January 31, 2023

Volume XIII, Number 31


January 30, 2023

Subscribe to Latest Legal News and Analysis

Second Colonial Pipeline Data Incident Litigation Filed on Behalf of. . . . Over Ten Thousand Gas Stations?

CPW covered the Colonial Pipeline cyberattack earlier this year, in which a ransomware attack carried out by cybercriminals crippled the Colonial Pipeline’s functionality.  The Pipeline was taken offline as a remedial measure, causing significant gasoline shortages across the Eastern United States (as a reminder, the Colonial Pipeline supplies the east coast of the United States with gasoline.  The pipeline is a critical part of U.S. petroleum infrastructure, transporting around 2.5 million barrels per day of gasoline, diesel fuel, heating oil and jet fuel.  It stretches 5,500 miles and carries nearly half of the East Coast’s fuel supply).

In the wake of the cyberattack, owners of the Colonial Pipeline were hit with a putative class action that was filed in federal court in Georgia.  Dickerson v. CDCP Colonial Partners, L.P., Case No. 1:21-cv-02098 (N.D. Ga.).  Plaintiffs in Dickerson alleged that the owners of the Colonial Pipeline failed “to properly secure the Colonial Pipeline’s critical infrastructure – leaving it subjected to potential ransomware attacks like the one that took place on May 7, 2021.”  Plaintiffs allege that the Defendants “failed to implement and maintain reasonable security measures, procedures, and practices appropriate to the nature and scope of [Defendants’ business operations]” (emphasis supplied).

The end of last month, a second putative class action complaint was filed concerning the Colonial Pipeline attack, EZ Mart 1, LLC v. Colonial Pipeline Company, Case No. 1:21-cv-02522 (N.D. Ga.).  As in the previous suit, we again see an allegation that the Defendants “failed to implement and maintain reasonable security procedures and practices appropriate to operating the Pipeline” (emphasis added).  This is raised in the context of an alleged “duty to adopt reasonable measures to ensure the continued and uninterrupted operation of the Pipeline,” as the “Pipeline is essential infrastructure and a vital artery for the distribution of fuel to most of the eastern United States.”

In this case, Plaintiff here seeks to certify a class action “on behalf of the more than 11,000 gas stations negatively impacted by the Ransomware Attack” that “experienced a fuel shortage, an increase in price paid for gasoline, or an inability to sell fuel to their customers as a result of the Ransomware Attack.”  And again, just like in Dickerson, the damages claimed arise not from the exposure of private information, but from increased gas prices caused by the pipe shutdown.  Is the start of a trend casting consumer pricing class actions in the framework of a cybersecurity incident by plaintiffs lawyers?  Time will tell.

This case raises the difficult questions for the Plaintiff looming in Dickerson (standing, whether a duty was owed, issues of causation).  Still, these cases could have a major impact on the future of data privacy/cybersecurity litigation, and it will be important to keep an eye on any major developments.

© Copyright 2023 Squire Patton Boggs (US) LLPNational Law Review, Volume XI, Number 195

About this Author

Kristin L. Bryan Litigation Attorney Squire Patton Boggs Cleveland, OH & New York, NY
Senior Associate

Kristin Bryan is a litigator experienced in the efficient resolution of contract, commercial and complex business disputes, including multidistrict litigation and putative class actions, in courts nationwide.

She has successfully represented Fortune 15 clients in high-stakes cases involving a wide range of subject matters.

As a natural extension of her experience litigating data privacy disputes, Kristin is also experienced in providing business-oriented privacy advice to a wide range of clients, with a particular focus on companies handling customers’ personal data. In this...

Dan Lonergan Litigation Attorney Squire Patton Boggs Cleveland, OH

Dan Lonergan is an associate in the Litigation Practice Group, where he works with our other practice group members on a variety of litigation matters.

Prior to joining the firm, Dan served as an associate editor of Case Western Reserve University Law Review. In his final year of law school, he practiced in the university’s criminal defense clinic, representing clients charged with misdemeanor offenses.