Opinion
Case No. 2:18-cv-06975-ODW (KSx)
02-24-2020
MICHAEL TERPIN, Plaintiff, v. AT&T MOBILITY, LLC, et al., Defendants.
ORDER GRANTING, IN PART, AND DENYING, IN PART, DEFENDANT'S MOTION TO DISMISS [33]
I. INTRODUCTION
Defendant AT&T Mobility, LLC ("AT&T") moves to dismiss Plaintiff Michael Terpin's ("Terpin") First Amended Complaint ("FAC") (the "Motion"). (Mot., ECF No. 33.) For the reasons that follow, the Court GRANTS, IN PART, AND DENIES, IN PART, AT&T's Motion.
Having carefully considered the papers filed in connection with the Motion, the Court deemed the matter appropriate for decision without oral argument. Fed. R. Civ. P. 78; C.D. Cal. L.R. 7-15.
II. FACTUAL AND PROCEDURAL BACKGROUND
As previously set forth in the Court's July 19, 2019 Order ("July Order"), (ECF No. 29), granting in part and denying in part AT&T's motion to dismiss the original Complaint, Mr. Terpin is a prominent and well-known member of the cryptocurrency community. (FAC ¶¶ 18-19, ECF No. 32.) He is domiciled in Puerto Rico with a residence in California. (FAC ¶ 1.) On June 11, 2017, Mr. Terpin's phone suddenly became inoperable because his cell phone number had been hacked. (FAC ¶ 83.) After hackers attempted and failed eleven times to change Mr. Terpin's AT&T password in AT&T retail stores, the hackers were able to change his password remotely. (FAC ¶ 83.) Mr. Terpin alleges that this allowed the hackers to gain control of his phone number, which allowed them to divert his personal information, including telephone calls and text messages, to gain access to his accounts that use his telephone number for authentication. (FAC ¶¶ 83-84.) Mr. Terpin asserts the hackers used his telephone number to access his cryptocurrency accounts and also impersonated him by using his Skype account. (FAC ¶ 84.) By impersonating Mr. Terpin, the hackers convinced one of Mr. Terpin's clients to send them cryptocurrency and diverted the cryptocurrency to themselves. (FAC ¶ 84.) Later that day, AT&T was able to cutoff the hackers' access to Mr. Terpin's telephone number. (FAC ¶ 84.) However, by this time, the hackers had stolen substantial funds from Mr. Terpin. (FAC ¶ 84.)
Around June 13, 2017, Mr. Terpin met with AT&T representatives in Puerto Rico to discuss the hack. (FAC ¶ 85.) AT&T allegedly promised to place Mr. Terpin's account on a "higher security level with special protection." (FAC ¶ 86 (internal quotation marks omitted).) This included requiring a six-digit passcode (known only to Mr. Terpin and his wife) of anyone attempting to access or change Mr. Terpin's account settings or transfer his telephone number to another phone. (FAC ¶ 86.) Mr. Terpin maintains that he "relied upon AT&T's promises that his account would be much more secure against hacking, including SIM swap fraud, after it implemented the increased security measures," which led him to remain an AT&T customer. (FAC ¶ 88.)
On Sunday, January 7, 2018, Mr. Terpin's phone again became inoperable. (FAC ¶ 91.) Mr. Terpin alleges that an employee at an AT&T store in Norwich, Connecticut assisted an imposter with a SIM card swap. (FAC ¶¶ 90-91.) This resulted in AT&T transferring Mr. Terpin's phone number to an imposter. (FAC ¶ 91.) Mr. Terpin alleges that when his phone became inoperable, he attempted to contact AT&T to have his telephone number canceled, but AT&T failed to promptly cancel his account. (FAC ¶ 93.) By having access to Mr. Terpin's phone number, Mr. Terpin alleges that "the hackers were able to intercept Mr. Terpin's personal information, including telephone calls and text messages, change passwords, access programs and files and locate information that allowed them to gain access to his cryptocurrency wallets and/or accounts." (FAC ¶ 96.) Specifically, Mr. Terpin alleges that the hackers used a cell phone with his telephone number to send "a password reset request to [Mr. Terpin's password protected] program or programs which then sent a [2-Factor Authentication ("2FA")] message to Mr. Terpin's telephone number, which was by virtue of the SIM swap in the hackers' possession." (FAC ¶ 92.) Mr. Terpin further alleges that the hackers created new passwords, which allowed them to "locate[] a file with confidential information to access Mr. Terpin's [cryptocurrency] wallets and/or accounts." (FAC ¶ 92.) Mr. Terpin alleges that, as a result, between January 7 and 8, 2018, the hackers stole nearly $24 million worth of cryptocurrency from him. (FAC ¶ 91.)
