Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 1 of 31 Page ID #:717

No JS-6

1
2
3
4
5
6
7
8

UNITED STATES DISTRICT COURT

9

CENTRAL DISTRICT OF CALIFORNIA

10
11

TYAN, INC.,
Plaintiff,

12
13

v.

14
15
16

YOVAN GARCIA,
Defendant.

17
18

) Case No. CV 15-05443- MWF (JPRx)
)
)
) FINDINGS OF FACT AND
) CONCLUSIONS OF LAW
)
)
)
)
)
)
)
)
)
)
)

19
20

This matter came on for trial before the Court sitting without a jury on January 10,

21

2017. Following the presentation of evidence and the parties’ closing arguments, the

22

matter was taken under submission.

23

Having carefully reviewed the record and the arguments of counsel, as presented at

24

the trial and in their written submissions, the Court now makes the following findings of

25

fact and reaches the following conclusions of law under Rule 52 of the Federal Rules of

26

Civil Procedure. Any finding of fact that constitutes a conclusion of law is also hereby

27

adopted as a conclusion of law, and any conclusion of law that constitutes a finding of fact

28

is also hereby adopted as a finding of fact.

-1-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 2 of 31 Page ID #:718

1
2

The following witnesses were called and examined by the parties in the order
recited below:

3

All testimony was given on January 10, 2017. Joseph S. Fischbach and Andrew

4

Zelus appeared on behalf of Plaintiff Tyan, Inc., d/b/a Security Specialists (“Tyan”) and

5

gave an opening statement. Defendant Yovan Garcia appeared in pro se and gave an

6

opening statement.

7

Mr. Fischbach first examined Nick Tsotsikyan, founder, owner, and Director of

8

Operations of Security Specialists. Mr. Tsotsikyan’s sworn declaration was submitted in

9

lieu of a full direct examination. Mr. Garcia cross-examined Mr. Tsotsikyan.

10

Mr. Fischbach next examined Steve Leon, Operations Manager of Security

11

Specialists. Mr. Leon’s sworn declaration was submitted in lieu of a full direct

12

examination. Mr. Garcia cross-examined Mr. Leon.

13
14

Mr. Fischbach recalled Mr. Tsotsikyan for redirect examination. Mr. Garcia
recross-examined Mr. Tsotsikyan.

15

Mr. Zelus next examined Defendant Yovan Garcia regarding Defense Exhibit A.

16

Mr. Zelus then examined Junior Arana, a Patrol Officer for Security Specialists.

17

Mr. Arana’s sworn declaration was submitted in lieu of a full direct examination. Mr.

18

Garcia cross-examined Mr. Arana.

19

Mr. Zelus examined Ken Hagopian, a principal in Digital Synergy Consulting,

20

Inc., the company that provides IT support for Security Specialists. Mr. Hagopian’s

21

sworn declaration was submitted in lieu of a full direct examination. Mr. Garcia cross-

22

examined Mr. Hagopian. Mr. Zelus conducted a redirect examination; Mr. Garcia

23

conducted a recross examination. Mr. Zelus conducted a second redirect examination;

24

Mr. Garcia conducted a short, second recross examination.

25

Mr. Zelus next examined Defendant James Caspari, a former Patrol Officer for

26

Security Specialists. Mr. Caspari’s sworn declaration was submitted in lieu of a full direct

27

examination. Mr. Garcia cross-examined Mr. Caspari. Mr. Zelus conducted a short

28

redirect examination of Mr. Caspari; and Mr. Garcia conducted a recross examination.

-2-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 3 of 31 Page ID #:719

1

Mr. Zelus conducted a second redirect examination of Mr. Caspari; Mr. Garcia conducted

2

a second recross examination.

3

Mr. Zelus examined Denis Rybalka, a Field Training Officer for Security

4

Specialists. Mr. Rybalka’s sworn declaration was submitted in lieu of a full direct

5

examination. Mr. Garcia cross-examined Mr. Rybalka.

6
7
8
9
10
11

Mr. Garcia then took the stand and testified in his own defense. Mr. Zelus crossexamined Mr. Garcia.
Finally, Mr. Fischbach examined Mr. Tsotsikyan a third time, as a rebuttal witness.
Mr. Garcia cross-examined Mr. Tsotsikyan.
At the end of the day, Mr. Fischbach made his closing argument for Plaintiff. Mr.
Garcia made his own closing argument.

12
I.

13

FINDINGS OF FACT

14

A.

Background

15

1.

Nick Tsotsikyan founded Security Specialists, a private security patrol

16

company, in 1999. Since then, Security Specialists has provided security services

17

throughout Southern California.

18

2.

At some point, Tsotsikyan realized that the typical reporting process used by

19

most security companies could be updated and streamlined with modern technology.

20

Tsotsikyan purchased FileMaker Pro, a software that enables users to develop custom,

21

proprietary databases. Tsotsikyan taught himself to use FileMaker Pro and began to

22

develop a set of custom databases for use by Security Specialists.

23

3.

Eventually, Tsotsikyan developed a unique set of forms and databases that, in

24

his opinion, set Security Specialists apart from the competition. Each patrol car is

25

equipped with a laptop computer, from which Patrol Officers can access Security

26

Specialists’ central database over the internet. Patrol Officers can then generate their daily

27

reports as they patrol. The reports are emailed or faxed directly to clients as a .pdf. In an

28

-3-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 4 of 31 Page ID #:720

1

industry where carbon copy reports are still common, Tsotsikyan believes that his custom

2

forms helped Security Specialists to distinguish itself from its competitors.

3

4.

Tsotsikyan also used FileMaker Pro to develop databases to store confidential

4

client information and employee records. All of Security Specialists’ databases were

5

protected by username and password. Only administrators — i.e., Steve Leon and

6

Tsotsikyan — were authorized to edit the reporting software and access the confidential

7

client and employee databases.

