From Casetext: Smarter Legal Research

In re Brinker Data Incident Litig.

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA JACKSONVILLE DIVISION
Apr 14, 2021
Case No. 3:18-cv-686-TJC-MCR (M.D. Fla. Apr. 14, 2021)

Summary

In Brinker the court ruled that a party's expert could “continue researching and vetting data sources for accurate numbers to use in the final damages calculation” for a putative class.

Summary of this case from Papasan v. Dometic Corp.

Opinion

Case No. 3:18-cv-686-TJC-MCR

04-14-2021

In re Brinker Data Incident Litigation


ORDER

This data breach class action is again before the Court, this time in the context of a motion for class certification and a related motion to exclude expert opinions and testimony. Three Named Plaintiffs bring this class action after their payment card and personal information was stolen from Defendant Brinker International, Inc. by hackers.

I. FACTS AND PROCEDURAL POSTURE

A. Facts

The Court has detailed the facts of this case in prior orders (Docs. 65, 92, 122), but several new facts have come to light with additional discovery. In short, Brinker, the parent company that owns Chili's restaurants, experienced a data breach where customers' personal and payment card information was stolen. (Doc. 95 ¶¶ 1-2). Three Named Plaintiffs, Shenika Theus, Michael Franklin, and Eric Steinmetz, seek to represent themselves and those similarly situated in a class action against Brinker. Id. at 1. Plaintiffs seek compensation for the inability to use payment cards, lost time, and other out-of-pocket expenses associated with the breach. Id. ¶¶ 9-12.

In December 2017, hackers breached Brinker's back office systems through a vulnerable access point earlier identified in an informal risk assessment conducted by Brinker. (Doc. 131-3 ¶ 7). In March 2018, using the previously breached access point, hackers placed malware on Brinker's systems. Id. Between March 2018 and April 2018, hackers stole both customer payment card data and personally identifiable information. (Doc. 131 at 1-2). This will hereafter be referred to as "the Data Breach." Different Chili's restaurants were affected at different times. (Doc. 141 at 13). In May 2018, Brinker was notified that "card data had been leaked from their corporate-owned Chili's restaurants and sold on Joker Stash, a known marketplace for stolen payment card data." (Docs. 95 ¶ 2; 146-6 at 8). Plaintiffs represent that all of the up to 4.5 million cards stolen from Brinker were found on Joker Stash. (Doc. 165 at 26:6-12, 27:4-9).

Shenika Theus is a resident of Texas, where she used her payment card on or about March 31, 2018 at a Chili's in Garland, Texas. (Doc. 95 ¶¶ 17, 31). Theus incurred five unauthorized charges on her account, after which she contacted her bank, cancelled her card, and disputed the charges. Id. ¶ 32. Theus was also charged a fee "when her account had insufficient funds to satisfy a [utility] bill." (Doc. 141 at 16).

Michael Franklin is a resident of California, where he used his payment card to make two separate purchases at Chili's restaurants: once on March 17, 2018 in Carson, California and again on April 22, 2018 in Lakewood, California. (Doc. 95 ¶¶ 18, 36). Franklin incurred two unauthorized charges on his account, after which he cancelled his card, spent between five and six hours speaking to bank representatives, and visited the Chili's locations to request receipts. Id. ¶¶ 37-40.

Eric Steinmetz is a resident of Nevada, where he used his payment card on or about April 4, 2018 at a Chili's in North Las Vegas, Nevada. Id. ¶¶ 19, 42. Steinmetz spent time speaking with the Chili's location, Chili's national office, credit reporting agencies, and his bank. Id. ¶¶ 43-44.

B. Procedural Posture

Plaintiffs filed suit on May 24, 2018 (Doc. 1), after which the Court consolidated two related cases on October 30, 2018 (Doc. 31). Plaintiffs filed a Second Amended Consolidated Class Action Complaint (Doc. 39), which Brinker moved to dismiss (Doc. 48). The Court issued an order holding that all Plaintiffs had standing except those alleging only future injuries. (Doc. 65 at 15-18). The Court also requested briefing on choice of law and deferred ruling on Brinker's Rule 12(b)(6) motion. Id. at 19-20. The parties submitted a Joint Notice of Choice of Law Briefing Preference, but the parties were unable to agree on what law governed. (Doc. 68). The Court then issued an order granting in part and denying in part Brinker's Rule 12(b)(6) motion to dismiss. (Doc. 92).

Plaintiffs filed a Third Amended Complaint (Doc. 95), and Brinker moved to dismiss the new claims and Plaintiffs' requests for injunctive relief (Doc. 99). The Court dismissed the new claims and again affirmed that Plaintiffs had standing but held that any future injuries were too speculative; thus, the Court dismissed any requests for injunctive relief. (Doc. 122 at 10-11). The surviving claims include (1) breach of implied contract, (2) negligence, (3) violation of California's Unfair Competition Law ("UCL") Unlawful Business Practices (for alleged violations of the FTC Act and California Civil Code § 1798.81.5), and (4) violation of California's UCL Unfair Business Practices. (Doc. 92 at 6-7, 59-60).

This case is now before the Court on Plaintiffs' Motion for Class Certification (Doc. 131) and Brinker's Motion to Exclude Expert Opinions and Testimony of Daniel J. Korczyk (Doc. 142). On February 25, 2021, the Court held a hearing on the motions, the record of which is incorporated herein. (Doc. 165). Plaintiffs seek to certify two classes: (1) a Nationwide Class for the breach of implied contract and negligence claims and (2) a California Statewide Class for the California consumer protection claims. (Doc. 131 at 1). Because Brinker's Motion to Exclude Expert Opinions and Testimony is critical to Plaintiffs' Motion for Class Certification, the Court will begin its discussion there.

II. DAUBERT MOTION

Plaintiffs' expert, Daniel J. Korczyk, is offered to show that a common method of calculating class members' damages exists for purposes of predominance under Federal Rule of Civil Procedure 23(b)(3). (Doc. 132-1 ¶ 16). Brinker filed a Daubert motion to exclude Korczyk's testimony (Doc. 142), to which Plaintiffs responded (Doc. 152), and Brinker replied (Doc. 154).

