Lualdi Inc. v T-Mobile USA, Inc.

Annotate this Case
Download PDF
Lualdi Inc. v T-Mobile USA, Inc. 2018 NY Slip Op 33348(U) December 21, 2018 Supreme Court, New York County Docket Number: 160767/2018 Judge: Eileen A. Rakower Cases posted with a "30000" identifier, i.e., 2013 NY Slip Op 30001(U), are republished from various New York State and local government sources, including the New York State Unified Court System's eCourts Service. This opinion is uncorrected and not selected for official publication. [*FILED: 1] NEW YORK COUNTY CLERK 12/24/2018 12:20 PM NYSCEF DOC. NO. 9 INDEX NO. 160767/2018 RECEIVED NYSCEF: 12/24/2018 SUPREME COURT OF THE STATE OF NEW YORK COUNTY OF NEW YORK: PART 6 -----------------------------------------------------------------------------)( In the Matter of the Application of LUALDI INC., Index No: 160767/2018 Petitioner, For an Order pursuant to Section 3102(c) of the Civil Practice Law and Rules to compel disclosure pre-action from: DECISION and ORDER T-MOBILE USA, INC., Respondent, Mot. Seq. 001 Of the identity of the defendants JOHN DOE(s) being unknown to the Petitioner, in an action to be commenced. ----------------------------------------------------------------------------)( HON. EILEEN A. RAKOWER, J.S.C. By Order to Show Cause and Petition dated November 19, 2017, Petitioner Lualdi Inc. ("Lualdi" or "Petitioner") seeks an Order pursuant to CPLR § 3102(c) for the issuance of a subpoena duces tecum compelling disclosure from Respondent T-Mobile USA, Inc. ("T-Mobile" or "Respondent") to provide documents identifying the person or persons holding the accounts used to obtain unauthorized and unlawful access to Petitioner's computer network ("lualdi.us"). There is no opposition. Factual Background/Parties' Contentions On May 2, 2018, Petitioner contends that it became concerned that a former consultant ("Consultant"), whose consulting agreement had been terminated several months earlier, obtained unauthorized access to Petitioner's password protected local area network ("LAN'') in its New York City office. Petitioner contends that Consultant was reviewing and downloading confidential information and trade secrets from Petitioner's network and is currently employed by or providing services to a direct competitor of Petitioner. Petitioner contends that it became suspicious of Consultant based on circumstances surrounding a meeting on April 30, 2018, between Petitioner's business developer, Alberto Pomello ("Pomella"), and an 2 of 5 [*FILED: 2] NEW YORK COUNTY CLERK 12/24/2018 12:20 PM NYSCEF DOC. NO. 9 INDEX NO. 160767/2018 RECEIVED NYSCEF: 12/24/2018 architect. Petitioner contends that on May 2, 2018, Pomello became aware that the Consultant knew about the April 30, 2018 meeting and the project specifications the architect had provided to Pomello at the meeting. Petitioner contends that Pomello contacted Alberto Lualdi, the principal of Petitioner and Matteo Tacchi, a member of Petitioner's IT department in Italy after becoming alarmed that Consultant might be improperly accessing Petitioner's confidential information. Petitioner contends that it decided to hire Evade Solutions, Inc. ("Evade"), a firm specializing in computer and network security to run a forensic examination on the lualdi.us network. On May 4, 2018, Petitioner contends that the security analysis detected a personal computer in Petitioner's New York office contained malware, known as MalPassView, which can be used to decrypt computer passwords. Petitioner also contends that the same personal computer had Wireshark installed on June 7, 2017, which can be used remotely to capture user names and passwords on a LAN network. Moreover, Petitioner contends that it provided Evade with Internet Message Access Protocol ("IMAP") logs, which archives the retrieval of emails from the network. Petitioner asserts that Evade acquired the service providers based on the information from the IMAP logs which produces the city where the e-mail mailboxes were remotely accessed, the date and time of access, the Internet Protocol ("IP") address and the IP provider. Petitioner contends that after reviewing the IMAP logs, Petitioner became aware that during April 2018, Pomello's e-mail mailbox was improperly and wrongfully