8
9

5.

Tsotsikyan averred that he spent 5,000 hours over the course of 15 years

developing the forms and databases that Security Specialists uses. In 2009–2010,

10

Tsotsikyan hired Dina Torok, a certified FileMaker developer, to help him continue

11

developing the custom files. Torok charged $170 per hour, and Tsotsikyan believes that

12

this is a fair hourly rate.

13

B.

Inconsistencies in Garcia’s Payroll Records

14

6.

Yovan Garcia began working for Security Specialists as a Patrol Officer

15
16

sometime in or around 2012.
7.

On July 24, 2014, Steve Leon noticed something odd about Garcia’s payroll

17

records. Although Garcia’s schedule reflected that he had worked typical eight-hour days

18

during the previous two-week pay period, the payroll program indicated that Garcia had

19

worked twelve hours per day, and thus was owed 40 hours of overtime pay.

20

8.

At first, Leon thought that perhaps the payroll program was not adding

21

properly. Then, he noticed that someone had tampered with the program’s “Lunch” field.

22

Four hours had been added into the lunch field each day, which accounted for the

23

unexplained extra 40 hours of overtime in Garcia’s records. The hours had been entered

24

in black text on a black background, in one-point font. As a result, the alterations to

25

Garcia’s hours would not have been noticeable to the casual observer. The alterations

26

resulted in Garcia’s being paid wages for overtime that, presumably, he did not work.

27
28

9.

His curiosity piqued, Leon pulled the paystub server log, which tracks all

attempts to log into the payroll database. The paystub server log was admitted into

-4-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 5 of 31 Page ID #:721

1

evidence as Exhibit 3. The log indicated that just the night before, on July 23, 2014 at

2

about 9:00 p.m., someone logged into the payroll program from Garcia’s patrol laptop.

3

The individual used an administrative username and password. As a Patrol Officer,

4

Garcia was not authorized to access the payroll database and was never given the

5

username or password.

6

10.

Leon eventually figured out that Garcia’s hours had been artificially inflated

7

since at least January 2014. Garcia’s paystubs for each of those pay periods, along with

8

his corresponding schedule for that pay period, was admitted into evidence as Exhibit 2.

9

11.

As an example of how Garcia’s hours were altered, in the first pay period of

10

the year, Garcia’s paystub shows that he worked 80 hours of regular scheduled time, 20.5

11

hours of overtime, and 8 hours of holiday time. Garcia’s schedule for that same period

12

shows that he only actually worked 80 hours of regular scheduled time (including one 8-

13

hour day of holiday time) and three hours of overtime. The discrepancy meant that Garcia

14

was overpaid by $371.67 that month.

15

12.

Garcia’s hours were similarly inflated for each subsequent pay period. No

16

other employee’s records reflected a similar discrepancy. Leon testified that, as a Patrol

17

Officer, Garcia was not authorized to access or alter the scheduler program, and was never

18

given the supervisor password that would have allowed him to do so.

19
20
21

13.

Leon testified competently and knowledgeably about this incident. The

Court credits his testimony.
14.

Leon discussed the issue with Tsotsikyan. He then tried to call Garcia to ask

22

him about the discrepancy. Leon left a message asking Garcia to come into the office for

23

a meeting, but Garcia never arrived. Instead, Garcia called someone he considered to be a

24

friend at Security Specialists, long-time employee Denis Rybalka, and asked to meet.

25

15.

Rybalka had the day off, and had spent the day washing his car. He tried to

26

avoid Garcia’s calls. Rybalka had just finished hand waxing his car when he received yet

27

another call from Garcia, and finally decided to answer.

28

-5-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 6 of 31 Page ID #:722

1

16.

Garcia was in a panic. He was speaking “gibberish,” and was talking too fast

2

for Rybalka to follow. Rybalka thought he heard Garcia say, “they found out;” Garcia

3

was worried that he had been fired. Garcia asked to meet because he didn’t feel like he

4

could talk about what had happened over the phone.

5

17.

Rybalka hung up and immediately called Leon. Leon asked Rybalka to meet

6

with Garcia — and to record the conversation for Security Specialists’ benefit. Rybalka

7

had worked at Security Specialists for more than a decade, and he was intensely loyal to

8

the company and to Leon in particular. Rybalka set his cell phone to record and drove his

9

freshly waxed car to a nearby McDonald’s to meet with Garcia.

10

18.

The audio recording that Rybalka made was admitted, along with a transcript,

11

as Exhibit 4. Rybalka spoke slowly and clearly while testifying. He did not hesitate to

12

answer questions and appeared confident in his answers. Based on his manner when

13

testifying and other factors, the Court credits Rybalka’s testimony.

14

19.

During the meeting, Garcia told Rybalka that Garcia suspected Leon wanted

15

to meet with him because he had been receiving inflated paychecks for the past few

16

months. Garcia told Rybalka the following story:

17

20.

Garcia began by explaining that he has some skill with computers. A few

18

months prior, someone from Security Specialists’ competitor, PTS Security Services

19

(“PTS”), had asked him to come take a look at a broken laptop. While working on the

20

computer, Garcia noticed a file labelled “Security Specialists.” Curious, he opened the

21

file, only to find what he recognized to be confidential client records. Garcia saved the

22

file to his own device, deleted it from the laptop, and said nothing to his contact at PTS.

23

21.

A little while later, Richard Balint, a former employee of Security Specialists

24

and current employee of PTS, contacted Garcia. Balint told Garcia that he knew Garcia

25

had seen the “Security Specialists” file on the laptop. He asked Garcia not to say anything

26

to his employer about the file — and promised that Garcia would be well compensated for

27

staying quiet. Garcia said nothing, and soon after started receiving the inflated paychecks.