Under Federal Rule of Evidence 702, an expert witness may testify if (1) the expert's "specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue;" (2) "the testimony is based on sufficient facts or data;" (3) "the testimony is the product of reliable principles and methods;" and, (4) "the expert has reliably applied the principles and methods to the facts of the case." The party offering the expert witness carries the burden of proof to satisfy the elements by a preponderance of the evidence. Rink v. Cheminova, Inc., 400 F.3d 1286, 1292 (11th Cir. 2005). District courts serve as gatekeepers to ensure juries hear only reliable and relevant information. See Daubert v. Merrell Dow Pharm., Inc., 509 U.S. 579, 597 (1993). However, exclusion is not done lightly: "[v]igorous cross-examination, presentation of contrary evidence, and careful instruction on the burden of proof are the traditional and appropriate means of attacking shaky but admissible [expert] evidence." Daubert, 509 U.S. at 596.

Korczyk graduated from Notre Dame and has a Master of Finance from DePaul University. (Doc. 132-1 ¶ 2). Korczyk is a Certified Public Accountant and holds several accreditations including one in business valuations and another in financial forensics from the American Institute of Certified Public Accountants. Id. Korczyk has almost forty years' experience in public accounting, including serving as a lead case analyst in other data breach actions where he was also tasked with finding a common method to calculate damages. (Docs. 132-1 ¶ 2; 152-5 ¶ 43). To create his damages methodology, Korczyk solicited assistance from other professionals at his financial advisory services firm, with whom he worked on the other data breach cases. (Doc. 132-1 ¶¶ 1, 3, 14-15).

According to Korczyk, a lead case analyst works under the testifying expert. (Doc. 152-5 at 14 n.52).

Brinker argues Korczyk has no expertise in this area because he has only worked on data breach cases involving financial institution plaintiffs (Doc. 142 at 5-6); however, the calculations required in the financial institution cases are similar to those needed here as they also included the valuation of replacing compromised cards and reimbursing fraudulent charges, see In re Sonic Corp. Customer Data Breach Litig., No. 1:17-md-02807-JSG, 2020 WL 6701992, at *7 (N.D. Ohio Nov. 13, 2020) (certifying class in which Korczyk served as a lead case analyst under the damages expert to create a damages model, see (Doc. 152-5 ¶ 43)). Further, Korczyk's expertise would be helpful to a jury because it provides a starting point to decide damages in a context unfamiliar to many. The Court finds that Korczyk possesses "specialized knowledge" that "will help the trier of fact to understand the evidence or to determine a fact in issue." Fed. R. Evid. 702; see also Daubert, 509 U.S. at 589-90.

Brinker spends most of its time disputing the reliability of Korczyk's methodology, first arguing that it is not based on sufficient facts or data because it is "predicated on his review of random, unverified, non-peer reviewed internet articles that his staff located through basic Google searches." (Doc. 142 at 13). However, Korczyk sufficiently supports his decisions; many of his online sources are government or other reputable websites. (Doc. 132-1 at 32-33).

Brinker also argues that the methodology is (1) overinclusive and is not based on reliable principles and methods and (2) not accurately applied to the facts here. (Doc. 142 at 6-8). Under Korczyk's damages methodology, all class members would receive a standard dollar amount for lost opportunities to accrue rewards points (whether or not they used a rewards card), the value of cardholder time (whether or not they spent any time addressing the breach), and out-of-pocket damages (whether or not they incurred any out-of-pocket damages). Id. at 12-13. Korczyk employs an averages method to compute damages, reasoning that the delta between class members' damages is minimal irrespective of the type of card used or time spent. (Doc. 152-5 at 7). As with any averages calculation, over or under inclusivity is going to be a risk, but the Supreme Court has approved the use of averages methods to calculate damages. See Tyson Foods, Inc. v. Bouaphakeo, 577 U.S. 442, 459-61 (2016) (holding that a damages expert testifying to the average time spent donning and doffing protective equipment was permitted and enough to show predominance, and that the persuasiveness of the average as a reflection of the time actually worked was a matter for a jury). Further, as Korczyk states, at this point his testimony is offered to show that a reliable damages calculation methodology exists, not to calculate class members' damages. (Doc. 152-5 ¶¶ 37-38). Korczyk states he will continue researching and vetting data sources for accurate numbers to use in the final damages calculation. Id. ¶ 38. At the motion for class certification stage, Korczyk's methodology is sufficiently supported by data, reliable, and reliably applied.

III. CLASS CERTIFICATION

Plaintiffs seek certification of two Rule 23(b)(3) damages classes or in the alternative, various Rule 23(c)(4) issues classes. (Doc. 131 at 1, 24). Brinker responded in opposition (Doc. 141), and Plaintiffs replied (Doc. 148). Plaintiffs' proposed classes are as follows:

All persons residing in the United States who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (the "Nationwide Class").

All persons residing in California who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (the "California Statewide Class").
(Doc. 131 at 1).

All class actions must meet the prerequisites found in Federal Rule of Civil Procedure 23(a), which are (1) numerosity, (2) commonality, (3) typicality, and (4) adequacy of representation and one of the three requirements in 23(b). Rule 23(c)(4) also allows class certification with respect to particular issues. A district court must conduct a "rigorous analysis" to determine whether the requirements of Rule 23 have been met. Brown v. Electrolux Home Prod., Inc., 817 F.3d 1225, 1234 (11th Cir. 2016) (quoting Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338, 350-51 (2011)). The party seeking class certification has the burden of proof and must affirmatively show compliance with Rule 23. Wal-Mart, 564 U.S. at 350. A court should only consider the merits of the underlying claim to the extent "that they are relevant to determining whether the Rule 23 prerequisites for class certification are satisfied." Amgen Inc. v. Connecticut Ret. Plans & Tr. Funds, 568 U.S. 455, 466 (2013).

A. Standing

Despite the Court addressing standing in this case twice now (Docs. 65, 122), it must engage in the inquiry again. See Griffin v. Dugger, 823 F.2d 1476, 1482 (11th Cir. 1987) ("[A]ny analysis of class certification must begin with the issue of standing . . . ."). Standing requires a plaintiff to have "(1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision." Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1547 (2016), as revised (May 24, 2016) (citing Lujan v. Defs. of Wildlife, 504 U.S. 555, 560-61 (1992)). Plaintiffs bear the burden of establishing the elements of standing "in the same way as any other matter on which the plaintiff bears the burden of proof, i.e., with the manner and degree of evidence required at the successive stages of the litigation." Lujan, 504 U.S. at 561. Plaintiffs must "affirmatively demonstrate [their] compliance with [Rule 23];" therefore, Plaintiffs must demonstrate that at least one Plaintiff for both the Nationwide and California Classes possesses standing. Wal-Mart, 564 U.S. at 350; see also Cordoba v. DIRECTV, LLC, 942 F.3d 1259, 1273 (11th Cir. 2019); Fla. Pediatric Soc'y/ Fla. Chapter of Am. Acad. of Pediatrics v. Benson, No. 05-23037-CIV-JORDAN, 2009 WL 10668660, at *2 n.3 (S.D. Fla. Sept. 30, 2009) ("At the class certification stage, the plaintiffs need only make an allegation, supported by 'factual proffers' such as affidavits, that a plaintiff has standing." (citing Prado-Steiman ex rel. Prado v. Bush, 221 F.3d 1266, 1280 (11th Cir. 2000))).

