`
`IN THE UNITED STATES DISTRICT COURT
`FOR THE SOUTHERN DISTRICT OF FLORIDA
`FORT LAUDERDALE DIVISION
`
`
`Case No.:
`
`SHANA DOTY, individually and on behalf
`of all others similarly situated,
`
`
`Plaintiff,
`
`
`
`v.
`
`
`ADT, LLC d/b/a ADT SECURITY
`SERVICES, a Delaware limited liability
`company,
`
`
`Defendant.
`
`
`
`CLASS ACTION COMPLAINT AND DEMAND FOR JURY TRIAL
`
`
`
`Plaintiff Shana Doty (“Plaintiff”) brings this Class Action Complaint and Demand for
`
`Jury Trial against Defendant ADT, LLC d/b/a ADT Security Services (“Defendant” or “ADT”),
`
`based on its intentional and negligent tortious acts in providing security services to its customers
`
`with remote-viewing capabilities. Plaintiff alleges as follows upon personal knowledge as to
`
`herself and her own acts and experiences, and, as to all other matters, upon information and
`
`belief.
`
`NATURE OF THE ACTION
`
`1.
`
`In April of 2020, Shana Doty received a terrifying phone call from ADT: the
`
`technician who had worked on her indoor security camera system had granted himself remote
`
`access, and had used that access an unknown amount of times to spy on her, her husband, and
`
`her minor son in their most private moments.
`
`2.
`
`And Ms. Doty was not the only one. She soon found out that hundreds of
`
`households had experienced the same staggering invasion of privacy over at least a seven-year
`
`period. At fault for this breach of trust: ADT’s unsecure and unmonitored “security” services.
`1
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 2 of 26
`
`3.
`
`While ADT boasts that it has been protecting people for over 145 years and holds
`
`itself out as the “#1 in smart home security” it failed to even secure its own systems from
`
`massive and ongoing intrusions into its customers private lives.
`
`4.
`
`ADT failed to provide the security services its customers paid for by leaving large
`
`vulnerabilities in the ADT Pulse application and, as a result, compromised the safety and security
`
`of its customers’ homes and family members. The ADT vulnerability allowed any one of its
`
`technicians to grant themselves (or for them to grant anyone else for that matter) access to a
`
`customer’s ADT Pulse application and control every aspect of the customers’ home security
`
`systems including surreptitiously opening locks and viewing security camera footage.
`
`5.
`
`In a frantic effort to mitigate and hide its actions, ADT began a campaign to call
`
`all affected account holders and secure a release and confidentially agreement in exchange for a
`
`monetary payment representing a fraction of the value of their claims. This effort, directed by
`
`lawyers but carried out by customer service representatives, failed to determine whether
`
`individuals were represented by counsel, and attempted to mislead them into believing that the
`
`release would cover account holders and non-account holders in the household alike.
`
`6.
`
`Beyond the now-known technician who accessed Plaintiff’s home, potentially
`
`countless other unknown individuals have been accessing customers’ ADT Pulse accounts and
`
`surreptitiously viewing their camera footage, for years, all around the country.
`
`7.
`
`The mental and emotional impact this revelation has had on every person
`
`receiving these calls from ADT is immeasurable. Moments once believed to be private and
`
`inside the sanctity of the home are now voyeuristic entertainment for a third party. And worse,
`
`those moments could have been captured, shared with others, or even posted to the internet.
`
`2
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 3 of 26
`
`ADT’s failure to protect its customers irreparably destroyed their sense of security, safety,
`
`intimacy, and well-being.
`
`PARTIES
`
`8.
`
`9.
`
`Plaintiff Shana Doty is a natural person and a citizen of the State of Texas.
`
`Defendant ADT, LLC is a limited liability company organized and existing under
`
`the laws of Delaware with its principal place of business located at 1501 Yamato Road, Boca
`
`Raton, Florida 33431.
`
`JURISDICTION AND VENUE
`
`10.
`
`This Court has jurisdiction over this action pursuant to 28 U.S.C. § 1332(d)(2),
`
`because (i) at least one member of the Class is a citizen of a different state than the Defendant,
`
`(ii) the amount in controversy exceeds $5,000,000, exclusive of interests and costs, and (iii) none
`
`of the exceptions under that subsection apply in this action.