28

-6-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 7 of 31 Page ID #:723

1

22.

Rybalka tried to convince Garcia to tell his story to Leon. Rybalka

2

emphasized to Garcia that accepting the extra money had been wrong; but said that he

3

believed Garcia that it was PTS who inflated the paychecks. Rybalka thought that if

4

Garcia would only explain what happened to Leon, Garcia would be able to keep his job.

5

23.

Garcia was reluctant. He was afraid, he said. He had a family and was

6

worried for their safety. Besides, Garcia did not like Leon and thought that he and

7

Tsotsikyan would probably just try to blame the whole thing on Garcia. Instead, Garcia

8

wanted Rybalka to tell Leon and Tsotsikyan what had happened. Garcia thought that the

9

two higher-ups would be more receptive to his story if they heard it from Rybalka first.

10
11
12

24.

Eventually, Rybalka convinced Garcia to meet with Leon and Tsotsikyan.

Rybalka arranged the meeting.
25.

Leon, Tsotsikyan, Rybalka, and Garcia all met later that evening at a North

13

Hollywood gas station. This time, it was Leon who recorded the conversation. The audio

14

recording and a transcript were admitted as Exhibit 6.

15

26.

At the gas station, Leon aggressively confronted Garcia about the inflated

16

paychecks. Garcia told the assembled men his story about fixing the laptop for PTS and

17

the offered reward in exchange for his silence about the Security Specialists file. Garcia

18

explained that he thought there was a “mole” inside the company who was altering his

19

hours. Over and over, Garcia repeated that he had only acted to protect the company and

20

his friends who worked there.

21

27.

Leon immediately started pressing Garcia for names. He and Tsotsikyan

22

thought that even if Garcia did not have the administrative password, he must know who

23

did. At first Garcia was reluctant to name any names, citing a vague fear for his family’s

24

safety. Eventually, after being assured that the company would not press charges against

25

him for the inflated paychecks — or even ask for the money back — Garcia talked. By

26

the end of the meeting Garcia named several Security Specialists employees who he

27

claimed were agents of PTS. All of them were subsequently fired.

28

-7-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 8 of 31 Page ID #:724

1

28.

Leon also confronted Garcia about the entries in the paystub server log

2

indicating that Garcia logged into the management system from his patrol laptop the night

3

before Leon discovered the inflated wages. Garcia denied having used the administrator

4

password to log in.

5

29.

Garcia also emailed the client information that he said he found in the

6

Security Specialists file to Leon. The email contained a spreadsheet with entries for

7

several clients, and included their phone numbers, addresses, as well as other confidential

8

information. The attachment was admitted as Exhibit 7 at trial. Leon testified that Garcia

9

was never authorized to access this sort of client information, nor did Security Specialists

10

ever give Garcia a username or password that would have allowed him to access this

11

information.

12

C.

Garcia’s Firing

13

30.

A few months later, in September 2014, management at Security Specialists

14

began to notice something odd about towing patterns at the properties in Garcia’s patrol

15

area. While a Patrol Officer would typically tow one or two cars in any given day, Garcia

16

was regularly towing between five and ten cars per day. Moreover, most of the cars were

17

being towed by one particular company, L&M Towing.

18

31.

Tsotsikyan and Leon became concerned that Garcia was towing cars in

19

exchange for illegal kickbacks from L&M Towing. To test this theory, the pair decided to

20

transfer Garcia to a different patrol area, presumably one that L&M Towing did not

21

service, to see whether his towing patterns would change.

22

32.

On September 29, 2014, Leon informed Garcia that he was being reassigned

23

to a different patrol area. Right away, Garcia became very upset. In Leon’s retelling,

24

Garcia argued with Leon to be put back in his old patrol area. When Leon refused, Garcia

25

insisted that Security Specialists was pushing him out. Leon explained that was not true,

26

that the company was just reassigning Garcia to a different patrol area. Eventually, Garcia

27

told Leon he was quitting; Leon told Garcia to put it in writing. In Garcia’s retelling, the

28

reassignment was Security Specialists’ way of pushing him out of the company and

-8-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 9 of 31 Page ID #:725

1

forcing him to quit. Either way, Garcia submitted a handwritten note to Security

2

Specialists that day, stating simply “I Yovan Garcia quit Security Specialist[s],” signed

3

Yovan Garcia. The note was admitted as Exhibit 45.

4

33.

The day he was fired, Garcia texted Rybalka. At first, Garcia seemed only to

5

want to rant, complaining that he’d given two years of his life to a company that never

6

really cared about him. Then, Garcia began to talk about how ungrateful Security

7

Specialists was for the protection he had provided them. Garcia texted Rybalka a picture

8

of a client file on one of Security Specialists’ proprietary forms, as an example of the

9

“protection” he provided. Later on, Garcia texted Rybalka a picture of Leon’s employee

10
11

personnel file, also a confidential document.
34.

Rybalka showed the messages to Leon and Tsotsikyan. Leon testified that

12

the two images Garcia sent were of confidential files that Garcia never had authorization

13

to access. Without an administrative username and password, Garcia should not have

14

been able to see them, let alone store copies on his phone.

15

D.

The Security Specialists Hack

16

35.

On October 14, 2014, Security Specialists’ company servers were hacked.

17

The hacker targeted Tsotsikyan’s archived emails, company server files, accounting

18

software, and databases used for accounting, invoices, and payroll. Security Specialists’

19

custom-made FileMaker Pro databases were also targeted. The company lost files used to

20

schedule employees, generate and store field security reports, record and search client

21

information, and store service location instructions and service records. Security

22

Specialists’ backup files were also deleted or corrupted and the hacker was in the process

23

of reformatting the company’s various drives when the intrusion was discovered and the

24

servers disconnected from the internet. Tsotsikyan testified that the damage was extensive

25

and debilitating.