accessed. Petitioner contends that GeoIP logs show Pomello's e-mail mailbox was accessed from April 17, 2018 through April 22, 2018 from various locations in the United States, such as, Chicago, Los Angeles, Dallas and Arlington, Texas, while Pomello was in Milan. Petitioner further contends that prior to April 17, 2018, Pomello's e-mail mailbox was being accessed simultaneously from both New York, as authorized, and from Chicago or Los Angeles, as unauthorized, and continued until after April 22, 2018. Petitioner contends that the GeoIP logs show that the IP addresses used to acquire unauthorized access were provided by Respondent to one or more of its account holders. Therefore, Petitioner contends that Consultant and/or one or more persons acting on behalf or in concert with Consultant, were able to acquire unlawful and unauthorized access to Petitioner's network. Petitioner contends that it does not have the identity of the person or persons without obtaining information and documents from Respondent who can identify the individual account holder or holders corresponding to the originating IP addresses that appear in the GeoIP logs. 2 3 of 5 [*FILED: 3] NEW YORK COUNTY CLERK 12/24/2018 12:20 PM NYSCEF DOC. NO. 9 INDEX NO. 160767/2018 RECEIVED NYSCEF: 12/24/2018 Petitioner argues that the information it seeks from Respondent is material and necessary to Petitioner's claims. Petitioner contends that without the information, it will be unable to determine the identity of the person or persons who improperly and wrongfully obtained Petitioner's confidential and/or trade secret information. Furthermore, Petitioner contends that it has a meritorious cause of action under New York law and federal statutory claims. There is no opposition by Respondent. Legal Standard CPLR 3102(c) provides that "[b]efore an action is commenced, disclosure to aid in bringing an action ... [or] to preserve information ... may be obtained, but only by court order .... " The First Department has noted that "while pre-action disclosure may be appropriate to preserve evidence or to identify potential defendants, it may not be used to ascertain whether a prospective plaintiff has a cause of action worth pursuing" Uddin v. New York City Tr. Auth., 27 A.D.3d 265, 266 [1st Dept. 2006]. "Pre-action discovery is not permissible as a fishing expedition to ascertain whether a cause of action exists and is only available where a petitioner demonstrates that he or she has a meritorious cause of action and that the information sought is material and necessary to the actionable wrong." Bishop v. Stevenson Commons Assocs., L.P., 74 A.D.3d 640, 641 [1st Dept. 2010] (citations omitted). Discussion Petitioner has shown the existence of a meritorious cause of action against Respondent. Liberty Imports, Inc., 146 A.D.2d at 535. Petitioner has established it is entitled to pre-action discovery in the issuance of a subpoena compelling Respondent to provide Petitioner with documents identifying the person· or persons holding the accounts used to obtain unauthorized and unlawful access to the lualdi.us network. Petitioner states in his Order to Show Cause that it needs the names and addresses to identify potential defendants. Uddin, 27 A.D.3d at 266. Petitioner has demonstrated how the information is "material and necessary to the actionable wrong." Bishop, 74 A.D.3d at 641. Wherefore, it is hereby ORDERED that the Order to Show Cause is granted without opposition; and it is further 3 4 of 5 [*FILED: 4] NEW YORK COUNTY CLERK 12/24/2018 12:20 PM NYSCEF DOC. NO. 9 INDEX NO. 160767/2018 RECEIVED NYSCEF: 12/24/2018 ORDERED that the Petition for pre-action disclosure pursuant to CPLR § 3102(c) is granted, and that a subpoena duces tecum shall issue in the form annexed as Exhibit 1 to the Petition, compelling pre-action disclosure by Respondent TMobile USA, Inc. of documents relevant to identifying the person(s) who obtained unauthorized access to Petitioner's New York office computer network. Said subpoena shall be served within 30 days of the date of this Order in the same manner of the Summons. This constitutes the Decision and Order of the Court. All other relief requested is denied. DATED: DECEMBER -z~ 2018 EILEEN A. RAKOWER, J.S.C. 4 5 of 5