Menu Close

A putative class action has been in various stages of litigation, in both state and federal courts since 2015, against Berkshire Hathaway Homestate Insurance Company, its wholly owned subsidiary Cypress Insurance Company, Zenith Insurance Company, the defense lawfirm of Knox Ricksen, LLP, and others.alleging that the defendants illegally “hacked” confidential information about workers’ compensation claimants to use to defend claims pending before the WCAB.

Palmdale based HQSU Sign Up Services, Inc. was the centerpiece of the compromised data. HQSU is allegedly paid a pre-negotiated flat fee to provide “administrative services” for clients unable to come to an attorney’s office due to physical, financial, or transportation limitations, and to.assist attorneys signing a retainer agreement and filling out an In-Take Packet with personal information. HQSU then uploads the documents to its allegedly username and password-protected website.

The alleged “hacking” of the HQSU files was first suspected during an in-chambers hearing in a worker’s compensation case before Presiding Judge Paige Levy. The case was being defended by Knox Ricksen. Knox Ricksen’s attorneys allegedly revealed they had Mr. Casillas’ attorney-privileged In-Take Packet. Judge Levy ruled it was attorney client privileged and ordered it to be returned.

Allegedly the downloading of documents from HQ Sign Up compromised approximately 32,500 intake sheets, in addition to the Casillas documents. Plaintiff’s experts have allegedly discovered that the documents were obtained by a “directory traversal attack.” Directory traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

On the other hand, Zenith has argued HQSU intake packet materials were obtained using a Google search of the claimant’s name and thus “were found in the public domain.” There was a suspicion at the time that HQSU was really a runner or capper organization soliciting injury claimants for lawfirms

The 2015 and 2016 cases filed in federal district court were not successful for various reasons including standing to sue in federal court. In July 2017, the litigation proceeded to state court when plaintiffs filed a complaint for a cause of action for trespass to chattels. In 2019 (after appeals of the federal court dismissal were exhausted) the trial judge in state court sustained demurrers to the state lawsuit. The plaintiffs appealed the dismissal and Court of Appeal sustained the dismissal in the published case of Casillas v Berkshire Hathaway et. al.B302442 (June 2022).

Having abandoned a privacy claim during their federal litigation, appellants effectively attempted, both in the trial court and on appeal, to repackage an alleged invasion of privacy as a trespass to chattels.

In deciding the appeal, the Court relied heavily on the California Supreme Court case of Intel Corp. v. Hamidi (2003) 30 Cal.4th 1342, 71 P.3d 296. The elements of the tort of trespass to chattels include “injury to the plaintiff’s personal property or legal interest therein.

Appellants conceded respondents had not damaged the HQSU system, corrupted the files they allegedly copied from the system, or impaired appellants’ access to the files.

Subsequent cases have applied Intel to instances of alleged hacking, similar to Plaintiffs’ allegations here. None of Plaintiffs’ authorities support the proposition that an actionable trespass to chattel claim exists when an alleged tortfeasor neither damages nor impairs a plaintiff’s computer system.

The Court of Appeal concluded that the appellants failed to allege any actionable injury because: (1) they did not allege damage or disruption to the computer system, as required by Intel; and (2) in any event, they did not allege injury to the copied files or their asserted property interests therein.