26

36.

Junior Arana, a Security Specialists Patrol Officer, testified that he was on

27

patrol the night of the hack. While Arana was in the field, he noticed that his patrol laptop

28

had been accessed remotely. Arana watched as a number of files were accessed and

-9-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 10 of 31 Page ID #:726

1

deleted, including Yovan Garcia’s reprimand file. Arana told his supervisor, Petros

2

Dertsakyan, what he had seen, and at some point drafted a short statement to the same

3

effect. The statement was admitted as Exhibit 11.

4

37.

Although Arana is still employed by Security Specialists, and thus has a

5

motive to testify favorably to his employer, he also appeared to answer questions honestly

6

and to the best of his ability. Arana told a consistent story in Exhibit 11, his declaration,

7

on direct examination, and during cross examination. The Court credits Arana’s

8

testimony based on its content and plausibility, and also on Arana’s demeanor while

9

testifying.

10

38.

A few hours before the hack, former employee and Defendant Richard Balint

11

— the same former employee who, according to Garcia, offered Garcia a reward for

12

keeping quiet about the Security Specialists file on the PTS laptop — called Security

13

Specialists. Petros Dertsakyan, a Security Specialists employee, answered the call.

14

Dertsakyan stated that Balint called to ask how things were going at Security Specialists.

15

At some point later, Dertsakyan typed up his recollection of the phone call as a signed

16

statement; exactly when the statement was created is unclear, as it is undated. The

17

statement was admitted as Exhibit 17.

18

39.

Balint called Security Specialists a second time on October 17, 2014, just

19

three days after the hack. Gevorg Dertsakyan, another Security Specialists employee,

20

answered the call. Later that day, Dertsakyan typed up his recollection of the phone call,

21

which was admitted as Exhibit 18. The statement was dated October 17, 2014 and signed

22

by Dertsakyan. Dertsakyan stated that Balint identified himself before asking “How is

23

your system, I heard it was down?” Balint asked, “Someone hacked it, did you check out

24

the website?” Dertsakyan asked Balint who had told him that Security Specialists had

25

been hacked; Balint replied, “a little birdy.”

26

40.

Security Specialists’ website was also vandalized that same week. The

27

website’s header was changed to read “Are you ready” along with the date December 1,

28

2014, and a string of five digits. Leon testified that these numbers were the first five

-10-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 11 of 31 Page ID #:727

1

digits of his Social Security Number. The website had also been edited to include a

2

particularly unflattering picture of Leon. Leon and Tsotsikyan took the vandalism as a

3

threat, both to Security Specialists generally and Leon specifically.

4

E.

Garcia’s Connection to the Hack

5

41.

Whoever vandalized the website solicited further embarrassing stories and

6

photos related to Security Specialists. The hacker left an email address where he or she

7

could be contacted: theAnonygroup@gmail.com.

8

42.

In an effort to figure out who had hacked the website — and perhaps also

9

Security Specialists’ network — Security Specialists served Google with a subpoena for

10

the account information. Google responded with a few pages of information, admitted as

11

Exhibit 13.

12

43.

Included in Google’s response was an IP address associated with the

13

“theAnonygroup” email address. Ken Hagopian, Security Specialists’ IT contractor,

14

testified that in October 2014 he ran a web search using several independent online IP

15

tracker tools to determine the approximate location of the user who had been assigned the

16

IP address. Screenshots of the search were admitted as Exhibit 14. Hagopian traced the

17

IP address to a neighborhood in North Hollywood, about a block from where Garcia lives.

18

44.

James Caspari, a former Patrol Officer for Security Specialists, testified about

19

a phone call he received from Garcia in September or October 2014. Caspari had quit

20

working for Security Specialists about six months before, on March 10, 2014. Caspari

21

was taking classes and working on building his own security company. Caspari testified

22

that Garcia called him to offer some computer software for his security company. When

23

Garcia came by, Caspari realized that the software was very similar to the software that

24

Security Specialists used. Garcia offered the software to Caspari in exchange for agreeing

25

to serve as Qualified Manager in the security company that Garcia was in the process of

26

developing. Caspari agreed to take a look, but felt that something was off about the

27

software. When Caspari expressed his concerns, Garcia told Caspari that he had

28

developed Security Specialists’ software, and that he thus owned the software rights.

-11-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 12 of 31 Page ID #:728

1

Caspari was not convinced, especially because Garcia refused to give Caspari the

2

administrative password.

3

45.

Nevertheless, Caspari agreed to serve as Garcia’s Qualified Manager in

4

exchange for the software. Caspari began using the software in his own business. He

5

testified that, in practice, the software operated remarkably similarly to Security

6

Specialists’ software.

7

46.

Caspari testified that he eventually stopped using the software Garcia gave

8

him. Caspari testified that not only did the software never work particularly well, but his

9

suspicions about the true ownership of the software continued unabated. Eventually,

10

Caspari concluded that the software was not necessary to run his business. He has since

11

resigned as Garcia’s Qualified Manager.

12

47.

While testifying, Caspari appeared nervous and ill at ease. He asked to

13

review his declaration before testifying and could not answer a single question without

14

referencing his declaration first. Caspari essentially testified directly from the declaration,

15

paragraph by paragraph, rather than speaking extemporaneously about any of the above

16

events. Caspari required prompting from his declaration for even the smallest details. It

17

was not clear whether Caspari actually remembered any of the above events, to which he

18

nevertheless testified. Moreover, given that Caspari was also named as a defendant in this

19

action, and faced similar liability for his role in the hack before settling separately with

20

Security Specialists, Caspari had some motivation to avoid any indication of his own

21

involvement with, and potential responsibility for, the hack. Therefore, the Court gives

22

his testimony little weight.