Mr. Terpin alleges that "SIM swapping consists of tricking a provider . . . into transferring the target's phone number to a SIM card controlled by the criminal. Once they get the phone number, fraudsters can leverage it to reset the victims' passwords and break into their online accounts." (FAC ¶ 69.)
On August 15, 2018, Mr. Terpin filed his Complaint asserting sixteen causes of action. (See generally Compl., ECF No. 1.) AT&T moved to dismiss the Complaint in its entirety, which the Court granted in part and denied in part, with leave to amend. (See July Order.) On August 9, 2019, Mr. Terpin filed his FAC against AT&T alleging nine causes of action for: (1) declaratory relief that AT&T's consumer agreement is unconscionable and contrary to public policy; (2) unauthorized disclosure of customer confidential proprietary information, 47 U.S.C. §§ 206, 222; (3) deceit by concealment, California Civil Code sections 1709, 1710; (4) misrepresentation; (5) negligence; (6) negligent supervision and training; (7) negligent hiring; (8) breach of contract - privacy policy; and (9) breach of implied contracts (in the alternative to breach of express contract). (FAC ¶¶ 107-204.) AT&T now moves to dismiss the FAC in its entirety arguing that Mr. Terpin's claims still lack the requisite factual detail to survive dismissal. (See generally Mot.)
III. LEGAL STANDARD
A court may dismiss a complaint under Rule 12(b)(6) for lack of a cognizable legal theory or insufficient facts pleaded to support an otherwise cognizable legal theory. Balistreri v. Pacifica Police Dep't, 901 F.2d 696, 699 (9th Cir. 1988). To survive a dismissal motion, a complaint need only satisfy the minimal notice pleading requirements of Rule 8(a)(2)—a short and plain statement of the claim. Porter v. Jones, 319 F.3d 483, 494 (9th Cir. 2003). The factual "allegations must be enough to raise a right to relief above the speculative level." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). That is, the complaint must "contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (internal quotation marks omitted).
The determination of whether a complaint satisfies the plausibility standard is a "context-specific task that requires the reviewing court to draw on its judicial experience and common sense." Id. at 679. A court is generally limited to the pleadings and must construe all "factual allegations set forth in the complaint . . . as true and . . . in the light most favorable" to the plaintiff. Lee v. City of Los Angeles, 250 F.3d 668, 679 (9th Cir. 2001). However, a court need not blindly accept conclusory allegations, unwarranted deductions of fact, and unreasonable inferences. Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001).
Where a district court grants a motion to dismiss, it should generally provide leave to amend unless it is clear the complaint could not be saved by any amendment. See Fed. R. Civ. P. 15(a); Manzarek v. St. Paul Fire & Marine Ins. Co., 519 F.3d 1025, 1031 (9th Cir. 2008). Leave to amend may be denied when "the court determines that the allegation of other facts consistent with the challenged pleading could not possibly cure the deficiency." Schreiber Distrib. Co. v. Serv-Well Furniture Co., 806 F.2d 1393, 1401 (9th Cir. 1986). Thus, leave to amend "is properly denied . . . if amendment would be futile." Carrico v. City and Cty. of San Francisco, 656 F.3d 1002, 1008 (9th Cir. 2011).
