Court, Explained
U.S. District Court · District of Minnesota
Back to docket
Substantive rulingFiled Nov. 3, 2025

In re: Netgain Technology, LLC, Consumer Data Breach Litigation

Judge
Susan Nelson
Docket
0:21-cv-01210
Court
U.S. District Court · District of Minnesota
Pages
23

Counsel of record
PLAINTIFF
Chestnut Cambronne PA3 attorneys
Bryan L. Bleichner, Christopher P. Renz, Jeffrey D. Bores
Lockridge Grindal Nauen P.L.L.P.3 attorneys
Kate M. Baxter-Kauf, Karen Hanson Riebel, Maureen Kane Berg
Gustafson Gluek PLLC2 attorneys
David A. Goodwin, Daniel E. Gustafson
Zimmerman Reed LLP2 attorneys
Michael J. Laird, Rachel Kristine Tack
Strauss Borrelli PLLC2 attorneys
Raina Borrelli, Samuel J. Strauss
Hellmuth & Johnson PLLC2 attorneys
Anne T. Regan, Nathan D. Prosser
Markovits, Stock & DeMarco, LLC2 attorneys
Justin C. Walker, Terence Coates
Casey Gerry Schenk Francavilla Blatt & Penfield, LLP2 attorneys
Gayle M. Blatt, Patricia Guerra
Zimmerman Reed, PLLP
Brian C. Gudmundson
Migliaccio and Rathod LLP
Jason S. Rathod
Migliaccio & Rathod LLP
Nicholas Migliaccio
Bassford Remele, P.A.
Amanda M. Williams
Dykema
Mickey L. Stevens
DEFENDANT
Larkin Hoffman Daly & Lindgren Ltd.3 attorneys
Paul R. Smith, R. Henry Pfutzenreuter, Sarah DeWitt Greening
Larkin Hoffman Law Firm
Christopher A. Young

Counsel of record per CourtListener. Firm names are approximate and have been consolidated across spelling variants.

Class ActionCivil RightsTortCivil Procedure
In one sentence

In In re Netgain Technology, Judge Nelson granted final approval of a $1.9 million class action settlement over a 2020 data breach affecting roughly two million people.

Who this affects

Approximately two million U.S. residents whose personal information — including Social Security numbers, medical records, and financial data — was stored on Netgain Technology's servers and stolen in the 2020 cyberattack. Class members with valid claims may receive reimbursement for documented losses or lost time (up to $5,000) or a proportional cash payment from the $1,900,000 settlement fund.

What happened

In re: Netgain Technology, LLC, Consumer Data Breach Litigation arises from a 2020 cyberattack in which criminals broke into servers operated by Netgain Technology, LLC — a company that manages IT and cloud services for healthcare and accounting businesses — and stole the personal information of millions of individuals. That data included names, Social Security numbers, medical records, bank account details, and other sensitive information. Multiple lawsuits were consolidated in federal court in Minnesota, and the plaintiffs brought claims including negligence and violations of California and Minnesota consumer-protection laws.

The parties reached a settlement after multiple mediation sessions before a retired judge. Under the agreement, Netgain will pay $1,900,000 into a fund that it cannot reclaim. Class members may file claims for documented out-of-pocket losses or lost time (up to $5,000) or for a cash payment; the remaining fund balance will be distributed proportionally among cash-payment claimants. Netgain also agreed to adopt or continue specific cybersecurity measures — such as multi-factor authentication and upgraded firewalls — for three years, subject to verification by class counsel. The settlement class covers approximately two million U.S. residents whose personal information was stored on Netgain's servers and compromised in the attack. Over 704,000 claims were submitted, and more than 5,000 were validated. No class members objected or asked to be excluded.

Judge Susan Richard Nelson granted the plaintiffs' unopposed motion for final approval on November 3, 2025, finding the settlement fair, adequate, and reasonable. The court formally certified the settlement class under Federal Rule of Civil Procedure 23(b)(3), concluding that the class met the requirements of numerosity, commonality, typicality, and adequate representation, and that common legal questions predominate over individual ones. The court dismissed all claims against Netgain on the merits and with prejudice, meaning class members (other than those who opted out — there were none) cannot bring future lawsuits against Netgain based on this data breach. A separate order will address attorneys' fees, litigation expenses, and service awards for the named plaintiffs.

The detailed version

For law students, journalists, and other readers who want the full reasoning

Case
In re: Netgain Technology, LLC, Consumer Data Breach Litigation · No. 0:21-cv-01210
Judge
Susan Nelson
Date
Nov. 3, 2025

Background

Netgain Technology, LLC provides outsourced IT services — including cloud computing, technical infrastructure, and application management — primarily to clients in the healthcare and accounting industries. In September and November 2020, criminals illegally accessed information stored on Netgain's servers (the "Breach"). In early 2021, Netgain began notifying affected clients. The stolen data (referred to in the opinion as "Personal Identifying Information" or "PII") included names, email addresses, phone numbers, home addresses, dates of birth, Social Security numbers, driver's license information, tax records, bank account and routing numbers, health insurance claims data, prescription information, and medical records.

Beginning in summer 2021, several plaintiffs filed separate lawsuits, which the court consolidated on August 24, 2021, retitling the action In re: Netgain Technology, LLC Consumer Data Breach Litigation. The consolidated complaint asserted claims for negligence, negligence per se, violations of the California Consumer Privacy Act, violations of the California Unfair Competition Law, violations of the Minnesota Health Records Act ("MHRA"), and for declaratory relief. Netgain moved to dismiss, and the court granted the motion in part: the negligence per se claim and the MHRA claim were dismissed, while the remaining claims survived. The parties then engaged in discovery.