23

F.

Garcia’s Version of Events

24

48.

Garcia denies that he ever hacked Security Specialists. After starting to work

25

for the company in about 2012, Garcia soon realized that it was not as professional as its

26

client-facing image implied. Management was paranoid about competitors and regularly

27

fired employees for possible collusion. Management was particularly concerned with

28

-12-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 13 of 31 Page ID #:729

1

PTS, which had been started by a former employee and Defendant Mher Uzunyan, and

2

with whom run-of-the-mill business competition had become personal.

3

49.

The day Leon discovered the inflated payroll checks, Garcia had worked the

4

night shift. He got off work at 4:30 a.m.; Leon then asked him to come in to talk about the

5

checks at 9:00 a.m. Garcia explained that he had to take care of his daughter and, in any

6

case, fell asleep. He slept through the meeting. Garcia later got a phone call from one of

7

his colleagues at Security Specialists, who told Garcia that he had been taken off the

8

schedule. Garcia understood this news to mean that he had been fired. It was then that he

9

called Rybalka to arrange a meeting.

10

50.

Once Garcia got to the McDonald’s for the meeting, it became clear to him

11

that Rybalka was recording him. Garcia testified that when he went to get a hamburger,

12

Rybalka followed. When he went to the bathroom, Rybalka followed. So, knowing that

13

he was being recorded, Garcia decided to play a game: Garcia made up the story about

14

fixing the laptop for PTS just to see how Rybalka would react. Garcia did the same in his

15

second meeting, with Tsotsikyan and Leon, because he knew that it would upset them.

16

Garcia testified that, in reality, none of the events he relayed in either meeting ever

17

actually occurred.

18

51.

Even taking Garcia at his word that he lied to Rybalka, Tsotsikyan, and Leon,

19

Garcia never explained what had really happened. That is, Garcia never explained why

20

his payroll numbers were inflated and how he came to be in possession of Security

21

Specialists’ confidential client information. The evidence that Garcia had obtained

22

unauthorized access to Security Specialists’ confidential files was thus unrebutted.

23

52.

Garcia also flatly denied ever hacking Security Specialists or its website.

24

Garcia admitted to giving Caspari FileMaker Pro files that were very similar to those used

25

by Security Specialists. But he said he did so as a favor to Caspari, and that he had

26

developed the files himself. Garcia testified that FileMaker software is not difficult to buy

27

or learn, and said he had created his own files at some point during or right after his

28

employment with Security Specialists. However, Garcia could not explain the similarities

-13-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 14 of 31 Page ID #:730

1

in filenames or layout between Security Specialists’ forms and the forms Garcia gave to

2

Caspari, other than to say that similar templates are easy to find online. The Court thus

3

discounts Garcia’s implausible testimony and finds that Garcia obtained the files through

4

the hack.

5

53.

Garcia also contested Hagopian’s conclusion that the IP address traced to a

6

physical address close to where Garcia lives in North Hollywood. Garcia used several

7

websites to trace the same IP address a few weeks before trial, and found it was associated

8

with an address in Sherman Oaks.

9

54.

Hagopian testified in response that IP addresses are not tied to a specific

10

location “in perpetuity.” Rather, searching for the physical referent for an IP address at

11

one point in time may yield a different result than searching for the physical location of

12

the same IP address at a different point in time.

13

55.

The Court infers from Hagopian’s testimony that an IP search is more likely

14

to be accurately traced to an individual’s location the sooner after a particular incident

15

involving that IP address it is searched. Therefore, because Hagopian’s search of the IP

16

address associated with the October 2014 hack was conducted sooner after the hack than

17

Garcia’s search, the results of Hagopian’s search are more likely to actually represent

18

where the hacker was during the incident than Garcia’s search.

19

56.

Tsotsikyan also testified that Garcia had access to information in

20

Tsotsikyan’s personal email that Garcia otherwise had no way to know. Garcia told

21

Caspari about a car that Tsotsikyan had bought. Garcia testified that he had seen the car at

22

Security Specialists’ offices the day he quit. But, according to Tsotsikyan, the car was not

23

delivered until after Garcia had quit. However, Tsotsikyan had arranged for the car’s

24

delivery over email, before the hack. Therefore, it appears likely that Garcia read about

25

the vehicle’s impending delivery in Tsotsikyan’s email, rather than actually seeing it for

26

himself at Security Specialists.

27
28

57.

In sum, the Court does not find Garcia’s testimony to be credible. Not only

did Garcia himself admit to being capable of creating complex lies on short notice (for

-14-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 15 of 31 Page ID #:731

1

example, when he testified that he made up the whole story about PTS), Garcia’s

2

testimony failed to explain key aspects of his involvement with the various computer

3

hacking and website attacks at issue in this action. And Garcia himself testified that he is

4

good with computers — he can reformat drives, create FileMaker Pro files, and knows

5

some html.

6

58.

Garcia also told internally contradictory and easily disproved lies while

7

testifying. The story about the car provides one example; another came when Garcia

8

presented what he said was a letter of commendation from Security Specialists, but which

9

later testimony indicated was in fact a compliment delivered by Garcia himself, who

10

pretended to be a client and emailed the “compliment” to Tsotsikyan through a spoofed

11

email address. Throughout his testimony, Garcia appeared nervous, spoke quickly, and

12

tended to talk himself in circles.

13

G.

The Court’s Findings

14

59.

Based on the foregoing testimony and evidence, the Court finds as follows:

15

60.

Garcia personally hijacked Security Specialists’ website. Garcia also

16

accessed Security Specialists’ network without authorization and increased the number

17

overtime hours he had worked, so that he was paid overtime wages he had not earned.

