Symantec wins dismissal of suit over software vulnerability

Haskins v. Symantec Corp, No. 13-01834, 2014 U.S. Dist. LEXIS 75348, 2014 WL 2450996 (N.D. Cal June 2, 2014).

In 2006, hackers stole the source code for several of Symantec’s antivirus programs. The breach was not publicized until 2012, when the hackers announced their theft. Kathleen Haskins brought a putative class action against Symantec on behalf of all purchasers of the affected software, claiming that Symantec’s failure to publicize the theft violated the California Consumer Legal Remedies Act and Unfair Competition Act and breached an implied contract, and also alleging a breach of money received.

On August 23, 2013, the Northern District of California dismissed Ms. Haskins’s first amended complaint without prejudice. 2013 U.S. Dist. LEXIS 120376, 2013 WL 4516179. On December 1, while holding that downloaded or otherwise purchased software is a chattel under the California Legal Remedies Act, the court dismissed Ms. Haskins’s second amended complaint, again allowing her to amend her pleading. 2013 U.S. Dist. LEXIS 169865, 2013 WL 6234610.

On June 2, the court dismissed Ms. Haskins’s third amended complaint with prejudice. The court found that both consumer protection claims failed because Ms. Haskins had not pleaded that she relied on a specific advertisement or had been exposed to a long-term advertising campaign. Ms. Haskins also did not adequately allege the facts necessary to establish the existence of an implied contract. And the existence of a software license agreement negated Ms. Haskins’s claim for money received.