IV. DISCUSSION
A. Proximate Cause
AT&T first moves to dismiss the FAC on the basis that Mr. Terpin fails to sufficiently allege proximate cause. (Mot. 5-10.) In its July Order partially dismissing the initial Complaint, the Court concluded that Mr. Terpin "sufficiently alleged that the [hacker/fraudster's] criminal act was reasonably foreseeable"; however, Mr. Terpin "fail[ed] to sufficiently allege proximate cause," because he did "not connect how granting the hackers/fraudsters access to [his] phone number resulted in him losing $24 million." (July Order 6.) The Court now finds that Mr. Terpin has adequately pled proximate cause and, thus, the FAC survives AT&T's motion to dismiss on that basis.
"It is a well established principle of [the common] law that in all cases of loss, we are to attribute it to the proximate cause, and not to any remote cause." Bank of Am. Corp. v. Miami, 137 S. Ct. 1296, 1305 (2017) (alteration in original) (internal quotation marks omitted). "Proximate cause is that cause which, in natural and continuous sequence, unbroken by any efficient intervening cause, produced the injury [or damage complained of] and without which such result would not have occurred." California v. Superior Court, 150 Cal. App. 3d 848, 857 (1984) (alteration in original) (internal quotation marks omitted). The proximate cause requirement "bars suits for alleged harm that is 'too remote' from the defendant's unlawful conduct." Lexmark Int'l, Inc. v. Static Control Components, Inc., 572 U.S. 118, 133 (2014).
Mr. Terpin pleads sufficient facts in the FAC to allow the Court to plausibly infer that the hackers' access to Mr. Terpin's phone number enabled them to steal his cryptocurrency. Specifically, Mr. Terpin alleges that an AT&T agent named "Jahmil Smith . . . was bribed by a criminal gang" to "fabricate information indicating that Mr. Terpin visited [an AT&T] store and showed identification." (FAC ¶¶ 8, 11.) Mr. Terpin further alleges that Smith transferred a SIM card linked to Mr. Terpin's phone number to a telephone under the hackers' control, which the hackers then used "to intercept communications, including text messages, to reset passwords for Mr. Terpin's accounts" through 2FA methods. (FAC ¶¶ 11, 12.) Finally, Mr. Terpin alleges the hackers employed 2FA "to access files under [his] accounts containing confidential information," used the confidential information to access his cryptocurrency wallets and/or exchanges, and transferred funds to cryptocurrency wallets and/or exchanges under the hackers' control. (FAC ¶¶ 8, 12.)
AT&T contends that Mr. Terpin does not plead any facts to support the assertion that 2FA was involved here because if, "for example, Mr. Terpin stored his cryptocurrency in an online wallet and that wallet provider does not employ two-factor authentication . . . the SIM swap would have little, if any, role in the alleged cryptocurrency theft." (Mot. 8.) However, Mr. Terpin does not allege the hackers used 2FA methods to crack his cryptocurrency accounts; rather, Mr. Terpin alleges the hackers used 2FA methods to access other programs and files containing "confidential information" that enabled the hackers to crack his cryptocurrency accounts. (See FAC ¶¶ 8, 11, 12, 91, 92.) AT&T disputes the sufficiency of this allegation because Mr. Terpin does not identify the specific "accounts" where he kept his confidential information. (Mot. 6-7.) The Court finds this allegation adequate, however, because Mr. Terpin alleges sufficient facts for the Court to reasonable infer the hackers may have used 2FA methods to glean Mr. Terpin's personal information from various accounts, such as email or cloud storage. (See FAC ¶¶ 12, 64, 92.) At this stage, Mr. Terpin is not required to reconstruct the precise sequence of the hack, but rather, merely establish a "natural and continuous sequence" of plausible events connecting the hackers' access to his phone number to the theft of his cryptocurrency. California, 150 Cal. App. 3d at 857.
Accordingly, the Court DENIES AT&T's motion to dismiss Mr. Terpin's eight remaining claims that rely on the $24 million in alleged damages based on sufficient proximate cause.