18

61.

Furthermore, Garcia was involved in a conspiracy to hack Security

19

Specialists’ network. Although the specifics of the conspiracy are not clear from the

20

testimony, there is sufficient evidence to support a finding that Garcia worked with at least

21

one other individual to steal confidential files from Security Specialists and destroy the

22

servers and hardware that hosted Security Specialists’ information. Even before the hack,

23

Garcia was able to access Security Specialists’ network from his patrol car, using an

24

administrative password that he had never been given, to change his reported number of

25

hours. Additionally, it is clear from the text messages that Garcia sent to Rybalka that

26

Garcia had at some point acquired confidential files that he was never authorized to

27

access. And soon after the hack, the evidence indicates, Garcia came into possession of

28

Security Specialists’ proprietary FileMaker Pro forms. Whether or not Garcia himself was

-15-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 16 of 31 Page ID #:732

1

the hacker, the evidence indicates that in the hack, Garcia obtained Security Specialists’

2

confidential and proprietary materials that he otherwise had no authorization to access.

3

62.

As evidenced by Garcia and Caspari’s subsequent attempts to solicit Security

4

Specialists’ customers, the aim of this conspiracy was twofold: first, to damage Security

5

Specialists in an effort to reduce its competitive advantage; and second, to obtain access to

6

those files that gave Security Specialists its advantage, and use them to solicit Security

7

Specialists’ clients. Garcia copied portions of Security Specialists’ promotional materials

8

for the security company he later developed, and created sample reports using the stolen

9

FileMaker Pro forms. Using these stolen materials, Garcia successfully poached several

10

of Security Specialists’ clients, as discussed in more detail below.

11

H.

Damages

12

63.

Plaintiff requests the following damages, as set forth in Tsotsikyan’s

13

declaration:

14

a. Garcia’s unworked overtime pay: $6,071.49

15

b. Payroll taxes and insurance costs on Garcia’s unworked overtime pay:

16

$1,214.29

17

c. Invoices for work by Digital Synergy, Ken Hagopian’s IT company,

18

for work to repair damage from the hack: $83,260.37

19

d. Miscellaneous data recovery costs: $3,187.27

20

e. Recovery of domain name: $500

21

f. Increased payroll costs for recovery: $20,000

22

g. Loss of proprietary files: $425,000

23

h. Lost profits: $346,111.66

24

i. Attorneys’ fees: $64,446.50

25

j. Litigation costs: $5,857.62

26
27

64.

Plaintiff also requests punitive damages, which are available under the

California Uniform Trade Secrets Act (“CUTSA”). See Cal. Civ. Code § 3426.3(c).

28

-16-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 17 of 31 Page ID #:733

1

Finally, Plaintiff requests attorneys’ fees and costs, available under California Penal Code

2

section 502(e)(2).
1.

3
4

65.

Costs related to Garcia’s inflated checks

The Court has found that Garcia was involved in a scheme to access his

5

payroll records and artificially inflate the number of overtime hours he earned.

6

Accordingly, as explained below, Plaintiff is entitled to collect damages for Garcia’s

7

excess pay.

8
9

66.

Plaintiff submitted paystubs indicating that Garcia was paid $6,071.49 more

than he was owed for the number of hours he worked between January 2014 and July

10

2014, when the scheme was discovered. Garcia’s pay stubs, pay checks, and schedules

11

were admitted as Exhibit 2, and adequately support Plaintiff’s request.

12

67.

Plaintiff submitted no records to prove it spent $1,214.29 in payroll taxes and

13

insurance costs on the inflated wages. Tsotsikyan averred that payroll taxes and insurance

14

costs were “typically” 20% of what the employee was paid, but did not provide any more

15

detail as to how he reached that conclusion, or any evidence to show that the 20% figure

16

was representative of what Security Specialists typically paid on Garcia’s wages.

17

68.

Accordingly, the Court finds that Plaintiff has failed to meet its burden to

18

show its entitlement to payroll taxes and insurance costs. The proposed method of

19

calculation is too speculative and is unsupported by the evidence. The Court awards

20

$6,071.49 in damages related to Garcia’s inflated checks.
2.

21
22

69.

Repair Costs

Ken Hagopian testified about his efforts after the hack to repair the damage

23

to Security Specialists’ network and email. Tsotsikyan called Hagopian in as soon as he

24

realized something was wrong with the servers. After directing that the servers be

25

disconnected from the internet, Hagopian began to assess the damage. In Hagopian’s

26

opinion, the hacking resulted in a near total loss. The company server files, sage software,

27

Outlook Exchange email database files, and FileMaker Pro server files had all been

28

-17-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 18 of 31 Page ID #:734

1

deleted. To do damage this extensive, Hagopian reasoned, the hacker must have used an

2

administrative username and password.

3

70.

Although he could not remember the exact timeline of the effort, Hagopian

4

testified that he undertook a “protracted project” to make Security Specialists functional

5

again. He tried to recover the deleted information, but was largely unsuccessful. Instead,

6

Hagopian had to rebuild all of the servers from scratch. Hagopian scanned every one of

7

Security Specialists’ computers for viruses (including all of the laptops in all of the patrol

8

cars), wiped them clean, and reinstalled all of the programs and data. Some hardware and

9

software had to be replaced entirely.

10

71.

In support of his testimony, Hagopian submitted invoices for the project

11

totaling $83,260.37. The invoices were admitted as Exhibit 22. The Court reviewed the

12

invoices and discovered that many did not appear to bill for services provided in

13

connection with the hack. Most obviously, several of the invoices were dated August and

14

September 2014, months before the hack occurred. The invoices also listed items as late

15

as October 2015 for routine services, like determining why Outlook was running slowly

16

on a particular day, or purchasing annual licenses. Moreover, many of the billing records

17

are so heavily redacted that the Court was unable to determine what service was

18

performed, let alone whether it was provided in connection with the hack.