Settlement Negotiations

The parties participated in multiple mediation sessions before the Honorable Jeffrey J. Keyes (Ret.) of Keyes ADR, a private alternative dispute resolution service. The court found the resulting Settlement Agreement was negotiated in good faith and at arm's length — meaning without collusion between the parties.

Netgain's financial condition was identified as a primary driver of the settlement terms. Plaintiffs were given access to Netgain's financial information to assess those representations.

Terms of the Settlement

Monetary relief

Netgain agreed to pay a total of $1,900,000 into a non-reversionary Settlement Fund — meaning Netgain cannot reclaim any unspent portion. Class members could submit claims for: (1) documented monetary losses ("Documented Loss"), (2) compensable time spent dealing with the breach's consequences ("Lost Time"), or (3) an alternative cash payment. Claims for Documented Loss and/or Lost Time are capped at $5,000 per class member. After approved Documented Loss and Lost Time claims are paid, the remaining balance is distributed proportionally (pro rata) among cash-payment claimants.

Injunctive relief

Netgain agreed for three years after the settlement's effective date to adopt, continue, or implement specific cybersecurity measures, including: upgrading firewalls, routing through secured gateways, geo-blocking, secure and scalable network configuration, virus prevention technology, multi-factor authentication in hosting environments, and data backup protection. Class counsel may verify compliance during this period.

Release of claims

Class members who did not timely opt out are deemed to have released Netgain from all claims arising out of or related to the data breach. No class members requested exclusion (opted out) during the opt-out period.

Settlement Class

The court formally certified the following Settlement Class under Federal Rule of Civil Procedure 23(b)(3):

All U.S. residents whose PII was stored by Netgain clients on Netgain servers and compromised in the attacks, including those who received notice from a Netgain client that their PII may have been compromised.

Excluded are: judges presiding over the action and their families; Netgain and its related corporate entities and current or former officers and directors. (Because no opt-outs were received, the exclusion for persons who requested exclusion was moot.)

The class is estimated at approximately two million people.

Notice Program

The court-appointed settlement administrator, CPT Group, Inc., conducted a 45-day media campaign beginning on or about June 19, 2025. The campaign included programmatic display ads on desktops and mobile devices, social media ads on Facebook and Instagram, online video ads, paid sponsored search results, press releases, a dedicated website, and a toll-free phone number. The campaign targeted states where affected Netgain clients were located. The administrator received 704,551 total responses and, after screening for fraud using a tool called ClaimScore (with a threshold score of 700 to identify presumptively invalid claims) and secondary verification by a digital payment vendor, approved over 5,000 valid claims: 51 for out-of-pocket losses, 1,363 for lost time, and 4,105 for alternative cash payments. No objections to the settlement were filed, and no class members requested exclusion.

Legal Analysis

Class Certification Under Rule 23(a)

The court applied the four prerequisites of Federal Rule of Civil Procedure 23(a):

- Numerosity: The class of approximately two million people is too large for individual joinder; satisfied. - Commonality: All class members' claims depend on common questions about whether Netgain owed and breached a duty of care in protecting PII and whether that breach caused the data theft; satisfied. - Typicality: Named plaintiffs' claims all arise from the same data breach and assert the same legal theories as those of the broader class; satisfied. - Adequacy of representation: Class counsel were found to be qualified and experienced in complex class action litigation, and named plaintiffs' interests are not antagonistic to those of the class; satisfied.

Class Certification Under Rule 23(b)(3)

- Predominance: The court found that common questions — including Netgain's duty of care, whether it was breached, and causation — overwhelmingly predominate over any individual issues. - Superiority: A class action is superior to individual suits because the class is large, potential individual recoveries are relatively small (making individual litigation economically impractical), and class treatment avoids duplicative discovery and motion practice.

Fairness, Adequacy, and Reasonableness of the Settlement

The court applied the multi-factor test from Van Horn v. Trickey, 840 F.2d 604 (8th Cir. 1988), and related precedents:

  1. Relief obtained vs. likelihood of success: Data breach litigation is complex, novel, and risky. Several claims had already been dismissed. The $1.9 million fund plus injunctive relief provides certain recovery without further litigation risk.
  2. Complexity, expense, and duration of continued litigation: Significant additional resources would have been required for class certification briefing, dispositive motions, trial, and potential appeals.
  3. Arm's-length negotiation: The involvement of a retired federal magistrate judge as mediator and the experience of class counsel support a finding of good-faith, non-collusive negotiation.
  4. Reaction of the class: No objections were filed and no class members opted out — which the court treated as powerful evidence of fairness.

Disposition

The court:

  1. Granted the plaintiffs' Motion for Final Approval of the class action settlement [Doc. No. 137].
  2. Finally certified the Settlement Class under Rule 23(b)(3).
  3. Affirmed the appointment of Gayle Blatt, Christopher Renz, and Brian Gudmundson as Class Counsel.
  4. Dismissed all claims against Netgain on the merits and with prejudice — meaning class members cannot bring future claims against Netgain arising out of the data breach.
  5. Incorporated the release from the Settlement Agreement, permanently enjoining class members from pursuing released claims against Netgain in any court.
  6. Approved the $1,900,000 Settlement Fund as a Qualified Settlement Fund under Internal Revenue Code Section 458B.
  7. Retained jurisdiction over administration, distribution, enforcement, and any disputes arising from the Settlement Agreement.
  8. Deferred ruling on the Fee Petition (attorneys' fees, litigation expenses, and service awards for named plaintiffs) to a separate order.
The authoritative version

Read the full 23-page opinion on CourtListener, the free public archive maintained by the Free Law Project.

Open opinion PDF →
Summary written with AI assistance. See how summaries are made. Spot something wrong? Tell us.