8:21-cv-00070-RFR-CRZ Doc # 21 Filed: 09/01/21 Page 1 of 3 - Page ID # 250
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEBRASKA
JOHN CHACON and LEONARD BRADLEY, CASE NO. 8:21-cv-00070-RFR-CRZ individually and on behalf of all others similarly
situated,
Plaintiffs,
v.
NEBRASKA MEDICINE,
Defendant.
PLAINTIFFS’ MOTION FOR FINAL APPROVAL OF CLASS ACTION SETTLEMENT
Plaintiffs John Chacon and Leonard Bradley, individually and on behalf of others similarly
situated (“Plaintiffs”), hereby move for final approval of the class action settlement preliminarily
approved by this Court on June 4, 2021. Plaintiffs respectfully request this Court:
a. Grant final certification of the Settlement Classes, appoint Plaintiffs John Chacon and Leonard Bradley Class Representatives and appoint counsel Gary M. Klinger and David K.
Lietz of Mason Lietz & Klinger LLP as Class Counsel;
b. Approve the requested attorneys’ fees and costs in the amount of $195,000 (and
Plaintiffs’ requested service awards in the amount of $2,000 to each of the named Plaintiffs;
c. Find that the Notice met the requirements of due process and Federal Rule of Civil
Procedure 23; 8:21-cv-00070-RFR-CRZ Doc # 21 Filed: 09/01/21 Page 2 of 3 - Page ID # 251
d. Find that the terms of the Settlement Agreement fair, reasonable, and adequate and
approved, adopted, and incorporated by the Court;
e. Direct the Parties, their respective attorneys, and the Claims Administrator to
consummate the Settlement in accordance with the Court Order and the terms of the Settlement
Agreement.
f. Resolve all claims against all parties in this Action and issue the Proposed Final
Approval Order filed herewith.
This Motion is based on: the Memorandum filed herewith; the Declaration of Brian
Smitheman of Kroll Administration LLC in Support of Final Approval filed herewith; the
Declaration of David K. Lietz in Support of Plaintiffs’ Motion for Final Approval of Class Action
Settlement filed herewith; the Settlement Agreement entered into between the parties as well as the Notices issued to the Class at Doc. 17-2; Plaintiffs’ Motion for Preliminary Approval of Class
Action Settlement and accompanying documents at Doc. Nos. 17; and Plaintiffs’ Motion for
Approval of Attorneys’ Fees, Costs, and Service Awards and accompanying documents at Doc.
Nos. 20; all other pleadings and papers on file in this action; and any oral argument that may be
heard by this Court,
Dated: September 1, 2021 Respectfully submitted,
/s/ David K. Lietz David K. Lietz MASON LIETZ & KLINGER LLP 5101 Wisconsin Avenue NW, Suite 305 Washington, D.C. 20016 Phone: (202) 429-2290 Fax: (202) 429-2294 [email protected]
2 8:21-cv-00070-RFR-CRZ Doc # 21 Filed: 09/01/21 Page 3 of 3 - Page ID # 252
Gary M. Klinger MASON LIETZ & KLINGER LLP 227 W. Monroe Street, Suite 2100 Chicago, IL 60606 Phone: (202) 429-2290 Fax: (202) 429-2294 [email protected]
Attorneys for Plaintiffs and the Class
CERTIFICATE OF SERVICE
The undersigned hereby certifies that on September 1, 2021, the foregoing document was filed via the Court’s ECF system, which will cause a true and correct copy of the same to be served electronically on all ECF-registered counsel of record.
/s/ David K. Lietz David K. Lietz
Counsel for Plaintiffs and the Proposed Class
3 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 1 of 32 - Page ID # 253
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEBRASKA
JOHN CHACON and LEONARD BRADLEY, CASE NO. 8:21-cv-00070-RFR-CRZ individually and on behalf of all others similarly situated, Plaintiffs, v.
NEBRASKA MEDICINE,
Defendant.
PLAINTIFFS’ MEMORANDUM IN SUPPORT OF MOTION FOR FINAL APPROVAL OF CLASS ACTION SETTLEMENT
8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 2 of 32 - Page ID # 254
TABLE OF CONTENTS
I. INTRODUCTION ...... 1
II. CASE SUMMARY ...... 2
A. The Data Breach ...... 2
B. Plaintiffs’ Complaint ...... 3
C. History of Negotiations ...... 4
D. The Settlement Agreement ...... 4
1. Expense and Time Reimbursement ...... 5
2. Credit Monitoring and Identity Theft Restoration ...... 7
3. Equitable and Prospective Relief ...... 7
4. Release ...... 8
E. The Notice and Claims Process ...... 8
1. CAFA Notice ...... 8
2. Class Notice ...... 9
3. Settlement Website and Toll-Free Number ...... 10
4. Class Response...... 10
III. LEGAL STANDARD ...... 11
IV. LEGAL ARGUMENT ...... 11
A. The Individual Direct Notice Provided to Settlement Class Members is the Best Practicable and Should be Approved...... 11
B. The Settlement Terms are Fair, Reasonable, and Adequate...... 13
1. The Settlement Meets the Requirements of Rule 23...... 14
a. Class Representatives and Counsel have Adequately Represented the Class...... 14 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 3 of 32 - Page ID # 255
b. The Settlement is the product of good-faith arms’ length negotiations, and is absent of any collusion...... 15
c. The Settlement Agreement provides substantial relief to the Settlement Class, particularly in light of the uncertainty of prevailing on the merits...... 16
i. The costs, risks, and delay of trial and appeal weigh in favor of approval ...... 19
ii. The effectiveness of the proposed method of distributing relief to the class, including the method of processing class-member claims weigh in favor of approval ...... 20
iii. The terms of any proposed award of attorney’s fees, including timing of payment lends support to approval ...... 21
iv. There are no additional agreements required to be identified under Rule 23(e)(3) ...... 22
d. The proposed Settlement treats Settlement Class Members equitably...... 22
2. Other factors considered by Eighth Circuit Courts weigh in favor of preliminary approval...... 23
V. CONCLUSION ...... 24
ii 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 4 of 32 - Page ID # 256
TABLE OF AUTHORITIES
CASES PAGE(S):
Baksh et al. v. Ivy Rehab Network, Inc. No. 7:20-CV-01845 (S.D.N.Y.) ...... 17
Bassett v. Credit Management Services, Inc., No. 8:17cv69, 2019 WL 4262019 (D. Ne. Aug. 6, 2019) ...... 13, 14
Bezdek v. Vibram USA, Inc., 809 F.3d 78, 84 (1st Cir. 2015) ...... 19
Caligiuri v. Symantec Corp., 855 F.3d at 865–66 (8th Cir. 2017)...... 21
Christina A. ex rel. Jennifer A. v. Bloomberg, 315 F.3d at 992 (8th Cir. 2003) ...... 13
Coleman et al. v. Boys Town Nat’l Rsch. Hosp., No. D01CI180008162 (District Court of Douglas County, Neb.) ...... 17
Eisen v. Carlisle & Jaquelin, 417 U.S. 156, 172-177 (1974) ...... 12
Grunin v. International House of Pancakes, 513 F. 2d 114, 123 (8th Cir. 1975) ...... 11, 12
Hammond v. The Bank of N.Y. Mellon Corp., 2010 WL 2643307 (S.D.N.Y. June 25, 2010) ...... 19
Harris v. Republic Airlines, Inc., No. 4-88-1076, 1991 WL 238992 (D. Minn. 1991) ...... 21
In re Anthem, Inc. Data Breach Litig., 327 F.R.D. 299, 323 (N.D. Cal. 2018) ...... 7
In re Aquila ERISA Litig., 2007 WL 4244994 (W.D. Mo. Nov. 29, 2007)...... 21
In re Bisphenol-A (BPA) Polycarbonate Plastic Prods. Liab. Litig., No. 08-1967-MD-W-ODS, 2011 WL 1790603 (W.D. Mo. May 10, 2011) ...... 19
In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21 (D. Me. 2013) ...... 19 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 5 of 32 - Page ID # 257
In re Target Corp. Customer Data Sec. Breach Litig., 892 F.3d 968, 974, 978 (8th Cir. 2018) ...... 18, 24
In re U.S. Bancorp Litig., 291 F.3d at 1038 (8th Cir. 2002)...... 21
In re Uponor, Inc., F1807 Plumbing Fittings Prods. Liab. Litig., 716 F.3d 1057 (8th Cir. 2013) ...... 11
In re Wireless Tel. Fed. Cost Recovery Fees Litig., 396 F.3d 922, 932 (8th Cir. 2005) ...... 11, 13, 14
In re Xcel Energy, Inc., Sec. Derivative & “ERISA” Litig., 364 F. Supp. 2d 980, 998 (D. Minn. 2005) ...... 21
Jackson-Battle v. Navicent Health Inc., No. 2020-CV-072287 (Ga.) ...... 17
Keil v. Lopez, 862 F.3d 685, 697 (8th Cir. 2017) ...... 18
Kenney et al. v. Centerstone of America, Inc., No. 3:20-67-01007 (M.D.Tenn.)...... 17
Lee v. Anthem Inc. Cos., 2015 WL 3645208 (E.D. Mo. June 10, 2015) ...... 11
Marshall v. National Football League, 787 F.3d 502, 510 (8th Cir. 2015) ...... 22
Mowery et al. v. Saint Francis Healthcare System, No. 1:20-cv-00013-SPC (E.D. Mo.) ...... 17
Mullane v. Central Hanover Bank & Trust Co., 339 U.S. 306, 314 (1950) ...... 12
Paxton v. Union Nat. Bank, 688 F.2d 552, 562-563 (8th Cir. 1982) ...... 15
Petrovic v. Amoco Oil Co., 200 F.3c 1140, 1153 (8th Cir, 1999) ...... 13, 24
Pollard v. Remington Arms Company, LLC, 320 F.R.D. 198, 220 (W.D. Mo. 2017) ...... 16
ii 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 6 of 32 - Page ID # 258
Powers v. Credit Management Services, Inc., No. 8:11cv436, 2016 WL 6994080 (D. Nebr. Nov. 29, 2016) ...... 21
Prof. Firefighters Ass’n. or Omaha, Local 385 v. Zalewski, 678 F.3d 640, 648 (8th Cir. 2012) ...... 14
Schoenbaum v. E. I. Dupont De Nemours Co., 2009 WL 4782082 (E.D. Mo. Dec. 8, 2009) ...... 14
Swinton v. SquareTrade, Inc., 454 F. Supp. 3d 848, 862 (S.D. Iowa 2020) ...... 19, 22
Van Horn v. Trickey, 840 F.2d 604 (8th Cir. 1988) ...... 11
White v. National Football League, 836 F. Supp. 1458, (D. Minn. 1993) ...... 16
Wineland v. Casey’s Gen. Stores, Inc., 267 F.R.D. 669 (S.D. Iowa 2009) ...... 21
STATUTES
Class Action Fairness Act of 2005, 28 U.S.C. § 1715 ...... 8
OTHER AUTHORITIES
C. Wright and A. Miller, Federal Practice and Procedure, at 237 (1972) ...... 12
RULES
Fed. R. Civ. P. 12(b)(6)...... 19
Fed. R. Civ. P. 23 ...... 12, 13, 14
Fed. R. Civ. P. 23(b)(2)...... 19
Fed. R. Civ. P. 23(b)(3)...... 19
Fed. R. Civ. P. 23(e) ...... 11, 13, 14
Fed. R. Civ. P. 23(e)(2) ...... 11, 13
iii 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 7 of 32 - Page ID # 259
Fed. R. Civ. P. 23(e)(2)(A)-(D) ...... 14
Fed. R. Civ. P. 23(e)(2)(B) ...... 16
Fed. R. Civ. P. 23(e)(3) ...... 14, 22
Fed. R. Civ. P. 56 ...... 19
iv 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 8 of 32 - Page ID # 260
I. INTRODUCTION
On June 4, 2021, this Court preliminarily approved a proposed class action settlement
between Plaintiffs John Chacon and Leonard Bradley (“Plaintiffs”) and Defendant Nebraska
Medicine (“Nebraska Medicine” or “Defendant”). Dkt. 19. Class Counsel’s efforts created three
distinct benefits: (1) up to $3,300 per Settlement Class Member in cash reimbursements for time
and expenses incurred related to the Data Incident; (2) credit monitoring and identity theft
restoration services automatically provided to Credit Monitoring Subclass members; and (3)
equitable relief in the form of information security enhancements designed to ensure Settlement
Class Members’ Personally Identifying Information and Private Health Information is better
protected in the future.