19

72.

Having gone through the records, the Court finds that only a portion of the

20

invoices can be tied with any certainty to the October 2014 hack. These invoices include

21

hardware purchased in late October and early November 2014, as well as all service

22

invoices tagged “Server down issues” (Ticket No. 10976), “Server Rebuild – Ticket 2”

23

(Ticket No. 12001), and “Server issues ticket 3” (Ticket No. 12444). Together, these

24

invoices total $53,017.11. The Court finds this sum to be an appropriate amount of

25

compensation for Hagopian’s hack-related services.

26

73.

Tsotsikyan also testified that, after Security Specialists’ website was

27

hijacked, he had some trouble convincing the hosting company to release the domain

28

name back to Security Specialists. Tsotsikyan eventually paid $500 for a notarized letter

-18-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 19 of 31 Page ID #:735

1

from the company to which the website had been transferred. The letter instructed the

2

web host to return the domain name to Security Specialists. A copy of the letter was

3

admitted as Exhibit 15. The Court finds this testimony sufficient to show Plaintiff’s

4

entitlement to $500 for the recovery of Security Specialists’ domain name.

5

74.

Plaintiff additionally requests $3,187.27 in what it calls “miscellaneous data

6

recovery costs.” Tsotsikyan explained that after the hack, Security Specialists sent its

7

hard drives to an offsite file recovery company in an attempt to recover the erased files.

8

Security Specialists was also forced to buy replacement hardware. Exhibit 23 includes

9

credit card records that have been redacted to show only charges related to the hack. The

10

records adequately support Plaintiffs’ request and the Court finds $3,187.27 to be a

11

reasonable amount to pay in data recovery services.

12

75.

Plaintiff also requests $20,000 in increased payroll costs to the company for

13

hours that Tsotsikyan, Leon, and other employees spent working overtime to address

14

issues raised by the hack. Tsotsikyan testified that for at least thirty days after the

15

incident, he and other Security Specialists employees worked many extra hours rebuilding

16

databases and records, including the payroll database. The Court finds this to be a

17

reasonable amount to expend on payroll to return Security Specialists to some semblance

18

of functionality during the month following the hack. Accordingly, Plaintiff is awarded

19

$20,000 in extra payroll costs for the month following the hack.

20

76.

Finally, Plaintiff requests compensation for the loss of its proprietary

21

FileMaker Pro files. Tsotsikyan explained that he spent in excess of 5,000 hours

22

developing the databases and forms that were attacked. Tsotsikyan once paid an

23

experienced FileMaker Pro software developer $170 per hour to consult on developing the

24

database, and believes $170 per hour to be a reasonable rate. Multiplying the proposed

25

reasonable hourly rate by the number of hours he spent on software development,

26

Tsotsikyan estimated that the proprietary files he had developed over the years were worth

27

approximately $850,000. Tsotsikyan added that other security providers paid $1 million

28

to implement an inferior database platform. Tsotsikyan further testified that he lost about

-19-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 20 of 31 Page ID #:736

1

half of the work he had done to create his proprietary database in the hack. Therefore,

2

Plaintiff asks for $425,000 in damages for the loss of the FileMaker Pro files.

3

77.

The Court does not agree that the above method is an appropriate method for

4

valuing the loss of Security Specialists’ proprietary files. For one thing, Tsotsikyan was

5

admittedly an amateur, a self-taught developer who had to learn the program on the go.

6

He is unlikely to be able to charge the same hourly fee as an experienced professional.

7

Similarly, because Tsotsikyan was learning the program as he went, all 5,000 hours are

8

unlikely to be billable. Any professional would be expected to cut out billing

9

inefficiencies resulting from inexperience or redundant efforts.

10

78.

Finally, the Court notes that Tsotsikyan was already paid his regular wages

11

for the hours he spent developing the program in the first place, and Plaintiff will be

12

compensated for the time Tsotsikyan spent rebuilding what was lost. To also pay

13

Tsotsikyan an hourly wage for developing the program in the first place would result in

14

his being paid twice for the same work.

15

79.

The Court recognizes that the proprietary files likely had some value

16

independent of Tsotsikyan’s pay while developing them, or while rebuilding the database.

17

That is, the confidential information and proprietary forms would likely be worth some

18

sum to an objective buyer hoping to open his or her own security company in the greater

19

Los Angeles area. But the cost to develop the proprietary information is not the same as

20

the cost to resell it. The Court doubts that Plaintiff’s proprietary files would be worth

21

$425,000. The Court places the likely resale value of what was lost at $100,000, and

22

awards Security Specialists that sum in addition to the increased payroll costs for

23

rebuilding the various databases and files.
3.

24
25

80.

Lost Income

Finally, Plaintiff requests $346,111.66 in lost profits. Plaintiff believes, and

26

the Court concludes below, that the goal of the hack was to cripple Security Specialists

27

and use its proprietary files to lure away its clients. Plaintiff submitted as Exhibits 24 and

28

25 examples of solicitation emails sent by Garcia and Caspari to Security Specialists’

-20-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 21 of 31 Page ID #:737

1

clients, which utilize stolen promotional materials and forms to convince the clients to

2

change providers. Plaintiff submitted as Exhibit 21 a list of clients that it believes it lost

3

due to the hack, along with the date the client became “inactive” and the monthly revenue

4

each client provided.

5

81.

The first entry, for client Santiago Estates, appears to have been included in

6

error, as its inactive date is July 11, 2014 — three months before the hack. As for the

7

remaining clients, the latest inactive date is June 15, 2015. The emails soliciting clients

8

using stolen materials date to April 2015, and Plaintiffs provide evidence that Garcia

9

continued to solicit Security Specialists’ clients through at least September 2015. Plaintiff

10

has met its burden of proof to show lost profits from November 2014 through June 2015.