`
`11.
`
`This Court has personal jurisdiction over Defendant because Defendant conducts
`
`business in Florida and has its headquarters in this District.
`
`12.
`
`Venue is proper pursuant to 28 U.S.C. § 1391(b) because Defendant maintains its
`
`headquarters and conducts significant business in this District.
`
`COMMON FACTUAL ALLEGATIONS
`
`I.
`
`ADT Promises Safety and Security to Consumers.
`
`13.
`
`ADT is a home security company that touts its longstanding expertise in security
`
`and claims to have been providing security services since the 19th century. According to ADT, it
`
`has “been helping protect homes longer than any other company in the business.” ADT provides
`
`3
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 4 of 26
`
`residential security systems and monitoring plans that purportedly “protect what matters most in
`
`your life.” In short, ADT promises that it is “fully committed to your security.”1
`
`14.
`
`ADT markets and sells a comprehensive security system package that includes the
`
`hardware necessary to operate a home security system, the monitoring services that detect home
`
`intrusions and alert the police, and the security system installation.
`
`15.
`
`ADT offers various tiers of its home security systems at different price points.
`
`The basic tier, for example, features security monitoring equipment with 24/7 alarm monitoring
`
`while the highest tier home security package includes various convenience and home automation
`
`features.
`
`16.
`
`One of the highest tier home security packages is ADT Pulse. ADT Pulse allows
`
`consumers to “check on your home - even if you’re away” by giving them remote access to
`
`control their home security system from a mobile application or a web browser portal.
`
`Specifically, consumers can arm and disarm their home security systems, remotely lock and
`
`unlock doors, view live camera footage, and control various smart home devices like a
`
`thermostat and lights. See Figure 1, showing a screenshot of ADT’s marketing materials for ADT
`
`Pulse.2
`
`
`
`
`
`
`
`
`
`
`1
`ADT Services | In-Home Consultation, Installation, Repairs, Customer Support,
`https://www.adt.com/services (last visited May 7, 2020).
`2
`ADT Pulse® | Official ADT Smart Home Automation System,
`https://www.adt.com/pulse (last visited May 7, 2020).
`4
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 5 of 26
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`(Figure 1.)
`
`17.
`
`Consumers must purchase various smart devices from ADT to reap the benefits of
`
`the ADT Pulse service and all the advertised remote accessibility features. ADT touts that its
`
`smart home features are not only more convenient to consumers, but they provide “smarter
`
`security.” For example, ADT claims that the purchase of its smart locks for use with the ADT
`
`Pulse system will result in a “whole new level of security and convenience….” as shown in
`
`Figure 2.
`
`
`
`
`
`
`
`
`
`
`
`
`
`5
`
`
`(Figure 2.)
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 6 of 26
`
`18. Most importantly, ADT encourages consumers to purchase video cameras for
`
`both outdoors and indoors uses to “keep an eye on the things you value most.”3 The indoor
`
`cameras, according to ADT, are specifically intended to “check in on your kids” and can be set
`
`up to stream and capture video clips of events “like when your kids get home from school.”4
`
`19.
`
`Consumers use the ADT Pulse mobile application to “check any or all of your
`
`ADT home security cameras” and to “look in on your family and your pets any time with live-
`
`streaming video.” Furthermore, consumers are able view stored video clips from their security
`
`cameras on their phones via the ADT Pulse mobile application.5
`
`20.
`
`To use the ADT Pulse smart home features—like remotely viewing security
`
`camera footage, disarming a security system, or unlocking smart locks—consumers must login
`
`into the ADT Pulse mobile application or the ADT Pulse web browser portal by using their
`
`username and password. Anyone with valid login credentials, like a family member, can access
`
`and control the security system remotely.
`
`21.
`
`In order for the ADT Pulse system to function correctly, an ADT technician needs
`
`to perform the system installation and configuration.
`
`22.
`
`Each new security system installation comes with a “worry-free professional
`
`installation” where “high-trained ADT technicians will set-up your ADT security system so you
`
`don’t have to.”6 ADT technicians will also test the security system and assist the consumer in
`
`
`3
`Wireless Home Security Cameras & Video Surveillance Cameras | ADT,
`https://www.adt.com/security-cameras (last visited May 7, 2020).