Settlement Class Counsel zealously prosecuted Plaintiffs’ claims, reaching agreement only
after extensive investigation and negotiations. After this Court granted preliminary approval of the
Settlement, the Settlement Administrator—with the help of the Parties—disseminated Notice to
the Settlement Class. As provided for in the Settlement and approved by the Court, individual
notice was provided directly to each of the Settlement Class Members. The notice provided each
Settlement Class Member with information regarding how to reach the Settlement Website, make
a claim, and how to opt-out or object to the Settlement. The response to the Settlement has been
overwhelmingly positive. Out of 125,106 Settlement Class Members, only three have sought to exclude themselves from the Settlement, and zero have objected. The claims period is still open, and will run through October 4, 2021.
Plaintiffs previously moved for attorneys’ fees, costs, and service awards on August 19,
2021, and now move for final approval of this class action settlement. Because the Notice (direct notice to Settlement Class Members via US Postal Service postcard mailing) was the best
1 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 9 of 32 - Page ID # 261
practicable under the circumstances—and is estimated to reach 93% of the Settlement Class, which
far exceeds the Federal Judicial Guideline of 70%—and the Settlement is fair adequate, and reasonable, this Court should grant final approval.
II. CASE SUMMARY1
A. The Data Breach
Nebraska Medicine is a comprehensive health network in the Omaha, Nebraska region,
with two major hospitals, more than 1,000 doctors and 40 clinics in the Omaha area. See Dec. of
David K. Lietz in Supp. of Pl.s’ Mot. for Prelim. App., Dkt. 17-1, ¶ 9.a, (“Lietz MPA Dec.”).
Nebraska Medicine advertises that it is the region’s only 24/7 trauma center providing
comprehensive care for adults and children, a regional leader in cardiovascular and neurosciences,
and that it has an international reputation in oncology, transplant, and biocontainment. Lietz MPA
Dec. ¶ 9.b. In the ordinary course of receiving treatment and healthcare services from Nebraska
Medicine, patients are required to provide Defendant with sensitive, personal and private
information such as: name, address, phone number, and mail address; date of birth; demographic
information; information related to medical history; insurance information and coverage;
information concerning an individual’s doctor, nurse, or other medical providers; photo
identification; employer information; and other information that may be deemed necessary to
provide care. Id. ¶ 9.c. Nebraska Medicine publicly recognizes and affirms its duties and
responsibilities to keep its patients’ personal information private and confidential. Id. ¶ 9.d.
Plaintiffs allege that between August 27, 2020 and September 20, 2020, Nebraska
Medicine experienced a targeted cybersecurity incident where cyberthieves had unauthorized
1 Section II.a-II.d have been largely adopted from the Memorandum in Support of Plaintiffs’ Unopposed Motion for Preliminary Approval of Class Action Settlement, filed July 31, 2020 at Dkt. 17. Section II.e. details the efforts of the Settlement Administrator and Parties to effectuate the Notice program ordered by the Court.
2 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 10 of 32 - Page ID # 262
access to Nebraska Medicine’s network for approximately 24-days (the “Data Incident”). Id. at ¶
9.e. Plaintiffs allege that during this time, cyber-criminals were able to access patient data including the private identifying information and personal health information provided to
Nebraska Medicine in the process of receiving treatment. Id.
Defendant mailed notification to approximately 125,902 individuals that their personally identifiable information (“PII”) may have been impacted. Id. at ¶ 10. Of those approximately
125,902 individuals, approximately 13,497 individuals were mailed notification indicating that their Social Security and/or driver’s license numbers may have been potentially accessed. Id.
Subsequently, this lawsuit was filed asserting claims against Nebraska Medicine relating to the Data Incident.
B. Plaintiffs’ Complaint
Plaintiffs filed their Complaint in this Court on February 24, 2020. They allege seven causes of action: (1) Negligence; (2) Invasion of Privacy by Trespass or Intrusion; (3) Breach of
Implied Contract; (4) Breach of Fiduciary Duty; (5) Violation of Nebraska Consumer Protection
Act; and (6) Violation of Nebraska Uniform Deceptive Trade Practices Act. Lietz MPA Dec. ¶ 12.
Plaintiffs sought equitable relief enjoining Nebraska Medicine from engaging in the wrongful conduct complained of and compelling Nebraska Medicine to utilize appropriate methods and policies with respect to consumer data collection, storage, and safety. Id. ¶ 13. Plaintiffs further sought an order requiring Defendant to provide credit monitoring services to themselves and the rest of the class. Id. ¶ 14. Finally, Plaintiffs sought an award of actual, compensatory, and statutory damages as well as attorneys’ fees and costs, and any such further relief as may be deemed just and proper. Id. ¶ 15.
3 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 11 of 32 - Page ID # 263
C. History of Negotiations
From approximately March to May 2021, Plaintiffs and Defendant, through their respective counsel, engaged in arms’ length negotiations on behalf of the Settlement Class. Lietz MPA Dec.
¶ 17. Counsel for Plaintiff brought extensive experience in hospital data breach class actions to the table, which, along with their internal investigation and informal discovery produced by Nebraska
Medicine, allowed proposed Class Counsel to effectively negotiate settlement terms that are fair, adequate and reasonable. Id. ¶ 18. After extensive negotiations and an informal exchange of relevant information, in late March 2021, the Parties reached an agreement on the material terms of the Settlement. Id. ¶ 19.
On March 29, 2021, the Parties filed a Joint Notice of Settlement and Request to Set
Deadline to File Motion for Preliminary Approval of Class Action Settlement. Id. at ¶ 20. The
Court approved the Parties’ Motion, and set May 25, 2021 as the deadline by which the preliminary approval motion was required to be filed. Id. at ¶ 21. Over the following weeks, the Parties diligently negotiated final terms, drafted and finalized the Settlement Agreement along with the corresponding exhibits. Id. at ¶ 22. The Settlement Agreement was finalized and executed by the
Parties in late-May 2021. Id. at ¶ 23, Ex. 1 (“Agr.”). On June 4, 2021, this Court granted
Preliminary Approval of Plaintiffs’ class action settlement and directed notice to issue as described therein. Dkt. 19.
D. The Settlement Agreement
The Settlement negotiated on behalf of the Class provides for three separate forms of relief:
(1) cash reimbursements for time and expenses; (2) credit monitoring and identity theft restoration services; and (3) equitable relief in the form of information security enhancements. See generally
Settlement Agreement at Lietz MPA Dec. Ex. 1 (“Agr.”). The Settlement Agreement calls for a
Settlement Class, as well as a smaller subset referred to as the Credit Monitoring Subclass:
4 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 12 of 32 - Page ID # 264
Settlement Class: The approximately 125,106 persons who were mailed notification that their PII was potentially impacted as a result of the Data Incident that occurred between August 27, 2020 and September 20, 2020; 2
Credit Monitoring Subclass: The approximately 13,497 persons who were mailed notification that their Social Security and/or driver’s license numbers were potentially accessed as a result of the Data Incident that occurred between August 27, 2020 and September 20, 2020.
Agr. ¶¶ 1.7, 1.25. The Settlement specifically excludes: (i) Nebraska Medicine, the Related
Entities, and their officers and directors; (ii) all Settlement Class Members who timely and validly
request exclusion from the Settlement Class; (iii) Judge Robert F. Rossiter and his staff and family;
(iv) Magistrate Judge Cheryl R. Zwart and her staff and family; and (v) any other Person found by
a court of competent jurisdiction to be guilty under criminal law of initiating, causing, aiding or
abetting the criminal activity occurrence of the Data Incident or who pleads nolo contendere to
any such charge. Id. at ¶ 1.25.
1. Expense and Time Reimbursement
Under the terms of the Settlement Agreement, Settlement Class Members can submit a
claim for both ordinary and extraordinary expense reimbursements. Agr. ¶¶ 2.1-2.3.
Settlement Class Members can claim reimbursement for ordinary out-of-pocket expenses, up to $300 per Settlement Class Member, that were incurred as a result of the Data Incident, including: (i) unreimbursed bank fees; (ii) long distance phone charges; (iii) cell phone charges (if charged by the minute); (iv) data charges (if charged based on the amount of data used); (v) postage; (vi) gasoline for local travel; and (vii) fees for credit reports, credit monitoring, or other
2 While the Parties originally estimated that the Settlement Class comprised of 125,902 individuals, upon receipt of the Class List, the Settlement Administrator discovered numerous redundancies. After removing duplicates from the Data, the class numbered 125,106. See Declaration of Brian Smitheman of Kroll Administration LLC in Support of Final Approval (“Kroll Dec.”), filed herewith.
5 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 13 of 32 - Page ID # 265
identity theft insurance products purchased by Settlement Class Members between August 27,
2020 and the Claims Deadline. Agr. ¶ 2.1.1. Claims for ordinary expense reimbursements may
also include reimbursement for up to six (6) hours of lost time spent dealing with the Data Incident
(calculated at the rate of $20 per hour), but only if at least one full hour was spent. Agr. ¶ 2.1.3.
Settlement Class Members may receive up to three (3) hours of lost time if the Settlement Class
Member (i) attests that any claimed lost time was spent related to the Data Incident; and (ii)
provides a written description of how the claimed lost time was spent related to the Data Incident.