B. Economic Loss Doctrine (Claims 3-7)
AT&T next contends that the economic loss doctrine bars Mr. Terpin's tort claims. (Mot. 10-13.) As the Court explained in its prior order, California law generally bars tort claims for economic loss based on fraud and negligence. (July Order 12-14.) Where there is a special relationship between the parties, however, a plaintiff may recover in tort for economic losses incurred as a result of a defendant's contractual breach. See J'Aire Corp. v. Gregory, 24 Cal. 3d 799, 804 (1979). AT&T contends that Mr. Terpin has failed to allege a special relationship giving rise to a duty on its part to ensure that Mr. Terpin did not suffer purely economic losses. Under J'Aire, courts consider six factors in assessing whether the parties have the necessary special relationship to recover for tortious conduct:
In his Opposition, Mr. Terpin attempts to fashion his third cause of action—deceit by concealment—into a fraudulent inducement claim in order to except it from the economic loss rule. (See Opp'n to Mot. ("Opp'n") 15-16, ECF No. 34.) Because Mr. Terpin has not properly pled a fraudulent inducement claim in the FAC, the Court declines to address whether it is subject to the economic loss rule. Schneider v. Cal. Dep't. of Corr., 151 F.3d 1194, 1197 n.1 (9th Cir. 1998) ("In determining the propriety of a Rule 12(b)(6) dismissal, a court may not look beyond the complaint to a plaintiff's moving papers, such as a memorandum in opposition to a defendant's motion to dismiss.").
(1) the extent to which the transaction was intended to affect the plaintiff, (2) the foreseeability of harm to the plaintiff, (3) the degree of certainty that the plaintiff suffered injury, (4) the closeness of the connection between the defendant's conduct and the injury suffered, (5) the moral blame attached to the defendant's conduct and (6) the policy of preventing future harm.Id. at 804. All six factors must be considered by the court and the presence or absence of one factor is not decisive. Kalitta Air, LLC v. Cent. Tex. Airborne Sys., Inc., 315 F. App'x 603, 605-06 (9th Cir. 2008).
Applying these factors, the Court previously found that Mr. Terpin failed to plead facts showing that he had a special relationship with AT&T. Specifically, the Court noted that Mr. Terpin had sufficiently alleged "that it was foreseeable that [he] would suffer injury if AT&T did not protect his personal information" and "the degree of certain[ty] of his injury" but Mr. Terpin had not adequately pleaded "the extent to which the transaction was intended to benefit [him], the closeness of the connection between AT&T's conduct and the injury suffered, the moral blame attached to AT&T's conduct, or the policy of preventing future harm." (July Order 14.)
In an effort to satisfy the first, and fourth through sixth J'Aire factors, Mr. Terpin now alleges that: (1) Mr. Terpin had a contract with AT&T for the provision of mobile telephone services, including the ability to make telephone calls, receive text messages, access the Internet, send e-mails, and use a variety of other applications, which required Mr. Terpin to provide AT&T with his personal information; (2) AT&T's lack of adequate security measures proximately caused Mr. Terpin's damages; (3) AT&T's conduct warrants moral blame because AT&T promised to secure Mr. Terpin's personal information; and (4) holding AT&T accountable will require AT&T and other telecommunication companies to provide reasonable, reliable, and industry-standard security measures. (FAC ¶¶ 52-58, 100-06.)
First, although the contract entered into between the parties related only to mobile telephone services, Mr. Terpin was required to share his personal information with AT&T with the understanding that AT&T would adequately protect it, including the SIM card linked to his telephone number and personal data. Here, the Court finds that this exchange of personal information based on a promise of safekeeping is sufficient to satisfy the first J'Aire factor. See, e.g., In re Yahoo! Inc. Customer Data Sec. Breach Litig., 313 F. Supp. 3d 1113, 1132 (N.D. Cal. 2018) (finding the J'Aire exception applied in part because plaintiffs were required to turn over their personal information to defendants with the understanding defendants would safeguard it and inform plaintiffs of any breaches). Second, as discussed above, Mr. Terpin's damages were allegedly suffered precisely because AT&T provided inadequate security measures to protect his SIM card. Third, AT&T is morally culpable because Mr. Terpin alleges it is "[a]ware of the vulnerability of its customers in having their [p]ersonal [i]nformation stolen through SIM swapping" but AT&T "has done nothing to prevent that practice, including enforcing its own privacy policy and adhering to its promises to provide special or additional protection to its customers' accounts." (FAC ¶ 105.) Fourth, and finally, AT&T's failure to adequately protect Mr. Terpin's personal information implicates the consumer data protection concerns expressed in federal statutes, such as Section 222 of the Federal Communications Act ("FCA"). See 47 U.S.C. § 222.