Further, the Eleventh Circuit recently issued a decision regarding standing in the data breach context. See Tsao v. Captiva MVP Rest. Partners, LLC, 986 F.3d 1332 (11th Cir. 2021). In Tsao, the plaintiff used his payment card at two PDQ restaurants during a time when PDQ was subject to a data breach by hackers. Id. at 1335. The plaintiff did not allege that he incurred fraudulent charges, but after PDQ announced the breach, he cancelled his payment cards and spent time speaking with his bank. Id. at 1335-36. The Eleventh Circuit first held that any future risk of identity theft was too speculative to confer standing. Id. at 1344. The Eleventh Circuit then held that without evidence or alleged facts showing that there was some misuse of the plaintiff's data, the plaintiff did not have standing because "[t]he mitigation costs [the plaintiff] allege[d] are inextricably tied to his perception of the actual risk of identity theft following the . . . data breach." Id. at 1344-45. The Eleventh Circuit reasoned that the plaintiff could not "conjure standing . . . by inflicting injuries on himself to avoid an insubstantial, non-imminent risk of identity theft." Id. at 1345.

Consistent with the Eleventh Circuit's view, the Court, in previous orders, already dismissed Named Plaintiffs who alleged only future injuries (Doc. 65), but the Court is considering the issue of potential "manufactured injuries" for the first time here. Given the timing of the Tsao decision, the parties did not have an opportunity to address the case in their briefs, but they were able to argue the case at the hearing.

Brinker's primary argument is that Plaintiffs have not met their evidentiary burden to establish standing. (Doc. 141 at 18-20). Plaintiffs state that they have demonstrated standing in their responses to Brinker's Motion to Dismiss. (Doc. 131 at 6). In their Reply in Support of Class Certification, Plaintiffs point to Brinker's evidence to establish standing (Doc. 148 at 3), and at the hearing, Plaintiffs further supported their standing arguments with additional evidence (Doc. 165).

Under Tsao, while Plaintiffs need not show actual misuse of their data, Plaintiffs must show some misuse to justify their injuries. See Tsao, 986 F.3d at 1344. The Eleventh Circuit did not clarify what constitutes "some misuse," but it seemed to acknowledge that non-conclusory specific allegations of unauthorized charges would meet this standard. Id. at 1343. Here, Theus and Franklin have met the Tsao standard because they both allege and testify that they experienced unauthorized charges on their accounts after the Data Breach. (Docs. 95 ¶¶ 32, 39-40; 146-2 at 90:11-25; 146-7 at 91:9-19). Steinmetz does not allege that he experienced any fraudulent charges, and in a deposition, he confirmed he had no unauthorized charges on his account. (Doc. 146-4 at 144:6-14). However, Plaintiffs assert that all of the payment card information taken in the Data Breach is on the dark web. (Doc. 165 at 26:6-12, 27:4-9). Evidence of Plaintiffs' information being posted on the dark web is likely enough to show actual misuse and it certainly meets the standard of some misuse. See Tsao, 986 F.3d at 1344. Because Plaintiffs have shown evidence of some misuse, Plaintiffs' alleged actual injuries as a result of the Data Breach are not manufactured. See id. at 1345.

In addition, all Plaintiffs allege and have testified that they experienced actual injuries including late fees due to insufficient funds or time spent replacing cards and traveling to the bank. (Docs. 146-2 at 42:10-14; 146-4 at 160:20-161:7; 146-7 at 46:5-9; 148 at 3); see also Lujan, 504 U.S. at 560-61. These injuries are fairly traceable to the Data Breach and could be redressed by a favorable judicial decision. See Lujan, 504 U.S. at 560-61. Thus, Plaintiffs have met their burden to establish standing. Cf. In re Checking Account Overdraft Litig., 275 F.R.D. 666, 670-71 (S.D. Fla. 2011) ("In making the decision, the Court . . . may consider the factual record in deciding whether the requirements of Rule 23 are satisfied." (citing Valley Drug Co. v. Geneva Pharms., Inc., 350 F.3d 1181, 1188 n.15 (11th Cir.2003))).

B. Rule 23 Threshold Requirements

Before a district court may grant a motion for class certification, a plaintiff seeking to represent a class must establish two threshold requirements: (1) that the proposed class is "adequately defined and clearly ascertainable," Little v. T-Mobile USA, Inc., 691 F.3d 1302, 1304 (11th Cir. 2012), and (2) that the representative plaintiffs are a part of the class, E. Texas Motor Freight Sys. Inc. v. Rodriguez, 431 U.S. 395, 403 (1977). While many courts merge these requirements with other Rule 23(a) requirements, the Court discusses these requirements as a threshold matter to clarify the exact class the Court is certifying.

1. With a few revisions, Plaintiffs' proposed class is adequately defined and clearly ascertainable.

A class is ascertainable "if it is adequately defined such that its membership is capable of determination." Cherry v. Dometic Corp., 986 F.3d 1296, 1304 (11th Cir. 2021). Plaintiffs can rely on a defendant's records, but the records should be "useful for identification purposes," and identification should be "administratively feasible." Karhu v. Vital Pharm., Inc., 621 F. App'x 945, 948 (11th Cir. 2015). However, the Eleventh Circuit has held that ascertainability does not require administrative feasibility. Cherry, 986 F.3d at 1304. Further, the class definition must be adequately defined. The Eleventh Circuit has refused to adopt a rule regarding whether a class definition is overbroad if it includes uninjured plaintiffs. See Cordoba, 942 F.3d at 1275-76 (noting the Seventh Circuit's rule that a class is properly defined so long as it is apparent that the class does not contain a "great many" uninjured persons (quoting Kohen v. Pac. Inv. Mgmt. Co. LLC, 571 F.3d 672, 677 (7th Cir. 2009))). Instead, the Eleventh Circuit has instructed district courts to address the issue of potential individualized issues of standing with respect to the class as a whole in the predominance analysis. Id. at 1277.