Id. Settlement Class Members may claim up to an additional three (3) hours of lost time if the
claimant submits reasonable supporting documentation of the time spent (e.g. employment records
showing time off of work to deal with effects of the Data Incident). Id.
Settlement Class Members are also eligible to receive reimbursement for documented
extraordinary losses, up to $3,000 per Settlement Class Member for documented monetary loss
that: (i) is actual, documented, and unreimbursed; (ii) was more likely than not caused by the Data
Incident; (iii) occurred between August 27, 2020 to the Claims Deadline; and (iv) is not already
covered by one or more of the above-referenced reimbursed expenses. Agr. ¶ 2.1.4. Settlement
Class Members must also provide documentation that he or she made reasonable efforts to avoid,
or seek reimbursement for, such extraordinary losses, including but not limited to exhaustion of
all available credit monitoring insurance and identity theft insurance. Id.
Importantly, while both ordinary and extraordinary expense reimbursements are capped at an individual level, because there is no aggregate cap there will be no pro rata reductions of the valid amounts claimed by Settlement Class Members. Lietz MPA Dec. ¶ 30.
6 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 14 of 32 - Page ID # 266
2. Credit Monitoring and Identity Theft Restoration
Additionally, members of the Credit Monitoring Subclass will be automatically provided one-year of additional credit monitoring services, without the need to make any affirmative claim.
Agr. ¶ 2.3. This one year of credit monitoring is in addition to any credit monitoring previously offered by Nebraska Medicine and/or UNMC following the Data Incident. Id. This service is valued at least $100.00 per person.3
3. Equitable and Prospective Relief
In addition to the monetary relief and credit monitoring services provided, the Parties have also agreed that Nebraska Medicine will implement and keep in place, through December 31, 2022, specific security-related measures and enhancements. Agr. ¶ 2.4, see also Appx. A. These measures are detailed in a confidential Appendix A that the Settling Parties have agreed to file under seal with the Court. Lietz MPA Dec. ¶ 32. Generally, Nebraska Medicine will implement and enhance password and user-identity protocols and email and user-browsing protocols. Id.
Nebraska Medicine will also enhance and limit its remote access capabilities. Id. Further, Nebraska medicine will update, strengthen, and enhance its network security and system security measures including additional endpoint, vulnerability, and firewall measures. Id. Nebraska Medicine will also implement, update, and enhance its security operations center and conduct periodic, enhanced risk assessments. Id.
3 The per-class-member value was determined by a comparison to comparable products marketed to retail consumers. See, e.g., https://www.experian.com/consumer-products/compare-identity- theft- products.html;https://www.experian.com/consumer-products/compare-identity-theft- products.html (basic identity protection plan at $9.99 per month). The $100 value thus represents a conservative estimate of the benefit to each class member. See In re Anthem, Inc. Data Breach Litig., 327 F.R.D. 299, 323 (N.D. Cal. 2018) (“Obviously, the credit monitoring services themselves confer an economic benefit, as they can retail for $9 to $20 a month.”).
7 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 15 of 32 - Page ID # 267
4. Release
The release in this case is tailored to the claims that have been plead or could have been
plead in this case, arising out of the events and circumstances of the Data Incident. Agr. ¶ 1.22.
Settlement Class Members who do not exclude themselves from the Settlement Agreement will
release claims against Defendant and Related Entities related to the Data Incident and/or the
recordkeeping or data security practices in place at the time of the Data Incident. See Agr. ¶¶ 1.21.
E. The Notice and Claims Process
The notice and claims process was implemented pursuant to the Court’s Preliminary
Approval Order. The current estimated cost for Settlement Administration, including both notice
and claims administration, is $130,056.56 all of which is to be borne by Defendant separate and
apart from the Settlement Fund.4
1. CAFA Notice
Pursuant to the federal Class Action Fairness Act of 2005 (CAFA), 28 U.S.C. § 1715, on
June 4, 2021 the Settlement Administrator sent a CAFA Notice and an accompanying
Thumb/Flash Drive containing the documents required under 28 U.S.C. §1715(b)(1)-(8) to the
Attorney General of the United States and 55 state/territories Attorneys General identified in the
Manifest for the CAFA Notice via First-Class Certified Mail. Dec. of Brian Smitheman of Kroll
Settlement Administration LLC in Support of Final Approval, filed herewith as Exhibit A, (“Kroll
Dec.”) ¶ 4.
4 In Plaintiffs’ Motion for Fees, Costs, and Services Award, Plaintiffs quoted the original estimate and cap for the Notice Program of $145,000. The estimated total cost has since been reduced to $130,056.56. See Dec. of David Lietz in Supp. of Pl.s’ Mot. for Attorneys’ Fees, Costs, and Service Awards, Dkt. 20-1 (“Lietz Fees Dec.”), ¶ 21.
8 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 16 of 32 - Page ID # 268
2. Class Notice
On June 18, 2021, the Settlement Administrator received an electronic file containing contact information including the membership number, first name, last name, address, city, state, and zip code of Class Members. Kroll Dec. ¶ 5. The file contained 125,896 records. Id. After an analysis of the data the Settlement Administrator determined that 125,106 of the records were unique. Id. The Settlement Administrator also assigned unique identifiers to all records to maintain the ability to track them throughout the Settlement administration. Id.
After receiving the Settlement Class Data, the Settlement Administrator checked all mailing addresses against the National Change of Address database maintained by the United
States Postal Service. Id. at ¶ 10. To the extent that any Class Member had filed a USPS change of address request, and the address was certified and verified, the current address listed in the
NCOA database was used in connection with the Notice mailing. Id.
On July 6, 2021, the Settlement Administrator sent Postcard Notices by U.S. Mail to the
125,106 Settlement Class Members. Id. ¶ 10. To prevent claims from individuals outside the Class and to prevent fraud, Class Members were provided a unique Class Member ID on their respective
Notices. Id. ¶ 16. As of August 31, 2021, 855 Postcard Notices were returned by the USPS with a forwarding address and remailed. Id. ¶ 11. As of the same date, the Settlement Administrator has received 9,456 Notices returned by the USPS with no forwarding address. Id. ¶ 12. The Settlement
Administrator is currently running skip-traces on those addresses and individuals, and will re-mail the postcards to any individuals located through the skip trace. Id.
The Settlement Administrator expects the reach of the notice program to hit 93%. Id. ¶ 13.
9 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 17 of 32 - Page ID # 269
3. Settlement Website and Toll-Free Number
On May 24, 2021, the Settlement Administrator created a dedicated website entitled
www.NebraskaSettlement.com. Id. ¶ 7. The website went live on July 6, 2021, and remains
operational. Id. The website contains a summary of the Settlement, Settlement Agreement, Long
Form Notice, Motion for Preliminary Approval of Settlement, Memorandum in Support of
Plaintiffs' Unopposed Motion for Preliminary Approval of Class Action Settlement, Claim Form,
Preliminary Approval Order, Complaint, Declaration of David Lietz, Motion for Attorney Fees
and Costs and allows Class Members the opportunity to file a claim form online. Id.
On April 7, 2021, the Settlement Administrator established a toll-free number, 1-844-367-
8806, for Class Members to call and obtain additional information regarding the Settlement using both Live Operators and an IVR system. Id. ¶ 8. As of August 31, 2021, 537 Class Members have
called the IVR, and 332 Class Members have called to speak to Live Operators. Id.
4. Class Response
Through the notice process, Settlement Class Members have been given the means to make a claim, request exclusion, or object to the Settlement Agreement. As of August 25, 2021, the
Settlement Administrator has received only three requests for exclusion and zero objections to the settlement. Id. at ¶¶ 14-15. Class Counsel have also received zero objections to the Settlement
Agreement. Declaration of David Lietz in Support of Plaintiff’s Motion Final Approval, (“Lietz
MFA Dec.”), filed herewith as Exhibit B, ¶ 2. As August 31, 2021, the Settlement Administrator has received 356 claims—12 through the mail, and 344 through the Settlement Website. Id. ¶ 16.
The claims period will remain open until October 4, 2021. Id.
10 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 18 of 32 - Page ID # 270
III. LEGAL STANDARD
In approving a class action settlement, a Court must consider whether it is “fair, reasonable,
and adequate.” Fed. R. Civ. P. 23(e)(2). In making that determination a district court considers:
(1) the merits of the plaintiff's case weighed against the terms of the settlement, (2) the defendant's
financial condition, (3) the complexity and expense of further litigation, and (4) the amount of
opposition to the settlement. Lee v. Anthem Inc. Cos., 2015 WL 3645208, at *1 (E.D. Mo. June
10, 2015) (quoting In re Uponor, Inc., F1807 Plumbing Fittings Prods. Liab. Litig., 716 F.3d 1057,
1063 (8th Cir. 2013); see also Van Horn v. Trickey, 840 F.2d 604, 607 (8th Cir. 1988); In re
Wireless Tel. Fed. Cost Recovery Fees Litig., 396 F.3d 922, 932 (8th Cir. 2005).
Before a court can reach that analysis however, it must ensure that interested parties were
adequately informed of the Settlement Agreement and provided an opportunity to voice their
objections. Grunin v. International House of Pancakes, 513 F. 2d 114, 123 (8th Cir. 1975). Rule
23(e) of the Federal Rules of Civil Procedure provides that a class action “shall not be dismissed
or compromised without the approval of the court, and notice of the proposed dismissal or
compromise shall be given to all members of the class in such manner as the court directs.” The
purpose of the approval procedure is to ensure that the interests of absent class members are
adequately protected. Grunin v. International House of Pancakes, 513 F.2d at 123. The district
court acts as a fiduciary who serves as guardian of the rights of the absent class members, and the
court may approve a settlement only if the proponents of it show that the settlement is fair,
reasonable, and adequate. Id.
IV. LEGAL ARGUMENT
A. The Individual Direct Notice Provided to Settlement Class Members is the Best Practicable and Should be Approved.
11 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 19 of 32 - Page ID # 271
Because an action maintained as a class suit under Rule 23 has res judicata effect on all
members of the class, due process requires that notice of a proposed class settlement be provided
to settlement class members. Grunin v. International House of Pancakes, 513 F.2d at 123, citing
Eisen v. Carlisle & Jaquelin, 417 U.S. 156, 172-177 (1974). What a court must determine in each
individual case is that the notice provided was “reasonably calculated, under all the circumstances,
to apprise interested parties of the pendency of the action and afford them an opportunity to present
their objections.” Mullane v. Central Hanover Bank & Trust Co., 339 U.S. 306, 314 (1950). In
addition, the notice must convey the required information and allow a reasonable time for those
interested in making an appearance to do so. Grunin v. International House of Pancakes, 513 F.2d
at 123, citing Mullane v. Central Hanover Bank & Trust Co., 339 U.S. at 314. Because Rule 23
provides that notice must be given “in such a manner as the court directs,” the mechanics of the
notice process are left to the broad discretion of the court. Grunin v. International House of
Pancakes, 513 F.2d at 123, citing C. Wright and A. Miller, Federal Practice and Procedure, at
237 (1972).