`4
`Shop ADT® Indoor Home Security Cameras | ADT, https://www.adt.com/indoor-
`security-camera (last visited May 7, 2020).
`5
`Supra note 3.
`6
`ADT® | Compare Home Security System Packages | 2020, https://www.adt.com/compare
`(last visited May 7, 2020)
`6
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 7 of 26
`
`connecting their smart phone to the ADT security system for use with ADT Pulse, as shown in
`
`Figure 3.
`
`
`
`(Figure 3.)
`
`23.
`
`ADT further promotes its security services by stating that its technicians are what
`
`sets them apart from the competitors in being able to earn its customers’ trust and protect the
`
`most important people in their lives. According to its website: “Our people are dedicated to
`
`taking care of the people and property you value most in your life. Our customers trust us to help
`
`protect those things that cannot be replaced.” See Figure 4, showing a screenshot from ADT’s
`
`website.7
`
`
`
`
`
`
`7
`Why ADT has the Best Home Security and Customer Service | ADT,
`https://www.adt.com/security-benefits (last visited May 7, 2020).
`7
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 8 of 26
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`II.
`
`
`
`(Figure 4.)
`
`ADT Failed to Detect a Seven-Year-Long Breach of its Systems That, at the Very Least,
`Resulted in an ADT Employee Improperly Accessing Customers’ Accounts.
`
`24.
`
`Unfortunately for all of ADT’s Pulse customers, a vulnerability in the Pulse
`
`security system completely obliterates all of ADT’s promises of security and protection.
`
`25.
`
`On or around April 23, 2020, ADT began to contact some of its customers to
`
`inform them that a vulnerability in the ADT Pulse system had allowed unauthorized users to
`
`access customers’ ADT Pulse accounts as if they were a regular user. In other words, an
`
`unauthorized user could remotely arm and disarm security systems, access smart home devices,
`
`and view security camera footage, including footage from indoor cameras designed to, among
`
`other things, protect their children.
`
`26.
`
`In fact, ADT’s investigation revealed that at least one ADT employee in the
`
`Dallas-Fort Worth Texas area, named Telesforo Aviles, had access to more than 200 different
`
`customers’ ADT Pulse accounts for the last seven years. According to an ADT spokesperson, the
`
`ADT technician was able to add—and in fact did add—his own personal email address to a
`
`8
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 9 of 26
`
`customers’ account, allowing him to remotely login to a customers’ account using his own
`
`unauthorized credentials.
`
`27.
`
`This type of access could only occur because ADT failed to implement adequate
`
`procedures that would prevent non-household members from adding non-household email
`
`addresses. Similarly, ADT failed to monitor consumers’ accounts and promptly alert them
`
`anytime a new email was added to their accounts. Countless checks could have been in place to
`
`prevent or at least stop this conduct. Instead, this breach came to light only by luck and
`
`happenstance: a customer, reporting a technical issue, inadvertently revealed the unwanted third-
`
`party access. But for that event, ADT would be unaware of this invasive conduct and it would
`
`continue unabated to this day (and likely expanding to new households).
`
`28.
`
`As such, countless other ADT technicians and/or employees could have taken
`
`advantage of ADT’s lax security and granted themselves unfettered access to other customer
`
`accounts—entirely unbeknownst to both the customer and to ADT.
`
`29.
`
`Although ADT claims it has implemented procedures to prevent similar incidents
`
`in the future, it is already too late for an unknown number of consumers whose accounts and
`
`security camera footage have already been accessed and potentially exploited.
`
`III. ADT Harmed its Customers by Concealing its Deficient Data Security Practices.
`
`30.
`
`ADT’s customers have already suffered significant and lasting harm as a result of
`
`its misconduct.
`
`31.
`
`Consumers place value in data privacy and security, and they consider issues of
`
`privacy and security when making purchasing decisions. In fact, it is widely accepted that
`
`consumers are willing to pay higher prices to do business with merchants that better protect their
`
`privacy and information—especially security companies.
`
`9
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 10 of 26
`
`32.
`
`A number of studies have found that U.S. consumers consider security when
`
`purchasing goods and services, and that over 50% of consumers would consider paying more to
`
`work with a company with better security.8 Likewise, studies have shown that over 70% of U.S.