Brinker argues that the class is not ascertainable because Plaintiffs' method of identifying class members relies on an individualized self- identification process and that the definition is overbroad because it includes possibly many uninjured class members. (Doc. 141 at 21-25). Plaintiffs argue the class is ascertainable because it does not rely on self-identification, instead it relies on Brinker's transaction records and Fiserv's, the processor of the cards, records of the cards pulled off the dark web. (Docs. 148 at 4; 165 at 50:1-10). Brinker and Fiserv's records are useful for identification purposes and identification is administratively feasible because Plaintiffs can use Brinker's records to identify individuals who used payment cards at affected locations during affected times and Fiserv's records to show which cards were on the dark web. See Karhu, 621 F. App'x at 948. While some individuals identified through these records may be in the proposed class despite not having experienced any injuries (overdraft fees, time spent, etc.), a simple modification to the class definition remedies this issue.

While the class is ascertainable as written, the Court finds that the class definition should be narrowed to prevent both the definition from being overbroad, and to prevent predominance issues regarding standing. 7A CHARLES ALAN WRIGHT & ARTHUR R. MILLER, FEDERAL PRACTICE AND PROCEDURE § 1760 (3d ed. 2020) ("[A Court] has discretion to limit or redefine the class in an appropriate manner to bring the action within Rule 23."). The Court clarifies that class members' data must have been "accessed by cybercriminals" and that class members must have "incurred reasonable expenses or time spent in mitigation of the consequences of the Data Breach," such that the new definitions are as follows:

All persons residing in the United States who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (March and April 2018) who: (1) had their data accessed by cybercriminals and, (2) incurred reasonable expenses or time spent in mitigation of the consequences of the Data Breach (the "Nationwide Class").

All persons residing in California who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (March and April 2018) who: (1) had their data accessed by cybercriminals and, (2) incurred reasonable expenses or time spent in mitigation of the consequences of the Data Breach (the "California Statewide Class").

These clarifiers avoid later predominance issues regarding standing and the inclusion of uninjured individuals because now individuals are not in the class unless they have had their data "misused" per the Eleventh Circuit's Tsao decision, either through experiencing fraudulent charges or it being posted on the dark web. See Tsao, 986 F.3d at 1344. Further, under the revised definition, individuals must have some injury in the form of out-of-pocket expenses or time spent to be a part of the class. While these clarifiers might make ascertaining the class more difficult as some self-identification may be required, it does not make it impossible; thus, ascertainability continues to be satisfied under the new class definition. See Cherry, 986 F.3d at 1304.

2. Named Plaintiffs are in the class.

Another threshold requirement of Rule 23 is that the representative plaintiffs be a part of the class. E. Texas Motor Freight Sys. Inc., 431 U.S. at 403 ("[A] class representative must be part of the class and possess the same interest and suffer the same injury as the class members." (quotation marks omitted)). Here, Plaintiffs offer as evidence a report conducted by an independent data investigator which details when each Chili's restaurant around the nation was affected by the breach. (Docs. 146-1; 155-3; 165 at 24:10-15). Individuals who dined at locations within the affected period are likely in the class; however, the report is imperfect as several of the dates could not be validated. (Doc. 146-1 at 32). The following table shows when Plaintiffs allegedly dined at their various restaurants, and the relevant period for those restaurants:

Name

Location

Date Dined

Affected Period

Theus

Chili'sFirewheelGarland, TX(Docs. 95 ¶ 30;146-7 at 76:24-78:7)

On or aboutMarch 31, 2018(Doc. 95 ¶ 31)

March 22, 2018-April 22,2018(Doc. 146-1 at 9)

Franklin

Carson, CA(Doc. 95 ¶¶ 35-36)

On or aboutMarch 17, 2018(Doc. 95 ¶¶ 35-36)

March 30, 2018-April 22,2018 (Doc. 146-1 at 32)

Franklin

Lakewood, CA(Doc. 95 ¶¶ 35-36)

On or about April22, 2018(Doc. 95 ¶¶ 35-36)

March 22, 2018-April 21,2018 (Doc. 146-1 at 32)

Steinmetz

North LasVegas, NV(Docs. 95 ¶ 42;146-4 at128:17-129:4)

On or about April4, 2018(Doc. 95 ¶ 42)

April 4, 2018- April 21,2018 (Doc. 146-1 at 25)

Franklin's first transaction would not qualify him for the class without additional evidence, as he dined several days outside the affected time range. Franklin's second transaction, while currently one day outside the range, is a "could not validate date" entry. (Doc. 146-1 at 32). Looking at the totality of the evidence, including the unauthorized charges on Franklin's account after the breach (Doc. 95 ¶ 37), and the proximity of the second transaction to the projected affected period, the Court finds Franklin is a part of the class.

Theus and Steinmetz are in the class because they dined at affected locations during affected periods. Brinker argues Steinmetz is not in the class because there is a question of fact as to the exact date he dined. (Doc. 141 at 10). The date alleged in the Third Amended Complaint is the date reflected in the above chart, but in a deposition, Steinmetz testified that he dined on April 3, 2018, and in an interrogatory, he testified that he dined on April 2, 2018. (Doc. 146-4 at 130:10, 129:21-23). Regardless of the fact question, the Court finds that Steinmetz is in the class because the alleged date is within the affected time frame and the testified-to dates are very close to the affected time frame. If facts showing otherwise arise later, the Court will reevaluate whether any Named Plaintiffs should be dismissed.

If evidence later shows that Steinmetz is not in the class, Theus could still represent the Nationwide Class.

C. Rule 23(a) Requirements

Rule 23(a) requires a class (1) be "so numerous that joinder of all members is impracticable;" (2) have "questions of law or fact common to the class;" (3) have representative parties with "claims or defenses" that "are typical of the claims or defenses of the class;" and, (4) have representative parties that "will fairly and adequately protect the interests of the class." These requirements are commonly known as numerosity, commonality, typicality, and adequacy of representation; each are discussed in turn below.

1. Numerosity is satisfied.

"Although mere allegations of numerosity are insufficient to meet this prerequisite, a plaintiff need not show the precise number of members in the class." Evans v. U.S. Pipe & Foundry Co., 696 F.2d 925, 930 (11th Cir. 1983). Here, numerosity is satisfied because evidence shows that the number of compromised cards could be as high as 4.5 million. (Docs. 131 at 8; 155-2 at 5).