The Parties caused individual notice to be provided via US mail to 125,106 Settlement
Class Members. Kroll Dec. ¶ 5. This notice was the best practicable under the circumstances. It was clear, concise, and pointed each Settlement Class Member to the resources necessary to get additional information, review pleadings, make a claim, request exclusion, object, or to reach class counsel should they have any additional questions. See id., Ex. B. The U.S. Supreme Court has specifically held that individualized notice by mail to the last known address is the “best notice practicable” in a class action context. Eisen v. Carlisle & Jaquelin, 417 U.S. at 174-177. In contrast with notice via publication, providing individualized mail notice to Settlement Class Members— coupled with the Settlement Administrator’ efforts to search for, locate, and confirm current
12 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 20 of 32 - Page ID # 272
information for Settlement Class Members—ensures that Settlement Class Members are provided
with the best practicable notice of the Settlement, and the opportunity to make a claim, opt-out, or
object. Courts regularly approve the use of mail to directly notify potential class members of a
class action settlement. Petrovic v. Amoco Oil Co., 200 F.3c 1140, 1153 (8th Cir, 1999) (finding
notice provided by U.S. Mail comported with the requirements of due process). The Settlement
Website and Toll-free hotline provide additional forums for Settlement Class Members to access
information about the Settlement and relevant filings.
Accordingly, the Notice program satisfies the requirements of both Rule 23 and dur process.
B. The Settlement Terms are Fair, Reasonable, and Adequate.
Public policy favors settlements—“courts should approach them with a presumption in
their favor.” Bassett v. Credit Management Services, Inc., No. 8:17cv69, 2019 WL 4262019, *2
(D. Ne. Aug. 6, 2019) quoting Petrovic v. Amoco Oil Co., 200 F.3d 1140, 1148 (8th Cir. 1999)
Courts have recognized that a class action settlement is a private contract negotiated between the
parties. In re Wireless Tel. Fed. Cost Recovery Fees Litig., 396 F.3d at 932 (citing Christina A. ex
rel. Jennifer A. v. Bloomberg, 315 F.3d at 992 (8th Cir. 2003). “Rule 23(e) requires the court to
intrude on that private consensual agreement merely to ensure that the agreement is not the product
of fraud or collusion and that, taken as a whole, it is fair, adequate, and reasonable to all
concerned.” Id.
Federal Rule 23(e)(2) requires certain factors to be considered by a court before granting
final approval of a class action settlement: (A) the class representatives and class counsel have
adequately represented the class; (B) the proposal was negotiated at arm’s length; (C) the relief
provided for the class is adequate . . . ; and (D) the proposal treats class members equitably relative
13 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 21 of 32 - Page ID # 273
to each other.” Fed. R. Civ. P. 23(e)(2)(A)-(D). In determining whether the relief provided is adequate, Courts must consider: (i) the costs, risks, and delay of trial and appeal; (ii) the effectiveness of any proposed method of distributing relief to the class, including the method of processing class-member claims; (iii) the terms of any proposed award of attorney’s fees, including timing of payment; and (iv) any agreement required to be identified under Rule 23(e)(3).
Before the 2018 revisions to Rule 23(e), the Eighth Circuit developed its own list of factors for consideration in determining whether to grant final approval of a class action settlement: (1) the merits of the plaintiff's case weighed against the terms of the settlement; (2) the defendant's financial condition; (3) the complexity and expense of further litigation; and (4) the amount of opposition to the settlement. Bassett v. Credit Management Services, Inc., No. 8:17cv69, 2019 WL
4262019, *2 (D. Ne. Aug. 6, 2019), citing Prof. Firefighters Ass’n. or Omaha, Local 385 v.
Zalewski, 678 F.3d 640, 648 (8th Cir. 2012); In re Wireless Tel. Fed. Cost Recovery Fees Litig.,
396 F.3d 922, 932 (8th Cir. 2005).
The Settlement meets the criteria set forth by both Rule 23 and the Eighth Circuit. Because the Settlement Agreement here is not the product of fraud or collusion, does not have a single objection from any Settlement Class Member after direct individual notice was provided, and does in fact provide the opportunity for significant relief for Settlement Class Members and automatic relief for the Credit Monitoring Subclass Members, final approval should be granted. See
Schoenbaum v. E. I. Dupont De Nemours Co., 2009 WL 4782082, at *2 (E.D. Mo. Dec. 8, 2009).
1. The Settlement Meets the Requirements of Rule 23.
a. Class Representatives and Counsel have Adequately Represented the Class.
The adequacy inquiry examines whether (1) the class representatives have common interests with the members of the class and (2) whether class representatives will vigorously
14 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 22 of 32 - Page ID # 274
prosecute the interests of the class through qualified counsel. Paxton v. Union Nat. Bank, 688 F.2d
552, 562-563 (8th Cir. 1982). Here, the Class Representatives, like all Class Members, have been victims of the same Data Incident, and thus have common interests with the Class. Moreover, they have ably represented the Class, maintaining contact with counsel, assisting in the investigation of the case, producing relevant documents, reviewing the material terms of the Settlement
Agreement, remaining available for consultation throughout settlement negotiations, answering counsel’s many questions, and reviewing the terms of the Settlement Agreement. Lietz Fees Dec.
¶ 17.5
Proposed Class Counsel too have vigorously pursued the interests of the Class in securing a Settlement that brings immediate benefits to Class and Subclass Members while avoiding the risks of continued litigation. In doing so, they leaned on their extensive experience in hospital data breach litigation, their detailed investigation of this particular matter, and informal discovery exchanged during the course of their negotiations. Lietz MPA Dec.¶ 3-11, 17-24. Their efforts resulted in the excellent Settlement before the Court, guaranteeing relief to Settlement Class and
Subclass Members that compares favorably to that approved in other data breach cases. As such, this factor warrants preliminary approval.
b. The Settlement is the product of good-faith arms’ length negotiations, and is absent of any collusion.
Here, the Settlement was reached only after months of arms’ length negotiations between counsel for the Parties. Lietz MPA Dec. ¶¶ 17-24. Proposed Class Counsel conducted an extensive investigation into the merits of Plaintiffs’ claims prior to filing their Complaint, and engaged in an
5 In their Motion for Fees, Costs, and Service Awards, Plaintiffs inadvertently noted that they were remained available for consultation during mediation, when they in fact remained available for consultation throughout the settlement negotiations.
15 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 23 of 32 - Page ID # 275
informal exchange of discovery with Defendant thereafter. Id. Accordingly, Class Counsel was
well positioned throughout settlement negotiations to have a full understanding of the value of
Plaintiffs’ and Class Members’ claims. See, id. Settlement negotiations lasted from approximately
March to May 2021, and although the Parties reached an agreement on the central terms in late
March, they spent the following months negotiating and finalizing the details of the Agreement
and corresponding notice documents. Id. ¶ 22. As such, Plaintiffs have met the requirement for
settlement approval set forth in Rule 23(e)(2)(B). See White v. National Football League, 836 F.
Supp. 1458, (D. Minn. 1993) (finding no evidence of collusion and concluding settlement was the
result of arm’s length negotiations); Pollard v. Remington Arms Company, LLC, 320 F.R.D. 198,
220 (W.D. Mo. 2017) (finding a settlement reached after extensive investigation and discovery by
class counsel was reached in good faith). As such, the Settlement was the product of good faith,
non-collusive, and arm’s length negotiations and should be approved.
c. The Settlement Agreement provides substantial relief to the Settlement Class, particularly in light of the uncertainty of prevailing on the merits.
Most importantly, the Settlement guarantees Class Members real relief for harms and
assurance that they are less likely to be subject to similar breaches due to Nebraska Medicine’s
data security systems in the future. Thus, the third and most important factor weighs heavily in
favor of preliminary approval.
Settlement Class Members who submit valid claims are eligible to receive up to $300 in reimbursements for ordinary incurred as a result of the Data Incident, as well as reimbursement at the rate of $20 per hour for up to six (6) hours spent addressing issues pertaining to the Data
Incident. Agr. ¶ 2.1.1. Settlement Class Members can also each recover up to $3,000 in extraordinary expense reimbursements related to the Data Incident. Id. ¶ 2.1.4. These payments
16 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 24 of 32 - Page ID # 276
are not subject to a cap, and thus will not be subject to pro rata reductions, regardless of how many
Settlement Class Members make claims. Id.; Lietz MPA Dec. ¶ 30. This Settlement compares
favorably with monetary relief provided in settlements approved by Courts in other, similar data
breach cases. See e.g. Mowery et al. v. Saint Francis Healthcare System, No. 1:20-cv-00013-SPC
(E.D. Mo.) (data breach settlement providing up to $280 in value to Settlement Class Members in the form of: reimbursement up to $180 of out of pocket expenses and time spent dealing with the data breach; credit monitoring services valued at $100; and equitable relief in the form of data security enhancements); Baksh et al. v. Ivy Rehab Network, Inc., No. 7:20-CV-01845 (S.D.N.Y.)
(providing up to $75 per class member out of pocket expenses incurred related to the data breach and $20 reimbursement for lost time, with payments capped at $75,000 in aggregate; credit monitoring for claimants; and equitable relief in the form of data security enhancements); Kenney et al. v. Centerstone of America, Inc., No. 3:20-67-01007 (M.D.Tenn.) (providing up to $500 for ordinary losses and $2500 for extraordinary losses, with a fund capped at $1,500,000); Jackson-
Battle v. Navicent Health Inc., No. 2020-CV-072287 (Ga.) (providing up to $200 per person for reimbursement of ordinary expenses and lost time, up to $2,500 per person for reimbursement of extraordinary expenses, and equitable relief in the form of data security enhancements).
Another useful point of comparison is the data breach settlement approved by a Nebraska state court in the case Coleman et al. v. Boys Town Nat’l Rsch. Hosp., Case No. D01CI180008162
(District Court of Douglas County, Neb.). Final approval was granted in that data breach class action on August 20, 2020, and the terms of the settlement compare favorably to those negotiated on behalf of the Settlement Class here. See Exhibit C, Boys Town Final Approval Order and
Judgment at page 2 (data breach settlement providing credit monitoring, up to $4000 in reimbursement for identity, tax, financial, or medical fraud, reimbursement for 4 hours of lost time
17 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 25 of 32 - Page ID # 277
at $25 per hour, and injunctive relief). Here, the relief obtain equals or exceeds that negotiated in
Boys Town – for example, Settlement Class Members here may claim up to 6 hours at $20 of lost
time (as opposed to only 4 hours at $25 per hour in Boys Town – meaning up to $120 can be claimed here while only $100 can be claimed in Boys Town), the reimbursable losses of up to
$3300 are for a broader range of losses (as opposed to Boys Town, where the $4000 in reimbursements were for various forms of fraud only), and the credit monitoring here is an automatic benefit (as opposed to being an opt-in benefit in Boys Town). This direct comparator – another hospital data breach case in the State of Nebraska – weighs heavily in favor of finally approving this settlement.6
Moreover, members of the Credit Monitoring Subclass will automatically receive 1-year
of credit monitoring services at Defendant’s expense. Agr. ¶ 2.3. Such protections will help ensure
that should Plaintiffs’ and Class Members’ data be misused, they will have access to the means to
mitigate any potential ill consequences.
