affected by a significant data breach. The ruling, which addresses multiple common law and state consumer law claims, represents a pivotal moment for the plaintiffs, allowing the case to move forward towards class certification and, ultimately, justice for those impacted by the breach.
“We are pleased with Judge Ruiz’s recognition of the tremendous harm caused by the loss of PII,” said Sabita J. Soneji, co-lead counsel for the plaintiffs. “This decision underscores the critical importance of data privacy and the ongoing substantial risk individuals face when their personal information is compromised.”
Case Background
The January 2023 data breach involved the Russian “Clop ransomware gang” accessing NationsBenefits servers via the GoAnywhere managed file transfer system, provided by Fortra LLC. Over 3 million individuals’ personal information was stolen and sold on the dark web, prompting the consolidated class action complaint filed in March 2024.
Plaintiffs alleged that the breach was a result of Defendants’ negligent decision to leave the GoAnywhere MFT in its default settings and criticized NationsBenefits for delaying mitigation measures and notification of the breach. Despite the Defendants’ argument that the plaintiffs’ lacked standing to even bring these claims in federal court based on Defendants’ claim that the risk of harm when PII has been lost like this, Judge Ruiz recognized the concrete harm demonstrated by the plaintiffs. In his order, Judge Ruiz shut down Defendants’ arguments and found that Plaintiffs have standing for both jurisdictional purposes and for alleging real damages resulting from the breach.
Although most claims survived, the order did sustain Defendants’ motion to dismiss as to Plaintiffs’ breach of contract claims and a few state statutory claims.
Next Steps
With most claims still standing, including negligence and various state consumer protection law claims, the litigation will move quickly into discovery so that Plaintiffs can get more information to support their claims.
About the Legal Representation
The plaintiffs are represented by a distinguished team of attorneys, including Partner Sabita J. Soneji of Tycko & Zavareei LLP, Chair of TZ’s Privacy and Data Breach Practice Group. Ms. Soneji was appointed as co-lead counsel in the MDL.
The case is In re: Fortra File Transfer Software Data Security Breach Litigation, Case No. 1:24-md-03090, in the U.S. District Court for the Southern District of Florida.