Based on these allegations, Mr. Terpin has adequately pleaded a "special relationship" with AT&T. Accordingly, the Court DENIES AT&T's motion to dismiss Mr. Terpin's fraud and negligence claims based on the economic loss rule. AT&T asserts additional arguments for the dismissal of Mr. Terpin's deceit by concealment and misrepresentation claims; therefore, the Court turns to these arguments next.
C. Deceit by Concealment (Claim 3)
Under California law, a plaintiff may assert a claim for deceit by concealment based on "[t]he suppression of a fact, by one who is bound to disclose it, or who gives information of other facts which are likely to mislead for want of communication of that fact." Cal. Civ. Code § 1710(3). An action for fraud and deceit based on concealment has five elements:
(1) the defendant must have concealed or suppressed a material fact, (2) the defendant must have been under a duty to disclose the fact to the plaintiff, (3) the defendant must have intentionally concealed or suppressed the fact with the intent to defraud the plaintiff, (4) the plaintiff must have been unaware of the fact and would not have acted as he did if he had known of the concealed or suppressed fact, and
(5) as a result of the concealment or suppression of the fact, the plaintiff must have sustained damage.In re Yahoo!, 313 F. Supp. 3d at 1133. AT&T challenges only two elements, arguing that Mr. Terpin fails to sufficiently plead duty or reliance in connection with his deceit by concealment claim. (Mot. 13-15.) First, the Court addresses Mr. Terpin's allegations regarding AT&T's duty to disclose.
California law recognizes four circumstances in which an obligation to disclose may arise: "(1) when the defendant is in a fiduciary relationship with the plaintiff; (2) when the defendant had exclusive knowledge of material facts not known to the plaintiff; (3) when the defendant actively conceals a material fact from the plaintiff; and (4) when the defendant makes partial representations but also suppresses some material facts." LiMandri v. Judkins, 52 Cal. App. 4th 326, 336 (1997).
Mr. Terpin fails to sufficiently allege a duty to disclose. The gravamen of Mr. Terpin's concealment claim is that AT&T hid the fallibility of its data security system from him (FAC ¶¶ 139-145), but as AT&T indicates, it did in fact disclose the limits of its security to Mr. Terpin. Mr. Terpin's AT&T contract specifically states that AT&T "cannot guarantee that your Personal Information will never be disclosed in a manner inconsistent with [AT&T's] Policy (for example, as the result of unauthorized acts by third parties that violate the law or this Policy)." (FAC, Ex. B at 96). Mr. Terpin contends that AT&T had "exclusive knowledge of the vulnerability of its security practices," but many of Mr. Terpin's own allegations regarding the prevalence of SIM swap fraud in the cryptocurrency community suggest the exact opposite. (See Opp'n 16-17; see also FAC ¶¶ 59-82.) Further, the FAC is devoid of specific allegations of "affirmative acts" AT&T took "in hiding, concealing, or covering up" its imperfect security. Czuchaj v. Conair Corp., 2014 WL 1664235, at *6 (S.D. Cal. Apr. 18, 2014) (citation omitted). As such, Mr. Terpin's allegations are insufficient to state a claim for deceit by concealment.
Having found no duty to disclose, the Court does not address whether Mr. Terpin sufficiently pleads reliance on AT&T's alleged non-disclosure.
Accordingly, the Court GRANTS AT&T's motion to dismiss Mr. Terpin's third claim, with leave to amend. As the Court previously noted, although Mr. Terpin is given leave to amend, he should not replead this claim if he cannot cure these deficiencies.
