Export Compliance Daily is a Warren News publication.
‘Email Bombings’ Case

Judge Compels Verizon Plaintiffs to Arbitration, Citing Account Agreement

U.S. District Judge Paul Oetken in Manhattan signed an order Sept. 30 (docket 1:21-cv-10432) staying the 2021 class-action complaint against Verizon for a 2020 data breach while compelling two of the three plaintiffs to pursue their claims against the carrier through arbitration.

Sign up for a free preview to unlock the rest of this article

Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.

The three plaintiffs, all Verizon Wireless business accounts, experienced “email bombings” in late 2020 when an unknown party began sending tens of thousands of emails per hour to their primary business accounts “to hide legitimate emails in a deluge of spam,” said Oetken’s order. All three as a result were “late to discover” fraudulent purchases on their accounts, it said.

The plaintiffs allege the email bombings and subsequent fraud “were the direct result of a breach of Verizon’s business server and Verizon’s failure to guard their confidential information, including email addresses,” said the order. They further allege that thousands of other businesses have been similarly injured by Verizon and that similar data breaches may be continuing, it said.

Verizon moved to compel the plaintiffs to resolve their claims through arbitration, citing terms in an account agreement two of them had signed agreeing to arbitrate all disputes. No signed account agreement Verizon signed with the third plaintiff could be found, said Oetken’s order. He found the account agreement contained an enforceable arbitration clause, and decided that the plaintiffs’ claims fell “within its scope.”

Oetken also rejected plaintiffs’ arguments that the account agreement expressly exempts from arbitration claims relating to the data breach. Because the unauthorized disclosure of confidential information through the 2020 data breach “is a past event rather than a present or future threat,” the plaintiffs “cannot rely on the arbitration carve-out” in the account agreement to avoid arbitration,” said the judge. Though the plaintiffs reference that thousands of potential class members were victims of the data breach, and similar incursions may be ongoing against other businesses across the country, they “cannot rely on theoretical claims of potential class members to sidestep the express terms of the arbitration agreement,” he said.