United States District Court, N.D. California, San Jose Division
DAVID J. GALLO, Plaintiff,
UNKNOWN NUMBER OF IDENTITY THIEVES, et al., Defendants.
ORDER GRANTING MOTION TO REMAND Re: Dkt. No.
H. KOH United States District Judge
David Gallo (“Gallo”) brings this case against an
“Unknown Number of Identity Thieves”; Anthem Blue
Cross Life and Health Insurance Company (“Anthem Blue
Cross”); Compass Bank; American Express Company;
Paypal, Inc.; Powerpay, LLC; and Does 1-100 (collectively,
“Defendants”). Before the Court is
Plaintiff's motion to remand the case to the Superior
Court of California, County of San Diego (“San Diego
County Superior Court”). ECF No. 754.
considered the submissions of the parties, the relevant law,
and the record in this case, the Court GRANTS Plaintiff's
motion to remand the case to San Diego County Superior Court.
David Gallo is a solo practitioner attorney based in the
state of California. Compl. ¶¶ 3, 11. In 1995,
Gallo obtained health insurance through the State Bar of
California Group Health Insurance Program (“State
Bar”) from Blue Cross of California. Id. 12.
“[I]n or around the late 1990s, ” the State Bar
stopped offering group insurance plans, and so Gallo
purchased an individual plan. Id. ¶ 14. At some
point, Gallo alleges that Blue Cross of California became
Anthem Blue Cross, which Gallo alleges has been located in
Del Mar, California since 1998. Id. ¶¶ 15,
December 28, 2016, Gallo's offices were contacted by an
attorney who stated that his American Express Credit Card
contained an unwarranted $4, 000 charge to Gallo's law
offices. Id. ¶¶ 22-23. After Gallo
investigated the incident, a company known as
“LawPay” informed Gallo that unknown identity
thieves had opened a credit card merchant account in
Gallo's name using Gallo's correct residence address,
business address, and social security number. Id.
¶ 28. The identity thieves had used this account to
defraud LawPay and numerous victims of thousands of dollars.
Id. Gallo called Compass Bank, where the merchant
account was located, to report that this account was
fraudulent, but Compass Bank has refused to confirm or deny
that any account was opened in Gallo's name. Id.
January 2017, Gallo was contacted by Powerpay, who informed
Gallo that identity thieves had opened a credit card merchant
account with “one of Powerpay's fictitious business
account names” using Gallo's personal data.
Id. ¶ 33. On January 10, 2017, Gallo was
contacted by another victim who claimed that he had been
charged $415.00 by Gallo's office through Paypal.
Id. ¶ 35. On January 22, 2017, Paypal stated
that a fraudulent Paypal account had been created for Gallo,
but Paypal concluded that the fraud was “perpetrated by
a member of Plaintiff's family.” Id.
¶ 36. Gallo instead alleges that this account was
created by the unknown identity thieves. Id.
January 2017, Gallo was also contacted by an attorney who
told Gallo that a fraudulent LawPay account had been set up
for the attorney using the attorney's personal
information. Id. ¶ 43. The attorney also stated
that she believed that her personal information had been
stolen during the hack of Anthem and Anthem affiliates.
Id. Gallo alleges that this is the first time that
he learned that Anthem or any of its affiliates had been
hacked. Id. ¶ 44. Gallo alleges that this hack
was the source of his personal information used by the
identity thieves to open the fraudulent accounts.
Id. ¶ 45.
filed the complaint in this case on January 23, 2017. ECF No.
1-2. The complaint asserts six causes of action under
California law: (1) an injunction pursuant to California
Business & Professions Code §§ 17200, et
seq., against the identity thieves; (2) a common law
claim for invasion of privacy against the identity thieves;
(3) a claim for common law negligence against Anthem Blue
Cross; (4) a claim for violation of Civil Code §§
1798.80 against Anthem Blue Cross; (5) a claim for
declaratory relief against Compass Bank, American Express,
Paypal, and Powerpay; and (6) a claim for common law
negligence against Compass Bank, American Express, Paypal,
and Powerpay. Id.
February 21, 2017, Defendant Anthem Blue Cross removed this
action to the United States District Court for the Southern
District of California. ECF No. 1. In the notice of removal,
Anthem Blue Cross proffered two bases for subject matter
jurisdiction in federal court: (1) federal question
jurisdiction under 28 U.S.C. § 1331 based on the fact
that “Plaintiff's state law claims implicate
substantial federal interests” based on national
security interests and the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”); and (2)
federal question jurisdiction under 28 U.S.C. § 1331 and
the Employee Retirement Income Security Act
(“ERISA”), 29 U.S.C. §§ 1001, et
seq. Id. at 5-7.
March 21, 2017, Gallo filed the instant motion to remand. ECF
No. 24. On April 5, 2017, Anthem Blue Cross filed an
opposition to the motion to remand in the Multi-District
Litigation, In re Anthem, Inc. Data Breach
Litigation, Case No. 5:15-MD-02617-LHK, before the
undersigned judge (“Anthem MDL”). ECF
No. 774. On April 12, 2017, Gallo filed a reply.
ECF No. 31.
may be removed from state court to federal court only if the
federal court would have had subject matter jurisdiction over
the case in the first instance. 28 U.S.C. § 1441(a);
see Caterpillar Inc. v. Williams, 482 U.S. 386, 392
(1987) (“Only state-court actions that originally could
have been filed in federal court may be removed to federal
court by the defendant.”). “In civil cases,
subject matter jurisdiction is generally conferred upon
federal district courts either through diversity
jurisdiction, 28 U.S.C. § 1332, or federal question
jurisdiction, 28 U.S.C. § 1331.” Peralta v.
Hispanic Bus., Inc., 419 F.3d 1064, 1068 (9th Cir.
2005). If it appears at any time before final judgment that
the federal court lacks subject matter jurisdiction, the
federal court must remand the action to state court. 28
U.S.C. § 1447(c).
party seeking removal bears the burden of establishing
federal jurisdiction. Provincial Gov't of Marinduque
v. Placer Dome, Inc., 582 F.3d 1083, 1087 (9th Cir.
2009). “The removal statute is strictly construed, and
any doubt about the right of removal requires resolution in
favor of remand.” Moore-Thomas v. Alaska Airlines,
Inc., 553 F.3d 1241, 1244 (9th Cir. 2009) (citing
Gaus v. Miles, Inc., 980 F.2d 564, 566 (9th Cir.
their notice of removal, Anthem Blue Cross asserted two
grounds for removal: (1) federal question jurisdiction under
28 U.S.C. § 1331 based on the fact that
“Plaintiff's state law claims implicate substantial
federal interests” because the Anthem data breach
implicates national security interests and the Health
Insurance Portability and Accountability Act of 1996
(“HIPAA”); and (2) federal question jurisdiction
under 28 U.S.C. § 1331 and the Employee Retirement
Income Security Act (“ERISA”), 29 U.S.C.
§§ 1001, et seq. ECF No. 1, at 5-7.
However, in their opposition to the motion to remand, Anthem
Blue Cross abandons its ERISA preemption argument. The
opposition also raises for the first time the argument that
“it is only because Plaintiff (either intentionally or
inadvertently) named the wrong entity as a defendant that
this Court lacks diversity jurisdiction over Plaintiff's
claims.” ECF No. 774, at 3.
Court first considers the issue of diversity jurisdiction.
The Court then considers the issues of national security
interests, ERISA, and HIPAA in turn. Finally, the Court
considers Gallo's argument that he is entitled to
attorney's fees under 28 U.S.C. § 1447(c) because
Anthem Blue ...