`
`consumers will provide less personally identifiable information to organizations that suffer a data
`
`breach.9
`
`33.
`
`Consumer technology markets have likewise demonstrated that consumers value
`
`their privacy and security and incorporate data security practices into their purchases. For
`
`example, companies have begun providing consumers with “cloaking services” that allow them
`
`to browse the internet anonymously for a fee. Likewise, companies now offer services that, in
`
`exchange for a monthly fee, will offer online services designed to protect data privacy.
`
`34.
`
`Because of the value consumers place on data privacy and security, services with
`
`better security practices command higher prices than those without. Indeed, if consumers did not
`
`value their data security and privacy, profit-seeking corporations (like ADT) would have no
`
`reason to tout their privacy and security credentials to current and prospective customers.
`
`35.
`
`These value propositions reflect the fact that consumers view companies that
`
`promise to adequately secure customer data as being far more useful—and valuable—than those
`
`with substandard protections.
`
`36.
`
`As a result, a security service with substandard data security and privacy
`
`protections is less useful and valuable than a product or service using adequate security
`
`protocols, and is, in reality, a different service entirely. Or, in other words, not a security
`
`company at all.
`
`
`8
`Beyond the Bottom Line: The Real Cost of Data Breaches, FireEye,
`https://tinyurl.com/ycvtd2fl (last visited Mar. 7, 2020).
`9
`Id.
`10
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 11 of 26
`
`37.
`
`Stated simply, had consumers—like Plaintiff Doty—known the truth about
`
`ADT’s data security practices—e.g., that ADT did not adequately protect her family’s security—
`
`they would not have purchased ADT’s security services.
`
`FACTS SPECIFIC TO PLAINTIFF DOTY
`
`38. Ms. Doty has been a long-time ADT security customer. In approximately 2014,
`
`Ms. Doty upgraded her account to the ADT Pulse system which included installing security
`
`cameras inside her home. ADT represented to Ms. Doty that this upgrade would enhance her
`
`personal security.
`
`39.
`
`Indeed, Ms. Doty relied on ADT’s representations, including both representations
`
`by ADT employees and ADT’s representations on its website, about the ADT Pulse system’s
`
`safety and security.
`
`40.
`
`Shortly thereafter, an ADT technician installed the ADT Pulse system, which
`
`included an indoor security camera with a wide-angle view that provided a visual of a bathroom,
`
`entryway, family room and dining space, stairs, and into the master bedroom.
`
`41.
`
`On April 23, 2020, a phone call from ADT destroyed whatever security and safety
`
`ADT’s security system promised. An ADT “Concierge Representative” called Ms. Doty to
`
`explain that one of its technicians had gained access to her account and had access to her camera,
`
`potentially viewing her, her husband, and their minor son, for an unknown amount of time, ADT
`
`claimed it was unknown how many times he accessed their camera.
`
`42.
`
`In an email later that day, ADT Concierge Representative Wayne Walker
`
`described it as “a difficult message to hear.” Difficult is, of course, woefully inadequate to truly
`
`describe Plaintiff’s loss of security, loss of safety, humiliation, and anger.
`
`11
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 12 of 26
`
`43.
`
`Based upon the cameras’ wide-angle lens and placement, ADT’s employee had an
`
`opportunity to watch at least the following events:
`
`a. Ms. Doty, her husband, and her minor son nude;
`
`b. Ms. Doty, her husband, and her minor son in various states of undress;
`
`c. Ms. Doty, her husband, and her minor son getting ready for bed;
`
`d. Moments of physical intimacy; and
`
`e. Private and confidential moments and conversations.
`
`44.
`
`Immediately after the call, Ms. Doty disabled the ADT camera in her home. Ms.
`
`Doty expended significant time and money addressing the current and future consequences of the
`
`exposure enabled by ADT, including, but not limited to, disabling ADT security hardware, and
`
`researching additional surveillance and security devices and services.
`
`45.
`
`Prior to April 23, 2020, Ms. Doty never received any call, text, email, or
`
`notification of any kind informing her that another user was added to her ADT Pulse account or
`
`that a user (aside from her) accessed her ADT Pulse account.
`
`CLASS ALLEGATIONS
`
`46.