Additionally, Nebraska Medicine will be implementing extensive security enhancement
protocols that will guarantee that Settlement Class Members’ personal identifying information and
personal health information will be better safeguarded in the future. Agr. ¶ 2.4. Such injunctive
relief has real value, and lends further weight in favor of Settlement approval. In re Target Corp.
Customer Data Sec. Breach Litig., 892 F.3d 968, 974 n.6, 978 (8th Cir. 2018) (finding injunctive
relief in the form of data security measures “has value to all class members,” and the district court
properly considered non-monetary relief when weighing the merits of the plaintiff's case against
the terms of the settlement); see Keil v. Lopez, 862 F.3d 685, 697 (8th Cir. 2017) (finding
6 Also, this settlement was achieved for less than one-quarter of the $925,000 in attorneys’ fees awarded in Boys Town, demonstrating that the fees sought here are presumptively reasonable.
18 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 26 of 32 - Page ID # 278
settlement to be fair, reasonable, and adequate in part because “class members ... will benefit from
the additional injunctive relief that the settlement provides”); Bezdek v. Vibram USA, Inc., 809
F.3d 78, 84 (1st Cir. 2015) (finding there was no abuse of discretion where a district court
concluded that injunctive relief against continuation of the allegedly false advertising was ‘a
valuable contribution to this settlement agreement.’ ”); In re Bisphenol-A (BPA) Polycarbonate
Plastic Prods. Liab. Litig., No. 08-1967-MD-W-ODS, 2011 WL 1790603, at *3-4 (W.D. Mo. May
10, 2011) (noting the presence of injunctive relief as a factor indicating the fairness, adequacy, and
reasonableness of the settlement). This is true even if, as here, the settlement class is certified under
Rule 23(b)(3) rather than Rule 23(b)(2). Swinton v. SquareTrade, Inc., 454 F. Supp. 3d 848, 862
(S.D. Iowa 2020) (citing cases).
i. The costs, risks, and delay of trial and appeal weigh in favor of approval. The value achieved through the Settlement Agreement is guaranteed, where chances of
prevailing on the merits are uncertain. While Plaintiffs strongly believe in the merits of their case,
they also understand that Nebraska Medicine will assert a number of potentially case-dispositive
defenses. In fact, should litigation continue, Plaintiffs would likely have to immediately survive a
motion to dismiss in order to proceed with litigation. Due at least in part to their cutting-edge
nature and the rapidly evolving law, data breach cases like this one generally face substantial
hurdles—even just to make it past the pleading stage. See Hammond v. The Bank of N.Y. Mellon
Corp., 2010 WL 2643307, at *1 (S.D.N.Y. June 25, 2010) (collecting data breach cases dismissed
at the Rule 12(b)(6) or Rule 56 stage). Class certification is another hurdle that would have to be
met—and one that been denied in other data breach cases. See, e.g., In re Hannaford Bros. Co.
Customer Data Sec. Breach Litig., 293 F.R.D. 21 (D. Me. 2013).
19 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 27 of 32 - Page ID # 279
Plaintiffs dispute the defenses Nebraska Medicine will likely assert—but it is obvious that
their success at trial is far from certain. Through the Settlement, Plaintiffs and Class Members gain
significant benefits without having to face further risk of not receiving any relief at all.
ii. The effectiveness of the proposed method of distributing relief to the class, including the method of processing class-member claims weigh in favor of approval. As described in Section II.E(4), supra, all Class Members have until October 4, 2021 to submit a claim for ordinary and/or extraordinary expense reimbursements, and credit monitoring services will be automatically provided on final approval of the settlement. Kroll Dec. ¶ 18. The
Settlement Administrator is responsible for reviewing, determining the validity of, and processing
all claims submitted by Settlement Class Members. Lietz MPA Dec. ¶¶ 41-52. Class Counsel and
Nebraska Medicine both have the right to review and obtain supporting documentation to the
extent necessary to resolve claims administration issues. Agr. ¶ 8.1. After the Settlement is approved and the time for any appeal has passed, the Settlement Administrator will also be responsible for processing and transmitting Settlement Class Member payments and providing enrollment codes for those Class Members who made a claim for credit monitoring services. Agr.
¶¶ 2.5, 8. Checks for valid claims will be sent within 60 days of the Effective Date, or within 30 days of the date the claim is approved, whichever is later. Id. ¶ 8.3. Automatic one-year extensions will be provided to Class Members who had previously accepted credit monitoring from Nebraska
Medicine. For those Class Members who did not previously accept credit monitoring, Experian will mail them their codes and brief instructions as to how to activate the credit monitoring services—at no cost to the Class Member.7
7 Should the Court require additional information regarding this process, Counsel for Nebraska Medicine will be prepared to speak further regarding the automatic provision of credit monitoring services at the Final Approval Hearing.
20 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 28 of 32 - Page ID # 280
As such, the Settlement provides for effective processing and distribution of relief and
should be approved.
iii. The terms of any proposed award of attorney’s fees, including timing of payment lends support to approval.
On August 19, 2021, Plaintiffs moved for an award of attorneys’ fees and costs equal to
$195,000—less than 1% of the total benefit negotiated for the class—as well as Service Awards
in the amount of $2,000 to each of the Representative Plaintiffs. Dkt. 21. As discussed at length in
Plaintiffs’ Motion for Attorneys’ Fees, Costs, and Service Awards and Memorandum in Support
at Dkt. 21, Plaintiffs’ requests are reasonable and fall well below the 25% to 36% of common fund
fees regularly approved by Eighth Circuit Courts. Caligiuri v. Symantec Corp., 855 F.3d at 865–
66 (8th Cir. 2017); see also In re Xcel Energy, Inc., Sec. Derivative & “ERISA” Litig., 364 F.
Supp. 2d 980, 998 (D. Minn. 2005) (collecting cases); In re U.S. Bancorp Litig., 291 F.3d at 1038
(8th Cir. 2002) (awarding 36% of a common fund of $3.5 million); West v. PSS World Med., Inc.,
No. 4:13-cv-574, 2014 WL 1648741, at *1 (approving attorneys’ fees of 33%); Harris v. Republic
Airlines, Inc., No. 4-88-1076, 1991 WL 238992 at *2 (D. Minn. Nov. 12, 1991) (awarding “a sum
slightly in excess of 30% of the common fund”); see also Powers v. Credit Management Services,
Inc., No. 8:11cv436, 2016 WL 6994080 (D. Nebr. Nov. 29, 2016) (approving $7,000 to each of
the lead plaintiffs as service awards); In re Charter Commc’ns, Inc., Sec. Litig., 2005 WL 4045741,
at *25 (awarding $26,625 compensatory award to lead plaintiff); In re Aquila ERISA Litig., 2007
WL 4244994, at *3 (W.D. Mo. Nov. 29, 2007) (awarding $25,000 incentive award); Wineland v.
Casey’s Gen. Store s, Inc., 267 F.R.D. 669, 677 (S.D. Iowa 2009) (awarding $10,000).
No Class Members have objected to Plaintiffs’ request for fees, costs, and service awards.
Kroll Dec. ¶ 15; Lietz MFA Dec. ¶ 2.
21 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 29 of 32 - Page ID # 281
iv. There are no additional agreements required to be identified under Rule 23(e)(3).
There are no additional agreements that require identification and/or examination under
Rule 23(e)(3).
d. The proposed Settlement treats Settlement Class Members equitably.
Here, the proposed Settlement does not improperly discriminate between any segments of
the class, as all Settlement Class Members and Credit Monitoring Subclass Members are entitled
to the same relief respectively. All Settlement Class Members are eligible to make a claim for the
same amount of ordinary and extraordinary expense reimbursements. Any difference in recovery
will be based purely on the actual expenses they have incurred and time they have spent to mitigate the effects of the Data Incident. Moreover, all members of the Credit Monitoring Subclass will
automatically receive a code for credit monitoring services.
There is no requirement that all class members in a settlement be treated equally. See
Marshall v. National Football League, 787 F.3d 502, 510 (8th Cir. 2015). The difference in
recovery between the Class and Subclass Members is reasonably justified by the fact that the Credit
Monitoring Subclass Members (unlike the remaining Class Members) had their Social Security
numbers compromised and thus should be entitled to greater protections. See Swinton v.
SquareTrade, Inc., 454 F. Supp. 3d at 875 (approving settlement where the differences in recovery
between class members reflect the differences in their respective injuries and the strength of their
respective claims). And, while Plaintiffs will each be seeking a $2,000 award for their services on
behalf of the class, this award is less than the amount that any given Class Member can claim in
reimbursements.
Importantly, direct notice was sent to Settlement Class Members, and all Settlement Class
Members had equal opportunity to object to or exclude themselves from the Settlement. As of
22 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 30 of 32 - Page ID # 282
August 25, 2020, three Settlement Class Members had requested exclusion, and none had objected.
Thus, the settlement does not unfairly benefit the Class Representatives or any particular Class
Member or subset of Class Members, and this factor weighs in favor of preliminary approval.
2. Other factors considered by Eighth Circuit Courts weigh in favor of preliminary approval.
The factors considered by Eighth Circuit Courts prior to the amendment of Rule 23, and still considered by those Courts today, also weigh in favor of final approval.
First, the Settlement provides for significant relief in light of the risks of proceeding with further litigation. As discussed extensively supra, while Plaintiffs are confident in the merits of their claims, they face significant risk in further litigation due in part to the constantly evolving nature of data breach litigation. Thus, this factor weighs in favor of preliminary approval.
Second, the Defendant’s financial condition is not at issue here, and thus does not weigh either for or against approval of the Settlement.
Third, continued litigation is likely to be complex, lengthy, and expensive. Although
Plaintiffs are confident in the merits of their claims, the risks discussed above cannot be disregarded. Aside from the potential that either side will lose at trial, the Plaintiffs anticipate incurring substantial additional costs in pursuing this litigation further. Should litigation continue,
Plaintiffs would likely need to defeat a motion to dismiss, counter a later motion for summary judgement, and both gain and maintain certification of the class. The level of additional costs would significantly increase as Plaintiffs began their preparations for the certification argument and if successful, a near inevitable interlocutory appeal attempt. As at least one court has found in this Circuit, because the “legal issues involved in [in data breach litigation] are cutting-edge and unsettled . . . many resources would necessarily be spent litigating substantive law as well as other
23 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 31 of 32 - Page ID # 283
issues.” In re Target Corp. Customer Data Sec. Breach Litig., 2015 WL 7253765, at *2 (D. Minn.