Other district courts have expressed reservations in finding numerosity in data breach cases. See In re Hannaford Bros. Co. Customer Data Sec. Breach Litig., 293 F.R.D. 21, 26 (D. Me. 2013) ("I am certainly concerned that if this case proceeds as a class action, few class members will ultimately be interested in taking the time to file the paperwork necessary to obtain the very small amount of money that may be available if there is a recovery."). While the court in Hannaford held that numerosity was satisfied, it also expressed its concerns with another data breach case from Texas, In re Heartland Payment Sys., Inc. Customer Sec. Breach Litig., 851 F. Supp. 2d 1040 (S.D. Tex. 2012). In Heartland, there were over 130 million claimants, but after settlement only 290 individuals filed claims, only 11 of which were valid. Hannaford, 293 F.R.D. at 26 (citing Heartland, 851 F. Supp. at 1050). The Hannaford court ultimately held that since there is no precedent regarding the consideration of potential class member disinterest, the court would not consider it in deciding numerosity. Id. The Court agrees that it should not consider how many of the claimants may not be interested in participating. Thus, the numerosity requirement is met.

2. Commonality is satisfied.

"Commonality requires the plaintiff to demonstrate that the class members 'have suffered the same injury[.]'" Wal-Mart, 564 U.S. at 349-50 (quoting Gen. Tel. Co. of Sw. v. Falcon, 457 U.S. 147, 157 (1982)). Plaintiffs must show that a "common contention" exists that is "capable of classwide resolution" such that a "determination of its truth or falsity will resolve an issue that is central to the validity of each one of the claims in one stroke." Id. at 350. Further, commonality does not require that every question of law or fact be common, only that common questions exist. Id. at 359 ("We quite agree that for purposes of Rule 23(a)(2) [e]ven a single [common] question will do." (quotation marks omitted) (alterations in original)).

Plaintiffs offer several questions that are common to the class and capable of classwide resolution, including whether Brinker had a duty to protect customer data, whether Brinker knew or should have known its data systems were susceptible, and whether Brinker failed to implement adequate data security measures to protect customers' data. (Doc. 131 at 9). In particular, the final question is common to every claim in both the proposed Nationwide Class and the proposed California Statewide Class. Commonality is satisfied.

3. Typicality is satisfied.

The commonality and typicality analyses often overlap as they are both focused on "whether a sufficient nexus exists between the legal claims of the named class representatives and those of individual class members to warrant class certification." Prado-Steiman ex rel., 221 F.3d at 1278. "Traditionally, commonality refers to the group characteristics of the class as a whole and typicality refers to the individual characteristics of the named plaintiff in relation to the class." Id. at 1279. Typicality is satisfied if "the claims or defenses of the class and the class representative arise from the same event or pattern or practice and are based on the same legal theory." Kornberg v. Carnival Cruise Lines, Inc., 741 F.2d 1332, 1337 (11th Cir. 1984). Further, "[d]ifferences in the amount of damages between the class representative and other class members does not affect typicality." Id.

Here, all Plaintiffs' injuries arise out of the same series of events, the Data Breach (Doc. 95 ¶ 9), and all of their stolen information was posted on Joker Stash (Doc. 165 at 26:6-12, 27:4-9). Further, Plaintiffs all allege the same claims (Doc. 95 ¶¶ 39, 42, 57, 63, 67), and like each other class member they must show that Brinker was negligent, breached an implied contract, or violated California's UCL, and that Brinker's conduct caused their damages, which are alleged to be similar. Because the only difference between Named Plaintiffs and putative class members is the amount of damages, typicality is satisfied. See Kornberg, 741 F.2d at 1337.

4. Adequacy of representation is satisfied.

"Adequacy of representation means that the class representative has common interests with unnamed class members and will vigorously prosecute the interests of the class through qualified counsel." Piazza v. Ebsco Indus., Inc., 273 F.3d 1341, 1346 (11th Cir. 2001) (citations and quotation marks omitted). This analysis includes two inquiries: "(1) whether any substantial conflicts of interest exist between the representatives and the class; and (2) whether the representatives will adequately prosecute the action." Valley Drug Co., 350 F.3d at 1189 (quoting In re HealthSouth Corp. Securities Litigation, 213 F.R.D. 447, 460-461 (N.D. Ala. 2003)). Plaintiffs request that the Court appoint Theus, Franklin, and Steinmetz as Class Representatives, and Federman & Shorewood, Morgan & Morgan Complex Litigation Group, and LippSmith LLP as Class Counsel. (Doc. 131 at 13-14).

Two of Plaintiffs' interim class counsel, Graham B. LippSmith and Jaclyn L. Anderson were formerly associated with Kasdan LippSmith Weber Turner LLP. (Doc. 151).

Adequacy of representation is satisfied because there is no evidence of any conflicts and the Named Plaintiffs have been actively involved in the litigation, including engaging in both lengthy interrogatories and depositions. (Docs. 146-2, 146-3, 146-4, 146-7, 146-8). Further, class counsel is qualified to prosecute this case. Rule 23(g) requires a court to appoint class counsel that will "fairly and adequately represent the interests of the class." Courts must consider (1) "the work counsel has done in identifying or investigating potential claims;" (2) "counsel's experience in handling class actions, other complex litigation, and the types of claims asserted in the action;" (3) "counsel's knowledge of the applicable law;" and, (4) "the resources that counsel will commit to representing the class . . . ." Fed. R. Civ. P. 23(g)(1). Here, class counsel is vigorously prosecuting the case and they all have extensive experience in handling class actions. (Doc. 131-1).

D. Rule 23(b)(3) Damages Class

One of the most compelling justifications for a class action is the possibility of negative value suits; Rule 23(b)(3) class actions allow the "vindication of the rights of groups of people who individually would be without effective strength to bring their opponents into court at all." Amchem Prod., Inc. v. Windsor, 521 U.S. 591, 617 (1997) (citations and quotation marks omitted); see also Rutstein v. Avis Rent-A-Car Sys., Inc., 211 F.3d 1228, 1240 n.21 (11th Cir. 2000). A Rule 23(b)(3) "damages class" is appropriate if "the court finds that the questions of law or fact common to class members predominate over any questions affecting only individual members, and that a class action is superior to other available methods for fairly and efficiently adjudicating the controversy." Fed. R. Civ. P. 23(b)(3) (emphasis added).