`
`Class Definition: Plaintiff Shana Doty brings this action on behalf of herself and
`
`a class of similarly situated individuals defined as follows:
`
`All ADT Pulse customers in the United States whose security systems were remotely
`accessed by an employee or agent of Defendant ADT without authorization from the
`customer.
`
`
`The following people are excluded from the Class: (1) any Judge or Magistrate presiding over
`
`this action and the members of their family; (2) Defendant, Defendant’s subsidiaries, parents,
`
`successors, predecessors, and any entity in which the Defendant or its parents have a controlling
`
`interest and their current or former employees, officers, and directors; (3) persons who properly
`
`12
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 13 of 26
`
`execute and file a timely request for exclusion from the Class; (4) persons whose claims in this
`
`matter have been finally adjudicated by a court of law on the merits; (5) Plaintiff’s counsel and
`
`Defendant’s counsel; and (6) the legal representatives, successors, and assigns of any such
`
`excluded persons.
`
`47.
`
`Numerosity: The exact number of members of the Class is unknown and is not
`
`available to Plaintiff at this time, but individual joinder in this case is impracticable. The Class
`
`likely consist of hundreds of individuals. Members of the Class can be easily identified through
`
`Defendant’s records.
`
`48.
`
`Commonality: There are many questions of law and fact common to the claims
`
`of Plaintiff and the other members of the Class, and those questions predominate over any
`
`questions that may affect individual members of the Class. Common questions for the Class
`
`include but are not limited to the following:
`
`a. Whether Defendant’s conduct constitutes a breach of contract;
`
`b. Whether Defendant’s conduct constitutes negligence;
`
`c. Whether Defendant’s conduct constitutes gross negligence;
`
`d. Whether Defendant’s conduct constitutes an intrusion upon seclusion;
`
`e. Whether Defendant’s conduct constitutes a violation of the Computer Fraud
`and Abuse Act; and
`
`f. Whether Defendant’s conduct constitutes negligent hiring, supervision, and
`retention.
`
`Typicality: Plaintiff’s claims are typical of other members of the Class, in that
`
`49.
`
`Plaintiff and the members of the Class sustained damages arising out of Defendant’s uniform
`
`wrongful conduct.
`
`13
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 14 of 26
`
`50.
`
`Adequate Representation: Plaintiff will fairly and adequately represent and
`
`protect the interests of the Class and have retained counsel competent and experienced in
`
`complex class actions. Plaintiff has no interest antagonistic to those of the Class, and Defendant
`
`has no defenses unique to Plaintiff.
`
`51.
`
`Predominance and Superiority: This case is also appropriate for class
`
`certification because class proceedings are superior to all other available methods for the fair and
`
`efficient adjudication of this controversy because joinder of all parties is impracticable. The
`
`damages suffered by the individual members of the Class will likely be relatively small,
`
`especially given the burden and expense of individual prosecution of the complex litigation
`
`necessitated by Defendant’s actions. Thus, it would be virtually impossible for the individual
`
`members of the Class to obtain effective relief from Defendant’s misconduct. Even if members
`
`of the Class could sustain such individual litigation, it would still not be preferable to a class
`
`action because individual litigation would increase the delay and expense to all parties due to the
`
`complex legal and factual controversies presented in this Complaint. By contrast, a class action
`
`presents far fewer management difficulties and provides the benefits of single adjudication,
`
`economies of scale, and comprehensive supervision by a single Court. Economies of time, effort,
`
`and expense will be fostered, and uniformity of decisions ensured.
`
`FIRST CAUSE OF ACTION
`Breach of Contract
`(On Behalf of Plaintiff and the Class)
`
`Plaintiff incorporates the preceding paragraphs as if fully set forth herein.
`
`Plaintiff Doty and the Class members entered into a valid and enforceable
`
`52.
`
`53.
`
`agreement with Defendant ADT to install a security system and agreed to pay money for such
`
`services.
`
`14
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 15 of 26
`
`54.
`
`A material part of the agreement between Defendant ADT and Plaintiff Doty and
`
`Class members was to provide a security system that was suitable for their purpose and not
`
`designed with flaws that render them and/or access to them vulnerable to unauthorized access
`
`resulting in the compromise of user safety and security.
`
`55.
`
`A meeting of the minds occurred, and Plaintiff Doty and the Class fully
`
`performed their obligations under the contracts.