Nov. 17, 2015). Thus this factor weighs in favor of final approval.
Fourth, after completion of notice as approved by this Court and as of August 25, 2021,
only three Class Members have requested exclusion, and zero Class Members have objected to the
Settlement. Kroll Dec., ¶¶ 14-15; Lietz MFA Dec. ¶ 2. The absence of any opposition to the settlement strongly supports final approval. Petrovic v. Amoco Oil Co., 200 F.3d 1140, 1152 (8th
Cir. 1999).
Thus, these additional factors weigh in favor of approving a result exactly like that obtained
by Plaintiffs and Class Counsel: significant cash reimbursements for all Settlement Class Members
who submit valid claims, credit monitoring services automatically provided to Credit Monitoring
Subclass Members, and equitable relief in the form of increased data security safeguards, which
will serve to better safeguard all Settlement Class Members’ PII. Accordingly, the Settlement
should be preliminarily approved.
V. CONCLUSION
Settlement Class Counsel, with the help of Plaintiffs, have made significant benefits
available to class members during a time where the law surrounding data breaches is evolving and
uncertain. The Settlement Class Members were provided direct and individual notice of the
Settlement, and given additional resources by which they can get more information about the
Settlement Agreement. Zero Settlement Class Members have objected to either the Settlement
Agreement or to Plaintiffs’ request for fees, costs, and service awards. For these reasons, for the
arguments for certification and appointment of Class Representatives and Counsel set forth in
Plaintiffs’ Motion for Preliminary Approval (Dkt. 17), and because the Settlement Agreement is
24 8:21-cv-00070-RFR-CRZ Doc # 21-1 Filed: 09/01/21 Page 32 of 32 - Page ID # 284
fair, adequate, and reasonable, Plaintiffs respectfully request this Court grant their motion for final approval.
Dated: September 1, 2021 Respectfully submitted,
/s/ David K. Lietz David K. Lietz (admitted pro hac vice) MASON LIETZ & KLINGER LLP 5101 Wisconsin Avenue NW, Suite 305 Washington, D.C. 20016 Phone: (202) 429-2290 Fax: (202) 429-2294 [email protected]
Gary M. Klinger (admitted pro hac vice) MASON LIETZ & KLINGER LLP 227 W. Monroe Street, Suite 2100 Chicago, IL 60606 Phone: (202) 429-2290 Fax: (202) 429-2294 [email protected]
Attorneys for Plaintiffs and the Class
25 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 1 of 34 - Page ID # 285
Plaintiff's Memorandum In Support of Motion for Final Approval of Class Action Settlement EXHIBIT A 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 2 of 34 - Page ID # 286
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEBRASKA
JOHN CHACON and LEONARD BRADLEY, individually and on behalf of all others similarly situated, CASE NO. 8:21-cv-00070-RFR-CRZ Plaintiffs,
v.
NEBRASKA MEDICINE,
Defendant.
DECLARATION OF BRIAN SMITHEMAN OF KROLL SETTLEMENT ADMINISTRATION LLC IN SUPPORT OF FINAL APPROVAL
I, Brian Smitheman, declare as follows:
1. I am a Manager of Kroll Settlement Administration LLC (“Kroll”, f/k/a Heffler
Claims Group or Heffler Claims Administration) in Philadelphia, Pennsylvania. I am over twenty- one years of age and am authorized to make this declaration on behalf of Kroll and myself. The following statements are based on my personal knowledge and information provided by other experienced Kroll employees working under my supervision. This declaration is being filed in support of final approval.
2. Kroll has extensive experience in class action matters, having provided services in class action settlements involving antitrust, securities fraud, employment and labor, consumer, and government enforcement matters. Kroll has provided notification and/or claims administration services in more than 3,000 cases. 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 3 of 34 - Page ID # 287
3. Kroll was appointed as the Claims Administrator to provide notification and claims administration services in the Chacon et al., v Nebraska Medicine, Case No 8:21-cv-00070-RFR-
CRZ., referred to herein as the “Settlement.” Kroll’s duties in this Settlement have and will include: (a) preparing and sending CAFA notice; (b) receiving and analyzing the Class Member data (“the Class List”) from defense counsel; (c) establishing a post office box for the receipt of general mail and claim forms; (d) creating a website with online claim filing capabilities; (e) establishing a toll-free number with an Interactive Voice Response (IVR) system and live operators; (f) preparing and sending Notice; (g) processing Notices returned with a forwarding address; (h) processing Notices returned as undeliverable as addressed; (i) receiving and processing opt-outs and objections; (j) receiving and processing claim forms; and (k) such other tasks as counsel for the Parties or the Court orders Kroll to perform.
4. On behalf of the Defendant, Kroll provided notice of the proposed Settlement reflected in the Settlement Agreement pursuant to the Class Action Fairness Act 28 U.S.C.
§1715(b) (“the CAFA Notice”). At Defense Counsel’s direction, Kroll sent the CAFA Notice, attached hereto as Exhibit A, and an accompanying Thumb/Flash Drive containing the documents required under 28 U.S.C. §1715(b)(1)-(8) to the Attorney General of the United States and 55 state/territories Attorneys General identified in the Manifest for the CAFA Notice via First-Class
Certified Mail, on June 4, 2021.
5. On June 18, 2021, Kroll received a data file containing 125,896 records. The data file’s key components were Membership Number, First Name, Last Name, Address, City, State,
Zip. Kroll performed an analysis of the data and determined that 125,106 were unique. 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 4 of 34 - Page ID # 288
6. On April 8, 2021, Kroll obtained a post office box with the mailing address Chacon et al. v Nebraska Medicine, c/o Claims Administrator P.O. Box 8517, Philadelphia, PA 19101-
8517 in order to receive claim forms and correspondence from Class Members.
7. On May 24, 2021, Kroll created and is currently hosting a dedicated website entitled www.NebraskaSettlement.com. The website went live on July 6, 2021. The website contains a summary of the Settlement, Settlement Agreement, Long Form Notice, Motion for Preliminary
Approval of Settlement, Memorandum in Support of Plaintiffs' Unopposed Motion for Preliminary
Approval of Class Action Settlement, Claim Form, Preliminary Approval Order, Complaint,
Declaration of David Lietz, Motion for Attorney Fees and Costs and allows Class Members the opportunity to file a claim form online.
8. On April 7, 2021, Kroll established and is still maintaining a toll-free number, 1-
844-367-8806, for Class Members to call and obtain additional information regarding the
Settlement using both Live Operators and an IVR system. As of August 31, 2021, 537 Class
Members have called the IVR, and 332 Class Members have called to speak to Live Operators.
9. On or about May 25, 2021 Kroll received Word and/or PDF versions of the Long
Form Notice, Claim Form and Postcard Notice from counsel. Kroll prepared and formatted drafts of the materials that counsel reviewed and approved. True and correct copies of the Long Form
Notice, Claim Form and Postcard Notice are attached hereto as Exhibit B.
10. In order to provide the best notice practicable, Kroll ran the data through the United
States Postal Services’ (USPS) National Change of Address (NCOA) database and updated the data with the changes received from NCOA. On July 6, 2021 Kroll caused the mailing of Postcard
Notices to the 125,106 Class Members. 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 5 of 34 - Page ID # 289
11. As of August 31, 2021, Kroll has received 855 Notices returned by the USPS with a forwarding address. Kroll has re-mailed 855 of the forwarded Notices to the updated addresses provided by the USPS. Kroll has received additional 7 Notices returned by the USPS with a forwarding address. Kroll is in the process of re-mailing forwarded Notices to the updated addresses provided by the USPS.
12. As of August 31, 2021, Kroll has received 9,456 Notices returned by the USPS as undeliverable as addressed. Kroll has updated the records in the database to identify these as undeliverable. Kroll is in the process of sending 9,456 records through a skip trace process with
LexisNexis and re-mailing Notices to all addresses obtained through the skip-trace process. Kroll is scheduled to resend postcards to any individuals located through skip trace on or before
September 10, 2021.
13. Currently Kroll estimates the reach of the notice program at 93%. This number will likely go up once the remailing process is complete.
14. As of August 31, 2021, Kroll has received and processed three requests for exclusion from the Settlement. The names of the individuals who requested exclusion from the
Settlement are attached hereto as Exhibit C.
15. As of August 31, 2021, Kroll has not received any objections to the Settlement.
16. As of August 31, 2021, Kroll has received 12 claim forms received through the mail and 344 claims filed electronically through the Settlement Website. Kroll is still in the process of reviewing and validating claims. To prevent claims from individuals outside the Class and to prevent fraud, Class Members were provided a unique Class Member ID on their respective
Notices. The Class Member ID is required for Class Members to file a claim online. The claims period will run through October 4, 2021. 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 6 of 34 - Page ID # 290
17. As of August 31, 2021, Kroll has sent invoices totaling $75,156.56 covering fees and costs associated with administering the Settlement. Kroll anticipates to bill $54,900 for the duration of the Settlement.
I declare under penalty of perjury under the laws of the United States that the above is true and correct to the best of my knowledge and that this declaration was executed on August 31, 2021 in West Chester, PA.
______
BRIAN SMITHEMAN 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 7 of 34 - Page ID # 291
Exhibit A 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 8 of 34 - Page ID # 292
JUNE 4, 2021 VIA FIRST CLASS CERTIFIED MAIL RRR
To: All “Appropriate” Federal and State Officials Per 28 U.S.C. § 1715 (see attached distribution list)
Re: CAFA Notice for the Proposed Settlement in Chacon, et al. v. Nebraska Medicine, Case No. 8:21-cv-00070-RFR-CRZ United States District Court for the District of Nebraska
Ladies and Gentlemen:
Pursuant to Section 3 of the Class Action Fairness Act (“CAFA”), 28 U.S.C. § 1715, Defendant Nebraska Medicine. (“Defendant”) hereby notifies you of the proposed settlement of the above- captioned action (the “Action”) currently pending in the United States District Court for the District of Nebraska (the “Court”).
28 U.S.C. § 1715(b) lists eight items that must be provided to you in connection with any proposed class action settlement. Each of these items is addressed below:
1. 28 U.S.C. § 1715 (b)(l) - a copy of the complaint and any materials filed with the complaint and any amended complaints.
The Class Action Complaint is provided in electronic form on the enclosed thumb/flash drive as Exhibit A.
2. 28 U.S.C. § 1715 (b)(2) - notice of any scheduled judicial hearing in the class action.
On May 25, 2021, Plaintiffs filed a motion for preliminary approval of the class action. Neither a Preliminary Approval Hearing nor a Final Approval Hearing date has been set. A copy of the Plaintiffs’ Motion for Preliminary Approval of Class Action Settlement, Brief in Support of Motion for Preliminary Approval, Joint Motion to File Exhibit Under Seal and Proposed Preliminary Approval Order are provided in electronic form on the enclosed thumb/flash drive as Exhibit B, B1, B2, and B3, respectively.
3. 28 U.S.C. § 1715(b)(3) - any proposed or final notification to Class Members.