D. Misrepresentation (Claim 4)
To state an intentional misrepresentation claim under California law, Mr. Terpin must plead: "(1) misrepresentation; (2) knowledge of falsity; (3) intent to defraud or to induce reliance; (4) justifiable reliance; and (5) resulting damage." Yastrab v. Apple Inc., 173 F. Supp. 3d 972, 977-78 (N.D. Cal. 2016). Mr. Terpin avers that AT&T intentionally misrepresented material facts concerning the reliability of its data security system in its Privacy Policy and Code of Business Conduct ("COBC"). Mr. Terpin also alleges that AT&T "failed to disclose that it did not adhere to its own standards, including the heightened security standards" of requiring a six-digit passcode of anyone attempting to access or change Mr. Terpin's account settings. (FAC ¶ 152.) Mr. Terpin maintains that AT&T's promises of data security led him to remain an AT&T customer. (FAC ¶ 152.)
Mr. Terpin's FAC allegations fail to state an intentional misrepresentation claim for two reasons. First, as AT&T points out, Mr. Terpin does not allege that he actually read AT&T's Privacy Policy or COBC, which makes Mr. Terpin's allegation that he reasonably relied on the statements contained therein implausible. See, e.g., In re Yahoo! Inc. Customer Data Sec. Breach Litig., No. 19-MD-02752-LHK, 2017 WL 3727318, at *27-28 (N.D. Cal. Aug. 30, 2017) (dismissing affirmative misrepresentation claim because plaintiffs did not allege that they "actually read" defendant's Privacy Policy). Second, Mr. Terpin does not allege that AT&T intended to ignore its heightened security protocol when it represented to Mr. Terpin that it would require a six-digit passcode before allowing changes to his account. See Tarmann v. State Farm Mut. Auto. Ins. Co., 2 Cal. App. 4th 153, 158-59 (1991) (holding that intentional misrepresentation claim based on a false promise requires plaintiff to plead that "the promisor did not intend to perform at the time he or she made the promise and that it was intended to deceive or induce the promisee to do or not do a particular thing."); see also Las Palmas Assocs. v. Las Palmas Ctr. Assocs., 235 Cal. App. 3d 1220, 1238 (1991) ("A promise to do something necessarily implies the intention to perform, and, where such an intention is absent, there is an implied misrepresentation of fact, which is actionable fraud."). Therefore, Mr. Terpin's allegations fall short of pleading actionable fraud.
Because Mr. Terpin fails to allege knowledge of falsity and justifiable reliance, the Court GRANTS AT&T's motion to dismiss the fourth claim, with leave to amend in the event Mr. Terpin can plead that he actually relied upon the statements in AT&T's Privacy Policy and COBC or that AT&T never intended to adhere to its heightened security protocols. See Leadsinger, Inc. v. BMG Music Publ'g, 512 F.3d 522, 532 (9th Cir. 2008) (ruling leave to amend proper when amendment is not futile).
E. Breach of Implied Contract (Claim 9)
AT&T renews its motion to dismiss Mr. Terpin's claim for breach of implied contract on the basis that he failed to sufficiently plead conduct that could manifest agreement to particular terms of an implied contract. (See Mot. 16-18.)
In California, the elements of a claim for breach of an express or implied contract are the same. Gomez v. Lincare, Inc., 173 Cal. App. 4th 508, 525 (2009). To state a claim for breach of an implied contract, a plaintiff must allege facts sufficient to establish: (1) the existence of a contract; (2) performance by the plaintiff or excuse for nonperformance; (3) breach by the defendant; and (4) damages. First Commercial Mortg. Co. v. Reece, 89 Cal. App. 4th 731, 745 (2001). In an implied contract, the existence and terms of the contract are manifested by the parties' conduct. Cal. Civ. Code § 1621.
Mr. Terpin pleads his breach of implied contract claim as an alternative to his breach of contract claim. (FAC ¶ 202.) He realleges that AT&T breached the implied contracts "by failing to adhere to the terms of the applicable Privacy Policy and COBC . . . to maintain the confidentiality and security of the Personal Information of Mr. Terpin." (FAC ¶ 203.) However, Mr. Terpin fails again to sufficiently allege the parties' conduct that forms the basis of the implied contract. The Court previously found Mr. Terpin's allegation that his "opening of an AT&T wireless account . . . created implied contracts" too conclusory to state a claim. (July Order 15.) Mr. Terpin now alleges in his FAC that "the opening of and the ongoing and continued use of an AT&T wireless account by Mr. Terpin created . . . implied contracts." (FAC ¶ 202.) This allegation is equally insufficient to state a valid claim for breach of implied contract.