`
`56.
`
`Defendant breached the contract with Plaintiff Doty and Class members by failing
`
`to acknowledge the inherent vulnerability in the ADT Pulse system and the ability of a third
`
`party to access the security system and various connected security devices including door locks
`
`and cameras.
`
`57.
`
`Plaintiff Doty and Class members would not have paid for Defendant’s security
`
`system had they known of these vulnerabilities, but rather would have chosen one of the
`
`numerous alternatives that were available to them and which did not present a hidden safety risk.
`
`58.
`
`Defendant’s failure to fulfill its promises resulted in Plaintiff Doty and Class
`
`members receiving services that were of less value than they paid for. Stated otherwise, because
`
`Plaintiff Doty and Class members paid for privacy protections that they did not receive—even
`
`though such protections were a material part of their contracts with the Defendant—they did not
`
`receive the full benefit of the bargain. As a result of the Defendant’s breach, Plaintiff Doty and
`
`the Class suffered damages in the amount of the difference between the price they paid for the
`
`Defendant’s services as promised and the actual diminished value of its security services.
`
`59.
`
`As a direct and proximate result of Defendant’s breach of their contracts with
`
`Plaintiff Doty and Class members, Plaintiff Doty and Class have also suffered and will suffer
`
`injury, including, but not limited to: the cost of replacement security devices; the cost of
`
`15
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 16 of 26
`
`additional surveillance and protective devices and services; and time spent monitoring and
`
`addressing the current and future consequences of the exposure enabled by ADT.
`
`SECOND CAUSE OF ACTION
`Negligence
`(On Behalf of Plaintiff Doty and the Class)
`
`Plaintiff incorporates the foregoing allegations as if fully set forth herein.
`
`Defendant ADT had full knowledge of the purpose for which its security cameras
`
`60.
`
`61.
`
`were being used and the sensitivity of the people and things the cameras were designed to secure
`
`and protect—that which “matters most” to their clients. Defendant also knew the types of harm
`
`that Plaintiff and the members of the Class could and would suffer if the integrity of the security
`
`system was compromised.
`
`62.
`
`Defendant had a duty to exercise reasonable care in ensuring that all ADT
`
`security systems were secure, safe to use, and inviolable by unauthorized parties. This duty
`
`includes, among other things, ensuring that reasonable and proper protocols and safeguards are
`
`in place so that consumers’ security cameras are not easily compromised by unauthorized users.
`
`63.
`
`Defendant ADT, by and through its agents, employees, and independent
`
`contractors, was negligent in its acts and/or omissions by, amongst other things, allowing
`
`technicians to create authorized user accounts, and by failing to discover that its employees could
`
`make and did make themselves authorized users gaining unauthorized access to Plaintiff’s ADT
`
`Pulse account, thereby allowing surreptitious videos and images to be viewed and taken of
`
`Plaintiff in her home.
`
`64.
`
`Plaintiff and the members of the Class were the foreseeable and probable victims
`
`of any inadequate security practices and procedures. Defendant knew of or should have known
`
`16
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 17 of 26
`
`of the inherent risks of allowing ADT cameras to be set up and used without adequate security
`
`protocols and safeguards.
`
`65.
`
`Defendant ADT further knew or should have known that: (1) the surreptitious
`
`recordings of Plaintiff contained private and confidential information about Plaintiff; (2) Plaintiff
`
`had a reasonable expectation of privacy in being partially and fully naked, engaging in
`
`consensual intimate activity, and having private conversations in a private home; (3) the
`
`recordings were taken without Plaintiff’s knowledge or consent; (4) the surreptitious recordings
`
`would reveal private and personal things about Plaintiff which Defendant had no right or
`
`authorization to view, use, disseminate, or disclose; (5) and the viewing of these private acts and
`
`occasions constitutes a substantial violation of Plaintiff’s right of privacy.
`
`66.
`
`Beyond ordinary negligence, Defendant ADT was grossly negligent because the
`
`acts and omissions of Defendant ADT and its employee and agents were more than momentary
`
`thoughtlessness or inadvertence. Rather the conduct, when viewed objectively from the
`
`standpoint of Defendant ADT at the time of these events, involved an extreme degree of risk,
`
`considering the probability and magnitude of the potential harm to Plaintiff. Moreover,
`
`Defendant ADT had subjective knowledge of the risk of employees gaining unauthorized access
`
`to clients cameras, but failed to disclose to Plaintiff the vulnerability of their monitoring systems
`
`and the ability of ADT employees to monitor and observe their home without their consent, and
`
`acted with conscious indifference to the rights, safety, and welfare of their clients.
