IN RE: AT&T INC. CUSTOMER DATA SECURITY BREACH LITIGATION (2024)

TRANSFER ORDER

Before the Panel:* Plaintiff in one action (Petroski) moves under 28 U.S.C. § 1407 to centralize this litigation in the Northern District of Texas. This litigation consists of twelve putative class actions pending in two districts, the Northern District of Texas and the Western District of Oklahoma, as listed on Schedule A. Since the filing of the motion, all actions in the Northern District of Texas have been consolidated for all purposes. The Panel has been notified of eighteen overlapping putative class actions in seven other districts – the Northern District of California, Eastern District of California, Southern District of California, Northern District of Georgia, Northern District of Illinois, Western District of Missouri, and Eastern District of Texas.¹

Plaintiffs in all actions and defendants AT&T Inc. and AT&T Mobility unanimously support centralization, with the disagreement limited to the appropriate transferee district. Plaintiffs in eighteen actions and defendants request the Northern District of Texas. Plaintiffs in five actions request the Northern District of Georgia. Plaintiffs in two actions request the Western District of Oklahoma. Plaintiffs in two actions request the Eastern District of Texas and plaintiff in one action requests the Northern District of Illinois.

On the basis of the papers filed and the hearing session held, we find that these actions involve common questions of fact, and that centralization in the Northern District of Texas will serve the convenience of the parties and witnesses and promote the just and efficient conduct of this litigation. These putative class actions present common factual questions concerning an alleged data security breach announced by AT&T in March 2024 concerning the personal information of over 70 million former and current AT&T customers released on the dark web.² The common factual questions include how and when the breach occurred, AT&T's data security practices with respect to safeguarding personal information, the investigation into the breach, the alleged delay in disclosing the breach, and the nature of any alleged damages. Centralization will eliminate duplicative discovery; prevent inconsistent pretrial rulings, including with respect to class certification and expert witness issues; and conserve the resources of the parties, their counsel, and the judiciary.

We conclude that the Northern District of Texas is an appropriate transferee district. Defendant AT&T Inc. has its headquarters in Dallas, Texas, where common witnesses and other evidence likely will be found. Most of the related actions are pending there, and defendants and many plaintiffs support this district as their first or second choice for the transferee venue. We assign this litigation to the Honorable Ada E. Brown, a skilled jurist with the willingness and ability to manage this litigation, who has not yet had the opportunity to preside over an MDL. We are confident she will steer this matter on a prudent course.

IT IS THEREFORE ORDERED that the actions listed on Schedule A and pending outside the Northern District of Texas are transferred to the Northern District of Texas and, with the consent of that court, assigned to the Honorable Ada E. Brown for coordinated or consolidated pretrial proceedings.

PANEL ON MULTIDISTRICT LITIGATION

Karen K. Caldwell Chair

Nathaniel M. Gorton

Dale A. Kimball

Matthew F. Kennelly

Madeline Cox Arleo

IN RE: AT&T INC. CUSTOMER DATA SECURITY BREACH LITIGATION

MDL No. 3114

SCHEDULE A

Western District of Oklahoma

KNIGHT, ET AL. v. AT&T, INC., C.A. No. 5:24−00324

Northern District of Texas

PETROSKI v. AT&T, INC., C.A. No. 3:24−00757

MARCH v. AT&T, INC., C.A. No. 3:24−00758

NELLI v. AT&T, INC., C.A. No. 3:24−00759

MONTOYA v. AT&T, INC., C.A. No. 3:24−00760

JARAMILLO v. AT&T, INC., C.A. No. 3:24−00761

BARKLEY v. AT&T, INC., C.A. No. 3:24−00769

BAGLEY v. AT&T, INC., C.A. No. 3:24−00770

CUMO, ET AL. v. AT&T, INC., C.A. No. 3:24−00772

SLOVENKAY, ET AL. v. AT&T, INC., C.A. No. 3:24−00774

DEAN v. AT&T, INC, C.A. No. 3:24−00776

COLLIER v. AT&T, INC., C.A. No. 3:24−00782

FOOTNOTES

FOOTNOTE.   Judge David C. Norton and Judge Roger T. Benitez did not participate in the decision of this matter. One or more Panel members who could be members of the putative classes in this litigation have renounced their participation in the classes and have participated in this decision.

1.   These and any other related actions are potential tag-along actions. See Panel Rules 1.1(h), 7.1, and 7.2.

2.   The personal information allegedly compromised by the breach includes customer names, email addresses, mailing addresses, phone numbers, social security numbers, dates of birth, AT&T account numbers, and passcodes.