A copy of the proposed Short Notice and Long Notice of Settlement that will be provided to Class Members by first-class mail and that will be available on the website created for the administration of this matter are provided in electronic form on the thumb/flash drive as Exhibit C and C1, respectively. The Notices describe among 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 9 of 34 - Page ID # 293
Page 2 of 6
other things, claim submission and the Class Members’ rights to object or exclude themselves from the Class.
4. 28 U.S.C. § 1715(b)(4) - any proposed or final class action settlement.
The Settlement Agreement is provided in electronic form on the enclosed thumb/flash drive as Exhibit D.
5. 28 U.S.C. § 1715(b)(5) - any settlement or other agreement contemporaneously made between class counsel and counsel for defendants.
There are no other settlements or other agreements between Class Counsel and counsel for Defendants beyond what is set forth in the Agreement.
6. 28 U.S.C. § 1715(b)(6) - any final judgment or notice of dismissal.
The Court has not yet entered a final judgment or notice of dismissal. Accordingly, no such document is presently available.
7. 28 U.S.C. § 1715(b)(7) – (A) If feasible, the names of class members who reside in each State and the estimated proportionate share of the claims of such members to the entire settlement to that State’s appropriate State official; or (B) if the provision of the information under subparagraph (A) is not feasible, a reasonable estimate of the number of class members residing in each State and the estimated proportionate share of the claims of such members to the entire settlement.
The definition of the class in the proposed Settlement Agreement means the approximately 125,902 persons who were mailed notification that their PII was potentially impacted as a result of the Data Incident that occurred between August 27, 2020 and September 20, 2020. Attached as Exhibit E is an estimated breakdown by state for known Class Members.
8. 28 U.S.C. § 1715(b)(8) - any written judicial opinion relating to the materials described in 28 U.S.C. § 1715(b) subparagraphs (3) through (6).
There has been no written judicial opinion. Accordingly, no such document is presently available.
If you have any questions about this notice, the Action, or the enclosed materials, please contact the undersigned Claims Administrator listed below.
Sincerely,
Scott M. Fenwick Senior Director [email protected] 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 10 of 34 - Page ID # 294
Page 3 of 6
SERVICE LIST FOR CAFA NOTICE
U.S. Attorney General Delaware Attorney General Merrick B. Garland Kathy Jennings U.S. Department of Justice Carvel State Office Building 950 Pennsylvania Avenue, NW 820 N. French St., Washington, DC 20530-0001 Wilmington, DE 19801
Alabama Attorney General District of Columbia Attorney General Steve Marshall Karl A. Racine 501 Washington Ave. 400 6th St., NW P.O. Box 300152 Washington, DC 20001 Montgomery, AL 36130-0152 Florida Attorney General Alaska Attorney General Ashley Moody Treg Taylor The Capitol, PL 01 1031 W. 4th Avenue, Suite 200 Tallahassee, FL 32399-1050 Anchorage, AK 99501-1994 Georgia Attorney General Arizona Attorney General Chris Carr Mark Brnovich 40 Capitol Square, SW 2005 N Central Ave Atlanta, GA 30334-1300 Phoenix, AZ 85004 Guam Attorney General Arkansas Attorney General Leevin T. Camacho Leslie Rutledge Office of the Attorney General 323 Center St., Suite 200 ITC Building Little Rock, AR 72201-2610 590 S. Marine Corps Dr, Ste 706 Tamuning, Guam 96913 California Attorney General Rob Bonta Hawaii Attorney General 1300 I St., Ste. 1740 Clare E. Connors Sacramento, CA 95814 425 Queen St. Honolulu, HI 96813 Colorado Attorney General Phil Weiser Idaho Attorney General Ralph L. Carr Colorado Judicial Center Lawrence Wasden 1300 Broadway, 10th Floor 700 W. Jefferson Street, Suite 210 Denver, CO 80203 P.O. Box 83720 Boise, ID 83720-1000 Connecticut Attorney General William Tong 165 Capitol Avenue Hartford, CT 06106 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 11 of 34 - Page ID # 295
Page 4 of 6
Illinois Attorney General Massachusetts Attorney General Kwame Raoul Maura Healey James R. Thompson Ctr. 1 Ashburton Place 100 W. Randolph St. Boston, MA 02108-1698 Chicago, IL 60601 Michigan Attorney General Indiana Attorney General Dana Nessel Todd Rokita P.O. Box 30212 Indiana Government Center South 525 W. Ottawa St. 302 West Washington Street Lansing, MI 48909-0212 5th Floor Indianapolis, IN 46204 Minnesota Attorney General Keith Ellison Iowa Attorney General Suite 102, State Capital Tom Miller 75 Dr. Martin Luther King Jr. Blvd. Hoover State Office Building St. Paul, MN 55155 1305 E. Walnut Des Moines, IA 50319 Mississippi Attorney General Lynn Fitch Kansas Attorney General Department of Justice Derek Schmidt P.O. Box 220 120 S.W. 10th Ave., 2nd Fl. Jackson, MS 39205 Topeka, KS 66612-1597 Missouri Attorney General Kentucky Attorney General Eric Schmitt Daniel Cameron Supreme Ct. Bldg. 700 Capitol Avenue 207 W. High St. Capitol Building, Suite 118 Jefferson City, MO 65101 Frankfort, KY 40601 Montana Attorney General Louisiana Attorney General Austin Knudsen Jeff Landry Justice Bldg. P.O. Box 94095 215 N. Sanders Baton Rouge, LA 70804-4095 Helena, MT 59620-1401
Maine Attorney General Nebraska Attorney General Aaron Frey Doug Peterson State House Station 6 State Capitol Augusta, ME 04333 P.O. Box 98920 Lincoln, NE 68509-8920 Maryland Attorney General Brian Frosh Nevada Attorney General 200 St. Paul Place Aaron D. Ford Baltimore, MD 21202-2202 Old Supreme Ct. Bldg. 100 N. Carson St. Carson City, NV 89701 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 12 of 34 - Page ID # 296
Page 5 of 6
New Hampshire Attorney General Oregon Attorney General John Formella Ellen F. Rosenblum 33 Capitol St. Justice Bldg. Concord, NH 03301 1162 Court St., NE Salem, OR 97301 New Jersey Attorney General Gurbir S. Grewal Pennsylvania Attorney General Richard J. Hughes Justice Complex Josh Shapiro 25 Market Street, P.O. Box 080 Pennsylvania Office of Attorney General Trenton, NJ 08625 16th Floor, Strawberry Square Harrisburg, PA 17120 New Mexico Attorney General Hector Balderas Puerto Rico Attorney General P.O. Drawer 1508 Domingo Emanuelli Hernandez Santa Fe, NM 87504-1508 PO Box 9020192 San Juan, PR 00902-0192 New York Attorney General Letitia A. James Rhode Island Attorney General Department of Law - The Capitol, 2nd fl. Peter F. Neronha Albany, NY 12224 150 S. Main St. Providence, RI 02903 North Carolina Attorney General Josh Stein South Carolina Attorney General Dept. of Justice Alan Wilson P.O. Box 629 Rembert C. Dennis Office Building Raleigh, NC 27602-0629 P.O. Box 11549, Columbia, SC 29211-1549 North Dakota Attorney General Wayne Stenehjem South Dakota Attorney General State Capitol Jason Ravnsborg 600 E. Boulevard Ave. 1302 East Highway 14, Suite 1 Bismarck, ND 58505-0040 Pierre, SD 57501-8501
Ohio Attorney General Tennessee Attorney General Dave Yost Herbert H. Slatery, III State Office Tower 425 5th Avenue North 30 E. Broad St., Nashville, TN 37243 Columbus, OH 43266-0410 Texas Attorney General Oklahoma Attorney General Ken Paxton 313 NE 21st Street Capitol Station Oklahoma City, OK 73105 P.O.Box 12548 Austin, TX 78711-2548 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 13 of 34 - Page ID # 297
Page 6 of 6
U.S. Virgin Islands Attorney General Washington Attorney General Denise N. George Bob Ferguson 34-38 Kronprindsens Gade, Ste 2 1125 Washington St. SE GERS Building P.O. Box 40100 St. Thomas, Virgin Islands 00802 Olympia, WA 98504-0100
Utah Attorney General West Virginia Attorney General Sean Reyes Patrick Morrisey State Capitol, Rm. 236 State Capitol Salt Lake City, UT 84114-0810 1900 Kanawha Blvd., E. Charleston, WV 25305 Vermont Attorney General TJ Donovan Wisconsin Attorney General 109 State St. Josh Kaul Montpelier, VT 05609-1001 Wisconsin Department of Justice, State Capitol, Room 114 East Virginia Attorney General P.O. Box 7857 Mark Herring Madison, WI 53707-7857 202 North Ninth Street Richmond, VA 23219 Wyoming Attorney General Bridget Hill State Capitol Bldg. Cheyenne, WY 82002 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 14 of 34 - Page ID # 298
Exhibit B 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 15 of 34 - Page ID # 299 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 16 of 34 - Page ID # 300 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 17 of 34 - Page ID # 301 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 18 of 34 - Page ID # 302 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 19 of 34 - Page ID # 303 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 20 of 34 - Page ID # 304 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 21 of 34 - Page ID # 305 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 22 of 34 - Page ID # 306 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 23 of 34 - Page ID # 307 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 24 of 34 - Page ID # 308 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 25 of 34 - Page ID # 309 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 26 of 34 - Page ID # 310 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 27 of 34 - Page ID # 311 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 28 of 34 - Page ID # 312 8:21-cv-00070-RFR-CRZChacon v. Nebraska Medicine Doc # 21-2 Filed: 09/01/21 Page 29 ofFIRST- 34 CLASS- Page MAIL ID # 313 c/o Claims Administrator U.S. POSTAGE PAID CITY, ST PO Box 8517 PERMIT NO. XXXX Philadelphia, PA 19101-8517
<
Chacon v. Nebraska Medicine c/o Claims Administrator PO Box 8517 Philadelphia, PA 19101-8517 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 32 of 34 - Page ID # 316 < < B a r c o d e > > Class Member ID: <
Name: ______First Name M.I. Last Name
Street Address: ______
Street Address: ______
City: ______State: ______Zip Code: ______
Email Address: ______8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 33 of 34 - Page ID # 317
Exhibit C 8:21-cv-00070-RFR-CRZ Doc # 21-2 Filed: 09/01/21 Page 34 of 34 - Page ID # 318
EXCLUSION LIST
# FIRST NAME LAST NAME STATE 1 JEFFERY MARKT NE 2 MARC TOUCHTON NE 3 MICHELLE VULGAMOTT NE 8:21-cv-00070-RFR-CRZ Doc # 21-3 Filed: 09/01/21 Page 1 of 3 - Page ID # 319
Plaintiff's Memorandum In Support of Motion for Final Approval of Class Action Settlement EXHIBIT B 8:21-cv-00070-RFR-CRZ Doc # 21-3 Filed: 09/01/21 Page 2 of 3 - Page ID # 320
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEBRASKA
JOHN CHACON and LEONARD BRADLEY, CASE NO. 8:21-cv-00070-RFR-CRZ individually and on behalf of all others similarly situated,
Plaintiffs, v.