1. Predominance is satisfied.

"Even if the court can identify common questions of law or fact, . . . [t]he predominance inquiry . . . is far more demanding than Rule 23(a)'s commonality requirement." Vega v. T-Mobile USA, Inc., 564 F.3d 1256, 1270 (11th Cir. 2009) (citations and quotation marks omitted) (alterations in original). "[W]here . . . plaintiffs must still introduce a great deal of individualized proof or argue a number of individualized legal points to establish most or all of the elements of their individual claims, such claims are not suitable for class certification under Rule 23(b)(3) . . . ." Id. (quoting Klay v. Humana, Inc., 382 F.3d 1241, 1255 (11th Cir. 2004), abrogated in part on other grounds by Bridge v. Phoenix Bond & Indem. Co., 553 U.S. 639 (2008)). While the Court finds that predominance is satisfied, several issues warrant discussion.

In addition to the arguments detailed below, Brinker argues that whether an implied contract existed between Brinker and class members is an individualized inquiry that defeats predominance. (Doc. 141 at 30-33). The cases cited are non-binding and factually dissimilar, and the argument was not further developed at the hearing. The Court finds this argument meritless.

i. Standing

Whether excessive uninjured persons are included in the class is analyzed under predominance. See Cordoba, 942 F.3d at 1277. If proving class member standing will require individualized proof, predominance is likely not satisfied. See id. at 1277. The Court has narrowed Plaintiffs' class definition to include only those individuals who have had their data "accessed by cybercriminals" and those that have "incurred reasonable expenses or time spent in mitigation of the consequences of the Data Breach." These additions eliminate concerns of a lack of predominance as to standing because individuals are not in the class unless they have had both their data misused and incurred reasonable expenses or wasted time. See Tsao, 986 F.3d at 1344. Plaintiffs have also offered a common method of showing misuse through the use of Brinker and Fiserv's records.

See the Court's discussion on ascertainability above.

ii. Choice of Law

Choice of law is only an issue for the Nationwide Class as California law applies to the California Statewide Class. (Doc. 131 at 1). The application of different states' laws often precludes a finding of predominance. See e.g., Teggerdine v. Speedway, LLC, No. 8:16-CV-03280-T-27TGW, 2018 WL 2451248, at *5-6 (M.D. Fla. May 31, 2018); Shepherd v. Vintage Pharm., LLC, 310 F.R.D. 691, 699-700 (N.D. Ga. 2015). However, the Eleventh Circuit has held that while "class certification is impossible where the fifty states truly establish a large number of different legal standards governing a particular claim" if "a claim is based on a principle of law that is uniform among the states, class certification is a realistic possibility." Klay, 382 F.3d at 1261-62. In the data breach context, the financial institution class actions certified have not suffered from choice of law issues. See Smith v. Triad of Alabama, LLC, No. 1:14-CV-324-WKW, 2017 WL 1044692, at *13 (M.D. Ala. Mar. 17, 2017), on reconsideration in part, 2017 WL 3816722 (M.D. Ala. Aug. 31, 2017) (certifying data breach class action, but only Alabama law applied); In re Sonic Corp., 2020 WL 6701992, at *6-8 (certifying data breach class action, but only Oklahoma law applied).

Under Florida choice of law rules, the "most significant relationship" test applies to tort claims. Green Leaf Nursery v. E.I. DuPont De Nemours & Co., 341 F.3d 1292, 1301 (11th Cir. 2003). In applying this test, courts consider "(a) the place where the injury occurred, (b) the place where the conduct causing the injury occurred, (c) the domicile, residence, nationality, place of incorporation and place of business of the parties, and (d) the place where the relationship, if any, between the parties is centered." Id. (citations and quotation marks omitted). For contract claims, Florida courts apply the "lexi loci contractus" rule which states that "issues concerning the validity and substantive obligations of contracts are governed by the law of the place where the contract is made." Trumpet Vine Invs., N.V. v. Union Capital Partners I, Inc., 92 F.3d 1110, 1119 (11th Cir. 1996).

Plaintiffs assert that Florida law applies to the negligence and breach of implied contract claims and Brinker asserts that Texas law applies to the negligence claim and all fifty states' laws apply to the breach of implied contract claim. (Doc. 165 at 34:11-14, 38:7-19). Either Florida or Texas law will apply to the negligence claim under the "most substantial relationship" test, so that claim is not a concern for manageability or predominance.

Plaintiffs base their argument that only Florida law applies to their breach of implied contract claim on dicta from Singer v. AT & T Corp., 185 F.R.D. 681, 691-92 (S.D. Fla. 1998) ("The case upon which AT & T relies merely stands for the proposition that the forum state cannot automatically apply its laws if it materially conflicts with the law of another state and there is no apparent connection to the forum state."), arguing that because state breach of implied contract laws do not materially differ and because Brinker has connections to Florida, Florida law should apply. (Doc. 131 at 18-20). Plaintiffs fail to clarify how this principle interacts with Florida choice of law rules including lexi loci contractus. While the Court is not tasked with deciding choice of law issues at this stage, there is more than a mere a possibility that all fifty states' laws will apply to the breach of implied contract claim, so Plaintiffs must show that the class will be manageable despite the potential application of multiple states' laws.

The possibility that all fifty states' laws will apply to a claim has concerned other courts considering class certification in the data breach context with financial institution plaintiffs. See S. Indep. Bank v. Fred's, Inc., No. 2:15-CV-799-WKW, 2019 WL 1179396, at *13-19 (M.D. Ala. Mar. 13, 2019). In S. Indep. Bank, the court held that the plaintiffs "must prove through an extensive analysis . . . that there are no material variations among the law of the states for which certification is sought." Id. at *14 (citations and quotation marks omitted); see also Sacred Heart Health Sys., Inc. v. Humana Military Healthcare Servs., Inc., 601 F.3d 1159, 1180 (11th Cir. 2010) (stating that in cases where all fifty states' laws might apply, the party seeking class certification must "provide an extensive analysis of state law variations to reveal whether these pose insuperable obstacles" (quotation marks omitted)). The plaintiffs in S. Indep. Bank submitted two tables, one showing that each jurisdiction recognizes the basic elements of negligence and another representing one version of each state's economic loss rule. Id. at *18. The court held that the plaintiffs failed to meet their burden to conduct an extensive analysis and that the variations in negligence law and the economic loss doctrine among the fifty states were unmanageable. Id.

Plaintiffs submitted two charts detailing the differences in states' negligence and breach of implied contract laws. (Docs. 156-1, 156-2). Similar to the lackluster tables in S. Indep. Bank, Plaintiffs' breach of implied contract chart only details what must be pled to allege the existence of an implied contract, not what must be proven to show the breach of an implied contract. See (Doc. 156-1). Plaintiffs have failed to engage in the extensive analysis required by the Eleventh Circuit to show that a class action adjudicating a breach of implied contract claim in this case is manageable. See Sacred Heart, 601 F.3d at 1180.