`
`67.
`
`Defendant’s own actions and inactions created a foreseeable risk of harm to
`
`Plaintiff and the members of the Class. Defendant’s misconduct included, but was not limited to,
`
`its failure to sell security systems with sufficiently robust security protocols to prevent
`
`unauthorized users from gaining access to the cameras, and failing to inform Plaintiff and the
`
`17
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 18 of 26
`
`members of the Class when unknown individuals added their email addresses to customer
`
`accounts.
`
`68.
`
`Defendant was in a position to protect against the harm suffered by Plaintiff and
`
`the members of the Class and had a duty to do so.
`
`69.
`
`Defendant, through its actions, unlawfully breached its duty to Plaintiff and the
`
`members of the Class by failing to ensure their cameras and set up procedures were sufficiently
`
`robust to protect against unauthorized use.
`
`70.
`
`But for Defendant’s wrongful and negligent breach of duties owed to Plaintiff and
`
`the members of the Class, Plaintiff and the members of the Class would not have used or
`
`purchased a product that is so readily compromised.
`
`71.
`
`As a result of Defendant’s negligence, Plaintiff and the members of the Class
`
`have suffered and will continue to suffer damages and injury including, but not limited to: the
`
`cost of replacement cameras; cost of additional surveillance and protective devices and services;
`
`time spent monitoring and addressing the current and future consequences of the exposure
`
`enabled by ADT; and the necessity to engage legal counsel and incur attorneys’ fees, costs and
`
`expenses.
`
`72.
`
`Further, because Defendant’s acts and omissions resulted from gross negligence,
`
`exemplary damages should be awarded against Defendant in an amount to be determined by the
`
`jury in this case. Moreover, exemplary damages should be awarded without limitation, as set
`
`forth in TEX. CIV. PRAC. & REM. CODE § 41.008(c).
`
`THIRD CAUSE OF ACTION
`Intrusion Upon Seclusion
`(On Behalf of Plaintiff Doty and the Class)
`
`Plaintiff incorporates the foregoing allegations as if fully set forth herein.
`
`73.
`
`18
`
`
`
`
`
`Case 0:20-cv-60972-RKA Document 1 Entered on FLSD Docket 05/18/2020 Page 19 of 26
`
`74.
`
`Defendant intentionally intruded upon Plaintiff’s and each of the Class members’
`
`seclusion, permitting unauthorized access to their private security camera footage.
`
`75.
`
`Defendant’s facilitation and failure to stop such access is highly offensive to a
`
`reasonable person as it reveals intimate private details about Plaintiff and each of the Class
`
`members and the activities they participate in inside the privacy of their own homes.
`
`76.
`
`Defendant’s intrusion upon the Plaintiff’s and the Class members’ seclusion
`
`caused Plaintiff and the Class members mental anguish and suffering in the form of anxiety, loss
`
`of security, loss of safety, humiliation, and anger.
`
`FOURTH CAUSE OF ACTION
`Computer Fraud and Abuse Act, 18 U.S.C. § 1030
`(On Behalf of Plaintiff Doty and the Class)
`
`Plaintiff Doty incorporates the foregoing allegations as if fully set forth herein.
`
`The Computer Fraud and Abuse Act (“CFAA”) broadly prohibits intentional
`
`
`
`77.
`
`78.
`
`access to computer systems without authorization or in excess of authorization.
`
`79.
`
`Plaintiff Doty is an individual and therefore a “person” under 18 U.S.C. §
`
`1030(e)(12).
`
`80.
`
`The ADT Pulse system is a “protected computer” under 18 U.S.C. §
`
`1030(e)(2)(B) because it is used in and affects interstate or foreign commerce and
`
`communication. Specifically, the ADT Pulse system allows consumers to remotely access and
`
`monitor their ADT home security—including viewing security camera footage, opening locks,
`
`and arming or disarming the security system—even if the consumer is on the other side of the