NEBRASKA MEDICINE,
Defendant.
DECLARATION OF DAVID LIETZ IN SUPPORT OF PLAINTIFFS’ MOTION FOR FINAL APPROVAL OF CLASS ACTION SETTLEMENT
I, David Lietz, being competent to testify, make the following declaration:
1. I am currently a partner of the law firm Mason Lietz & Klinger LLP (“MLK” or the “Firm”). I am appointed Class Counsel for the Settlement Class, and submit this declaration in support of Plaintiffs’ Motion for Final Approval of Class Action Settlement. Except as otherwise noted, I have personal knowledge of the facts set forth in this declaration, and could testify competently to them if called upon to do so.
2. The deadline for Settlement Class Members to object to the Settlement September
2, 2021. As of August 31, 2021, I have received zero objections to the Settlement Agreement.
* * * * * * * * * * * * *
8:21-cv-00070-RFR-CRZ Doc # 21-3 Filed: 09/01/21 Page 3 of 3 - Page ID # 321
I declare under penalty of perjury of the laws of the United States that the foregoing is true and correct, and that this declaration was executed in the District of Columbia on this 1st day of
September, 2021.
s/ David Lietz David Lietz MASON LIETZ & KLINGER LLP 5101 Wisconsin Ave. NW, Suite 305 Washington, DC 20008 Phone: (202) 429-2290 [email protected]
Attorney for Plaintiffs and the Class
2
8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 1 of 7 - Page ID # 322
Plaintiff's Memorandum In Support of Motion for Final Approval of Class Action Settlement EXHIBIT C 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 2 of 7 - Page ID # 323 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 3 of 7 - Page ID # 324 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 4 of 7 - Page ID # 325 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 5 of 7 - Page ID # 326 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 6 of 7 - Page ID # 327 8:21-cv-00070-RFR-CRZ Doc # 21-4 Filed: 09/01/21 Page 7 of 7 - Page ID # 328 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 1 of 6 - Page ID # 329
THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF NEBRASKA
JOHN CHACON and LEONARD BRADLEY, CASE NO. 8:21-cv-00070-RFR-CRZ individually and on behalf of all others similarly situated,
Plaintiffs,
v.
NEBRASKA MEDICINE,
Defendant.
[PROPOSED] ORDER GRANTING FINAL APPROVAL OF CLASS SETTLEMENT
Before the Court is Plaintiffs’ motion requesting that the Court enter an Order granting final approval of the class action Settlement involving Plaintiffs John Chacon and Leonard Bradley
(“Plaintiffs” or “Settlement Class Representatives”) and Defendant Nebraska Medicine
(“Defendant” or “Nebraska Medicine”) as fair, reasonable, and adequate.
Having reviewed and considered the Settlement Agreement and the motion for final approval of the settlement, as well as the fees motion, preliminary approval motion, and all papers and pleading on file in this matter, and having conducted a Final Approval Hearing, the Court makes the findings and grants the relief set forth below approving the Settlement upon the terms and conditions set forth in this Final Order and Judgment.
THE COURT not being required to conduct a trial on the merits of the case or determine with certainty the factual and legal issues in dispute when determining whether to approve a proposed class action settlement; and 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 2 of 6 - Page ID # 330
THE COURT makes the findings and conclusions hereinafter set forth for the limited purpose of determining whether the Settlement should be approved as being fair, reasonable, adequate and in the best interests of the Settlement Class;
IT IS ON THIS ____ day of ______2021,
ORDERED that:
1. The Settlement involves allegations in Plaintiffs’ Class Action Complaint that
Defendant failed to safeguard and protect the personally identifiable information and/or protected
health information of its patients and that this alleged failure caused injuries to Plaintiffs and the
Class.
2. The Settlement does not constitute an admission of liability by Defendant, and the
Court expressly does not make any finding of liability or wrongdoing by Defendant.
3. Unless otherwise noted, words spelled in this Order with initial capital letters have
the same meaning as set forth in the Settlement Agreement.
4. On June 4, 2021 the Court entered an Order which among other things: (a) approved
the Notice to the Settlement Class, including approval of the form and manner of notice under the
Notice Program set forth in the Settlement Agreement; (b) provisionally certified a class in this
matter, including defining the class, appointed Plaintiffs as the Settlement Class Representatives,
and appointed Settlement Class Counsel; (c) preliminarily approved the Settlement; (d); set
deadlines for opt-outs and objections; (e) approved and appointed the Claims Administrator; and
(f) set the date for the Final Approval Hearing.
5. In the Order Granting the Motion for Preliminary Approval of Class Settlement
Agreement, pursuant to Rule 23(b)(3) and 23(e), for settlement purposes only, the Court certified
the Settlement Classes, defined as follows: 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 3 of 6 - Page ID # 331
Settlement Class: The approximately 125,106 persons who were mailed notification that their PII was potentially impacted as a result of the Data Incident that occurred between August 27, 2020 and September 20, 2020; 1
Credit Monitoring Subclass: The approximately 13,497 persons who were mailed notification that their Social Security and/or driver’s license numbers were potentially accessed as a result of the Data Incident that occurred between August 27, 2020 and September 20, 2020.
6. The Court, having reviewed the terms of the Settlement Agreement submitted by
the parties pursuant to Rule 23(e), grants final approval of the Settlement Agreement and finds that the settlement is fair, reasonable, and adequate and meets the requirements of Rule 23.
7. The Settlement Agreement provides, in part, and subject to a more detailed
description of the settlement terms in the Settlement Agreement, for:
a. A process for Settlement Class Members to submit claims for compensation that will be evaluated by a Claims Administrator mutually agreed upon by Settlement Class Counsel and Defendants and approved by this Court.
b. Automatic provision of credit monitoring and identity theft restoration services to members of the Credit Monitoring Subclass.
c. Defendants to pay all Notice and Claims Administration costs.
d. Defendants to pay a Court-approved amount for attorneys’ fees, costs, and expenses of Settlement Class Counsel of $195,000.
e. Defendants to pay a Service Award of $2,000 to each of the named Plaintiffs.
8. The terms of the Settlement Agreement are fair, reasonable, and adequate and are
hereby approved, adopted, and incorporated by the Court. The Parties, their respective attorneys,
1 While the Parties originally estimated that the Settlement Class comprised of 125,902 individuals, the upon receipt of the Class List, the Settlement Administrator discovered numerous redundancies. After removing duplicates from the Data, the class numbered 125,106. See Declaration of Brian Smitheman of Kroll Administration LLC in Support of Final Approval (“Kroll Dec.”), filed herewith. The class definition has been changed from that included in the Preliminary Approval Order to reflect this information. 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 4 of 6 - Page ID # 332
and the Claims Administrator are hereby directed to consummate the Settlement in accordance
with this Order and the terms of the Settlement Agreement.
9. Notice of the Final Approval Hearing, the proposed motion for attorneys’ fees,
costs, and expenses, and the proposed Service Award payment to Plaintiffs have been provided to
Settlement Class Members as directed by this Court’s Orders, and an affidavit or declaration of
the Settlement Administrator’s compliance with the Notice Program has been filed with the Court.
10. The Court finds that such Notice as therein ordered, constitutes the best possible
notice practicable under the circumstances and constitutes valid, due, and sufficient notice to all
Settlement Class Members in compliance with the requirements of Rule 23(c)(2).
11. As of the final date of the Opt-Out Period, three potential Settlement Class
Members have submitted a valid Opt-Out Request to be excluded from the Settlement. Those
persons—Jeffrey Markt, Marc Touchton, and Michelle Vulgamott—are not bound by this Final
Order and Judgment, as set forth in the Settlement Agreement.
12. The Court has considered all the documents filed in support of the Settlement, and has fully considered all matters raised, all exhibits and affidavits filed, all evidence received at the
Final Approval Hearing, all other papers and documents comprising the record herein, and all oral arguments presented to the Court.
13. Pursuant to the Settlement Agreement, Defendants, the Claims Administrator, and the Claims Referee shall implement the Settlement in the manner and time frame as set forth therein.
14. Pursuant to the Settlement Agreement, Plaintiff and the Settlement Class Members release claims against Defendants and all Released Persons, as defined in the Settlement
Agreement, as follows: 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 5 of 6 - Page ID # 333
any and all past, present, and future claims and causes of action including, but not limited to, any causes of action arising under or premised upon any statute, constitution, law, ordinance, treaty, regulation, or common law of any country, state, province, county, city, or municipality, including 15 U.S.C. §§ 45, et seq., and all similar statutes in effect in any states in the United States; violations of the Nebraska and similar state consumer protection statutes; negligence; negligence per se; breach of contract; breach of implied contract; breach of fiduciary duty; breach of confidence; invasion of privacy; fraud; misrepresentation (whether fraudulent, negligent or innocent); unjust enrichment; bailment; wantonness; failure to provide adequate notice pursuant to any breach notification statute or common law duty; and including, but not limited to, any and all claims for damages, injunctive relief, disgorgement, declaratory relief, equitable relief, attorneys’ fees and expenses, pre-judgment interest, credit monitoring services, the creation of a fund for future damages, statutory damages, punitive damages, special damages, exemplary damages, restitution, and/or the appointment of a receiver, whether known or unknown, liquidated or unliquidated, accrued or unaccrued, fixed or contingent, direct or derivative, and any other form of legal or equitable relief that either has been asserted, was asserted, or could have been asserted, by any Settlement Class Member against any of the Released Persons based on, relating to, concerning or arising out of the Data Incident or the allegations, transactions, occurrences, facts, or circumstances alleged in or otherwise described in the Litigation.
Released Claims shall not include the right of any Settlement Class Member or any of the Released
Persons to enforce the terms of the Settlement contained in this Settlement Agreement and shall
not include the claims of those persons identified in this Order as having timely and validly
requested exclusion from the Settlement Class.
15. On the Effective Date and in consideration of the promises and covenants set forth
in this Settlement Agreement, Plaintiffs and each Settlement Class Member, will be deemed to have, and by operation of the Final Order and Judgment shall have, fully, finally, completely, and forever released and discharged the Released Persons from the Released Claims.
16. The matter is hereby dismissed with prejudice and without costs except that the
Court reserves jurisdiction over the consummation and enforcement of the Settlement.
17. In accordance with Rule 23, this Final Order and Judgment resolves all claims against all parties in this Action and is a final order. There is no just reason to delay the entry of 8:21-cv-00070-RFR-CRZ Doc # 21-5 Filed: 09/01/21 Page 6 of 6 - Page ID # 334
final judgment in this matter, and the Clerk is directed to file this Order as the final judgment in this matter.
Done and ordered this______day of ______, 2021.