Thus, the Court's certification of the Nationwide Class will be limited to Plaintiffs' negligence claim. If Plaintiffs wish to pursue a Nationwide Class claim based on their breach of implied contract theory, they must complete a trial plan detailing how the Court will manage a class action applying all fifty states' laws to the breach of implied contract claim. The trial plan should provide an extensive analysis of all fifty states' laws regarding breach of implied contract claims so the Court may determine whether there are material differences among states' laws. In addition, the trial plan should address the commonalities and differences among the state laws and propose a method of grouping the laws so that the Court may apply the state laws effectively and efficiently if needed. Brinker will be entitled to respond in opposition to the trial plan. Should the Court find that the trial plan is sufficient, the Court can determine whether to amend its class certification to include the breach of implied contract claim.

On February 2, 2021, five months after the deadline for filing the motion for class certification (Doc. 102), Plaintiffs' counsel filed two exhibits inadvertently left off the initial class certification filing (Doc. 156). The two exhibits are Plaintiffs' charts detailing the differences among states' laws regarding negligence (Doc. 156-2), and breach of implied contract (Doc. 156-1). The charts were cited in Plaintiffs' class certification motion as "Exhibit B" and "Exhibit C" but in the initial filing, other unrelated exhibits were labeled under the same names. Id. Plaintiffs noticed their mistake after providing the Court with other missing documents requested by the Court. Id. at 4. On February 5, 2021, Brinker moved to strike the state law chart exhibits as untimely (Doc. 159), and Plaintiffs responded (Doc. 163).
In light of the Court's ruling on the state law applicability to the negligence claim, and the requirement that Plaintiffs file a trial plan on state laws as applied to the breach of implied contract claim, the motion to strike is moot. The trial plan will subsume the state law charts so they are now immaterial.

iii. Causation and Damages

Issues of causation often lead to predominance concerns, see City of St. Petersburg v. Total Containment, Inc., 265 F.R.D. 630, 635-36 (S.D. Fla. 2010), but individual issues of damages typically do not defeat predominance, Allapattah Servs., Inc. v. Exxon Corp., 333 F.3d 1248, 1261 (11th Cir. 2003), aff'd sub nom. Exxon Mobil Corp. v. Allapattah Servs., Inc., 545 U.S. 546 (2005). However, "there are . . . extreme cases in which computation of each individual's damages will be so complex, fact-specific, and difficult that the burden on the court system would be simply intolerable . . . ." Klay, 382 F.3d at 1260.

Causation issues arise here because Franklin used his payment card in 2017 at a Whole Foods during a Whole Foods' data incident. (Doc. 141. at 14). Franklin experienced fraudulent charges after using his card at Whole Foods, but he did not cancel the card. Id. at 14-15. The card Franklin used at Whole Foods was the same card Franklin used at Chili's during the Data Breach, calling into question whether the Data Breach caused Franklin's damages. Id. at 14. Plaintiffs urge the Court to follow the reasoning of other courts that have categorized this issue not as a causation issue, but as an amount-of-damages issue, lowering the relative amount of damages the plaintiff received. See (Doc. 148 at 6-7); see also S. Indep. Bank, 2019 WL 1179396, at *11, *19-21 (stating that "[d]efendant's causation arguments [regarding plaintiff's data being subject to multiple breaches] are ultimately damages arguments" but denying class certification because the damages issue required individualized proof). The Court is partially persuaded by the S. Indep. Bank court, but it acknowledges that the line between causation and damages in this context is blurry. As hackers become more advanced, the number of data breaches will likely increase, which means the likelihood that customers will be subject to multiple data breaches is also increasing. See 140 AM. JUR. Trials § 327 (February 2021 update) ("Data breaches are an increasing problem for all businesses and a significant concern for consumers and others whose data is in the hands of these companies."). Labeling the multiple breach issue as only a causation issue or only an amount-of-damages issue creates a false dichotomy and "is not a particularly useful method for deciding predominance." See In re Hannaford Bros., 293 F.R.D. at 31. At this stage, the Court finds the multiple breach issue not a disqualifying causation issue, but rather to be determined at the damages phase.

Whether the Data Breach caused Plaintiffs' damages will largely not be a concern for predominance because the important common question will be whether Brinker's conduct led to the posting of putative class members' personal and payment card information on Joker Stash. If it has, class members then just have to show that they took reasonable measures to mitigate the consequences of the breach.

Plaintiffs' expert, Korczyk, offers a common method of calculating damages that allows the Court to determine individual class members' damages in a non-complex and non-burdensome way. See (Doc. 132-1 at 5). In his Rebuttal Declaration, Korczyk states that his damages methodology properly includes payment cards that may have been breached prior to the Data Breach because "Card-Issuing Financial Institutions, without exception, have told [him that] they work diligently to remove data breach compromised cards from circulation." (Doc 152-5 ¶ 41). While this statement is one that likely would be heavily debated on cross-examination and may be discredited by a jury, it shows for class certification purposes that a common method of addressing causation and damages exists. In addition, if a jury decides that Korczyk's methodology is not an accurate reflection of multiple-breach class members' damages, other common methods of calculating damages exist, including using an average relative reduction in damages. Most data breaches are very similar to one another, such that a jury may find that a relative average reduction in damages for every class member that has been subjected to other data breaches is appropriate. As discussed above, the Supreme Court has approved the use of averages methods to calculate damages, see Tyson Foods, 577 U.S. 459-61, and the same rationale could apply here.

At this stage, causation and damages do not require significant individualized proof such that individual questions predominate over common ones. While the specifics of the damages calculation will be left to later proceedings, if it becomes obvious at any time that the calculation of damages (including accounting for multiple data breaches) will be overly burdensome or individualized, the Court has the option to decertify the class.