Accordingly, Mr. Terpin's ninth claim is DISMISSED with prejudice.
F. Punitive Damages
Mr. Terpin seeks punitive damages in connection with his claims for deceit by concealment (Claim 3), misrepresentation (Claim 4), negligence (Claim 5), negligent supervision and training (Claim 6), and negligent hiring (Claim 7). (FAC ¶¶ 149, 156, 166, 179, 192.) AT&T argues that Mr. Terpin has not adequately pleaded that he is entitled to punitive damages. (Mot. 19-21.)
AT&T advances two arguments in support of dismissal of Mr. Terpin's claims for punitive damages. First, AT&T argues that Mr. Terpin has not alleged that an officer, director, or agent of AT&T committed or ratified an oppressive, fraudulent, or malicious act. Second, AT&T argues that Mr. Terpin's negligence claims are ineligible for punitive damages.
By statute, where a plaintiff proves "by clear and convincing evidence that the defendant has been guilty of oppression, fraud, or malice, the plaintiff, in addition to the actual damages, may recover [punitive] damages." Cal. Civ. Code § 3294(a). Nevertheless, a corporate entity cannot commit willful and malicious conduct; instead, "the advance knowledge and conscious disregard, authorization, ratification or act of oppression, fraud, or malice must be on the part of an officer, director, or managing agent of the corporation." Id. § 3294(b); Taiwan Semiconductor Mfg. Co. v. Tela Innovations, Inc., No. 14-CV-00362-BLF, 2014 WL 3705350, at *6 (N.D. Cal. July 24, 2014) ("[A] company simply cannot commit willful and malicious conduct—only an individual can."). Therefore, Mr. Terpin must plead that an officer, director, or managing agent of AT&T committed or ratified an act of oppression, fraud, or malice.
Mr. Terpin alleges no facts showing that an officer, director, or managing agent of AT&T knew about or ratified the alleged wrongful conduct of which he complains. The FAC includes no allegations to suggest that the sole bad actor Mr. Terpin points to—Jahmil Smith—"exercise[d] substantial discretionary authority over decisions that ultimately determine[d] corporate policy." Cruz v. HomeBase, 83 Cal. App. 4th 160, 167 (2000). Mr. Terpin alleges that high-ranking AT&T executives pledged in the COBC to protect AT&T customers' personal information, but fails to connect these executives to any tortious conduct. (FAC ¶¶ 55-57.) Thus, Mr. Terpin has not alleged sufficient facts regarding AT&T's corporate misconduct to support a prayer for punitive damages. Accordingly, Mr. Terpin's request for punitive damages is DISMISSED with leave to amend.
Consequently, the Court does not address the propriety of Mr. Terpin seeking punitive damages for his negligence claims. --------
G. Declaratory Relief (Claim 1); Doe Defendants
AT&T moves to dismiss Mr. Terpin's claim for declaratory relief on the basis that Mr. Terpin's other claims should not survive for the reasons above. (Mot. 18.) As Mr. Terpin's damages claims partially survive the Motion, Mr. Terpin's request for declaratory relief (Claim 1) survives as well.
In addition, the Court GRANTS AT&T's motion to dismiss Mr. Terpin's Doe Defendants, with leave to amend in accordance with Local Rule 19-1. (See Mot. 18-19); C.D. Cal. L.R. 19-1.
V. CONCLUSION
For the reasons discussed above, the Court GRANTS, IN PART, and DENIES, IN PART, AT&T's Motion to Dismiss (ECF No. 33). Mr. Terpin may amend the FAC to address the deficiencies identified above within twenty-one (21) days from the date of this Order.
IT IS SO ORDERED.
February 24, 2020
/s/ _________
OTIS D. WRIGHT, II
UNITED STATES DISTRICT JUDGE