United States District Court, D. Oregon
IN RE PREMERA BLUE CROSS CUSTOMER DATA SECURITY BREACH LITIGATION This Document Relates to All Actions.
Stephens, Christopher I. Brain, and Jason T. Dennett, Tousley
Brain Stephens PLLC, Keith S. Dubanevich, Steve D. Larson,
and Yoona Park, Stoll Stoll Berne Lokting & Shlachter PC,
OR Tina Wolfson, Ahdoot and Wolfson PC, James Pizzirusso,
Hausfeld LLP, and Karen Hanson Riebel and Kate M.
Baxter-Kauf, Lockridge Grindal Nauen PLLP, Of Attorneys for
G. Karlsgodt, BakerHostetler LLP, James A. Sherer,
BakerHostetler LLP, Daniel R. Warren and David A Carney,
BakerHostetler LLP, and Darin M. Sands, Lane Powell PC, Of
Attorneys for Defendant.
OPINION AND ORDER
MICHAEL H. SIMON, DISTRICT JUDGE
bring this putative class action against Defendant Premera
Blue Cross (“Premera”), a healthcare benefits
servicer and provider. On March 17, 2015, Premera publicly
disclosed that its computer network had been breached.
Plaintiffs allege that this breach compromised the
confidential information of approximately 11 million current
and former members, affiliated members, and employees of
Premera. The compromised confidential information includes
names, dates of birth, Social Security Numbers, member
identification numbers, mailing addresses, telephone numbers,
email addresses, medical claims information, financial
information, and other protected health information
(collectively, “Sensitive Information”).
According to Plaintiffs, the breach began in May 2014 and
went undetected for nearly a year. Plaintiffs allege that
after discovering the breach, Premera unreasonably delayed in
notifying all affected individuals. Based on these
allegations, among others, Plaintiffs bring various state
common law claims and state statutory claims.
the Court is Plaintiffs' motion for sanctions. Plaintiffs
request sanctions for Premera's alleged discovery
misconduct in destroying a computer and data loss prevention
(“DLP”) logs allegedly containing information
that could have shown that the hackers exfiltrated the
Sensitive Information of the putative class members.
Plaintiffs request an order: (1) instructing the jury to
presume that exfiltration of Sensitive Information occurred;
(2) precluding Premera's expert consulting firm Mandiant
or any other expert working for Premera from offering any
testimony that the expert found no evidence of data
exfiltration; and (3) precluding Premera from introducing
evidence about the spoliated evidence. For the reasons
discussed below, Plaintiffs' motion is granted in part
and denied in part.
37(e) of the Federal Rules of Civil Procedure allows for
sanctions for failure to preserve electronically stored
information (“ESI”). This rule provides:
If electronically stored information that should have been
preserved in the anticipation or conduct of litigation is
lost because a party failed to take reasonable steps to
preserve it, and it cannot be restored or replaced through
additional discovery, the court:
(1) upon finding prejudice to another party from loss of the
information, may order measures no greater than necessary to
cure the prejudice; or
(2) only upon finding that the party acted with the intent to
deprive another party of the information's use in the
(A) presume that the lost information was unfavorable to the
(B) instruct the jury that it may or must presume the
information was unfavorable to the party; or
(C) dismiss the action or enter a default ...