2. Superiority is satisfied.

Rule 23(b)(3) provides four factors pertinent to a superiority discussion: (1) "the class members' interests in individually controlling the prosecution or defense of separate actions;" (2) "the extent and nature of any litigation concerning the controversy already begun by or against class members;" (3) "the desirability or undesirability of concentrating the litigation of the claims in the particular forum;" and (4) "the likely difficulties in managing a class action." The factors create a balancing test such that no one factor is dispositive. See Cherry, 986 F.3d at 1304-05. The manageability inquiry should focus "on whether a class action 'will create relatively more management problems than any of the alternatives,' not whether it will create manageability problems in an absolute sense." Id. at 1304 (quoting Klay, 382 F.3d at 1273). The Eleventh Circuit recently held that whether class members can be identified in an administratively feasible manner should be considered under manageability. See id. "'Administrative feasibility' means 'that identifying class members is a manageable process that does not require much, if any, individual inquiry.'" Bussey v. Macon Cty. Greyhound Park, Inc., 562 F. App'x 782, 787 (11th Cir. 2014) (quoting Newberg on Class Actions § 3.3 at 164 (5th ed. 2012)). The Eleventh Circuit has also held that the manageability factor should consider the potential quantum of evidence each unknown class member will need to bring if significant individualized issues exist. See Vega, 564 F.3d at 1278. Further, when weighing the superiority factors, the Eleventh Circuit has considered whether the case is a negative value case. See Carriuolo v. Gen. Motors Co., 823 F.3d 977, 989 (11th Cir. 2016) (finding superiority when over 1,000 individuals had individual cases of low economic value).

Here, the first three factors all weigh in favor of superiority being satisfied because significant litigation has proceeded, and allowing class members to bring claims as one class will provide an efficient method of adjudication while continuing to move along this almost three-year-old case. Further, manageability is satisfied because identification of class members will be administratively feasible given Brinker and Fiserv's records, and despite that some individual proof may be required to establish causation and damages, the majority of issues will be subject to common proof. This class action will be far easier to manage than individual trials because a class action will allow for the sharing of resources and rendering of uniform decisions that cannot be achieved through individual trials. Most importantly, class members' claims, similar to the claims in Carriuolo, are numerous and of low value. See Carriuolo, 823 F.3d at 989. This case is the classic negative value case; if class certification is denied, class members will likely be precluded from bringing their claims individually because the cost to bring the claim outweighs the potential payout. Thus, not only is a class action a superior method of bringing Plaintiffs' claims, it is likely the only way Plaintiffs and class members will be able to pursue their case. See Smith, 2017 WL 1044692, at *15. Superiority is satisfied.

See the Court's discussion regarding predominance above. --------

E. Rule 23(c)(4) Issues Class

In the alternative to a Rule 23(b)(3) certification, Plaintiffs request certification of various Rule 23(c)(4) issues classes. (Doc. 131 at 24-25). Given that the Court is certifying the class under Rule 23(b)(3), a Rule 23(c)(4) class is unnecessary.

V. CONCLUSION

Though this class action is not perfectly composed, on balance, the Court finds it to be an appropriate (and perhaps the only) vehicle for adjudication of the claims of Chili's customers whose personal data was stolen. The Court acknowledges it may be the first to certify a Rule 23(b)(3) class involving individual consumers complaining of a data breach involving payment cards, but it is also one of the first to consider the issue as many individual data breach cases do not reach this point either due to settlement or other disposition. See In re Target Corp. Customer Data Sec. Breach Litig., 309 F.R.D. 482, 485, 490 (D. Minn. 2015) (certifying financial institution data breach case, but noting that the consumer class action settled); Tsao, 986 F.3d at 1345 (dismissing consumer data breach class action for lack of standing). Plaintiffs have satisfied all of the requirements of Rule 23.

Accordingly, it is hereby

ORDERED:

1. The Court DENIES Defendant Brinker International Inc.'s Motion to Exclude Expert Opinions and Testimony of Daniel J. Korczyk. (Doc. 142).

2. Plaintiffs' Motion for Class Certification is GRANTED in part and DEFERRED in part. (Doc. 131).

a. The Court CERTIFIES the following class for Plaintiffs' negligence claim only:

All persons residing in the United States who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (March and April 2018) who: (1) had their data accessed by cybercriminals and, (2) incurred reasonable expenses or time spent in mitigation of the consequences of the Data Breach (the "Nationwide Class").

b. The Court CERTIFIES the following class for all the California state Unfair Competition Law claims:

All persons residing in California who made a credit or debit card purchase at any affected Chili's location during the period of the Data Breach (March and April 2018) who: (1) had their data accessed by cybercriminals and, (2) incurred reasonable expenses or time spent in mitigation
of the consequences of the Data Breach (the "California Statewide Class").

c. The Court DEFERS ruling on class certification with respect to Plaintiffs' breach of implied contract claim.

d. The Court GRANTS Plaintiffs' Motion to Appoint Shenika Theus, Michael Franklin, and Eric Steinmetz as Class Representatives, and Plaintiffs' Motion to Appoint Federman & Sherwood, Morgan & Morgan Complex Litigation Group, and LippSmith LLP as Class Counsel.

3. If Plaintiffs wish to pursue a Nationwide Class claim on their breach of implied contract theory, Plaintiffs shall file a trial plan no later than May 21, 2021. The trial plan should provide: (1) an extensive analysis of the commonalities and differences among state breach of implied contract laws; (2) a proposed method of grouping the laws so that the Court may apply the state laws effectively and efficiently if needed; and (3) an analysis of any other trial management issues associated with Plaintiffs' breach of implied contract claim.

4. No later than June 21, 2021, Brinker may file a response to Plaintiffs' trial plan.

5. The Court DENIES as moot Brinker's Motion to Strike Late-Filed Exhibits. (Doc. 159).

6. No later than June 21, 2021, the parties shall jointly file a Case Management Report detailing how the Court should proceed.

DONE AND ORDERED in Jacksonville, Florida the 14th day of April, 2021.

/s/_________

TIMOTHY J. CORRIGAN

United States District Judge cm
Copies: Counsel of record


Summaries of

In re Brinker Data Incident Litig.

UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA JACKSONVILLE DIVISION
Apr 14, 2021
Case No. 3:18-cv-686-TJC-MCR (M.D. Fla. Apr. 14, 2021)

In Brinker the court ruled that a party's expert could “continue researching and vetting data sources for accurate numbers to use in the final damages calculation” for a putative class.

Summary of this case from Papasan v. Dometic Corp.
Case details for

In re Brinker Data Incident Litig.

Case Details

Full title:In re Brinker Data Incident Litigation

Court:UNITED STATES DISTRICT COURT MIDDLE DISTRICT OF FLORIDA JACKSONVILLE DIVISION

Date published: Apr 14, 2021

Citations

Case No. 3:18-cv-686-TJC-MCR (M.D. Fla. Apr. 14, 2021)

Citing Cases

Savidge v. Pharm-Save, Inc.

As Plaintiffs note, another court out of the Middle District of Florida deemed Korczyk sufficiently qualified…

Papasan v. Dometic Corp.

(Obj. 12.) For that proposition, they cite to In re Brinker Data Incident Litigation, No.…