11

82.

In his declaration, Tsotsikyan states that the company lost $329,630.16 in

12

annual revenue from clients who left Security Specialists due to the hack. Tsotsikyan

13

appears to have based its valuation on the sum of the total monthly revenue provided by

14

each client, which includes the monthly income from Santiago Estates. Plaintiff

15

multiplied the monthly loss by 12 to arrive at $329,630.16 in annual lost revenue.

16

83.

Tsotsikyan assumes that 35% of the annual lost revenue would be profit. He

17

also explains that according to industry standards, the usual valuation of a client contract

18

is three years’ worth of profit. Multiplying the annual lost revenue by 35%, and

19

multiplying that sum by three years, Tsotsikyan arrived at $329,630 in lost profits due to

20

the hack.

21

84.

The Court finds that this method significantly overvalues Plaintiff’s likely

22

lost profits. Plaintiff’s proposed sum assumes that each client’s contract would have

23

provided three years’ of profits from the date that client left Security Specialists. The

24

Court finds that estimate to be overly optimistic. The testimony of Tsotsikyan and Leon

25

shows that Security Specialists is in a competitive business. Even if the hack had not

26

occurred, presumably at least some of Security Specialists’ clients would have been lured

27

away within six months of October 2014 by competitors’ promises of cheaper or more

28

professional service. Even assuming some of the contracts would have lasted another

-21-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 22 of 31 Page ID #:738

1

three years from the time they became inactive, other clients likely would have left at the

2

same time anyway, or would have left in fewer than three years.

3

85.

Accordingly, the Court finds that a 1.5 year valuation, or half of the industry

4

standard, is more appropriate. The Court also finds that the annual lost revenue must be

5

calculated without the annual revenues of Santiago Estates, which as previously explained

6

became inactive months before the hack. Without Santiago Estates, the total monthly lost

7

revenue due to the hack is $21,569.18. Multiplied by 12 months, the Court finds that

8

Security Specialists’ annual lost income is $258,830.16. Assuming 35% of that is profit,

9

and valuing the likely remaining term of the each contract at 1.5 years, the Court awards

10
11

Security Specialists $135,885.83 in lost profits.
86.

4.

12
13

In total, the Court awards Plaintiff $318,661.70 in actual damages.

87.

Attorneys’ Fees

Because the litigation in this action is not yet concluded, the Court declines to

14

award any attorneys’ fees at this point. Counsel for Plaintiff may submit a separate

15

request for fees after the final judgment is entered. The request shall be properly noticed

16

under the Local Rules and supported by an attorney declaration and billing records.

17
18
19
20
21
22
23
24
25
26
27
28

-22-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 23 of 31 Page ID #:739

II.

1
2

1.

CONCLUSIONS OF LAW

The Court concludes that Defendant Garcia is liable for the following four

3

claims: violation of the Computer Fraud Abuse Act (“CFAA”), 18 U.S.C. § 1030(a)(4);

4

violation of the Stored Communications Act, 18 U.S.C. § 2701(a); violation of the

5

California Computer Data Access and Fraud Act, California Penal Code section 502; and

6

violation of the California Uniform Trade Secrets Act (“CUTSA”), California Civil Code

7

section 3426, et seq. Much of this liability arises from the same factual nexus. By

8

accessing Security Specialists’ protected network to artificially inflate his hours and by

9

participating in a conspiracy to hack into Security Specialists’ password protected,

10
11

confidential databases, Garcia incurred civil liability on all four claims.
A.

12
13

Claim One: Violation of the Computer Fraud Abuse Act, 18 U.S.C.
§ 1030(a)(4)

2.

“The CFAA prohibits acts of computer trespass by those who are not

14

authorized users or who exceed authorized use.” Facebook, Inc. v. Power Ventures, Inc.,

15

844 F.3d 1058, 1065 (9th Cir. 2016). Under § 1030(a)(4), a person who “knowingly and

16

with intent to defraud, accesses a protected computer without authorization, or exceeds

17

authorized access, and by means of such conduct furthers the intended fraud and obtains

18

anything of value[,]” with some exceptions not relevant here, violates the CFAA. A

19

plaintiff may pursue a civil claim under the statute if the harm exceeds $5,000 in value

20

during a one-year period. Id. § 1030(g); Facebook, 844 F.3d at 1066. The civil plaintiff

21

is limited to economic damages on this claim. Id.

22

3.

Therefore, “[t]o bring an action successfully under § 1030(g) based on a

23

violation of § 1030(a)(4), [Plaintiff] must show that [Garcia]: (1) accessed a protected

24

computer, (2) without authorization or exceeding such authorization that was granted, (3)

25

knowingly and with intent to defraud, and thereby (4) furthered the intended fraud and

26

obtained anything of value, causing (5) a loss to one or more persons during any one-year

27

period aggregating at least $5,000 in value.” LVRC Holdings LLC v. Brekka, 581 F.3d

28

1127, 1132 (9th Cir. 2009) (internal quotation marks and citations omitted) (citing P.C.

-23-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 24 of 31 Page ID #:740

1

Yonkers, Inc. v. Celebrations the Party and Seasonal Superstore, LLC, 428 F.3d 504, 508

2

(3d. Cir.2005); Theofel v. Farey–Jones, 359 F.3d 1066, 1078 (9th Cir.2004)).

3

4.

Here, all of the elements of § 1030(a)(4) are met.

4

5.

A “protected computer” is one that “is used in or affecting interstate or

5

foreign commerce or communication.” 18 U.S.C. § 1030(e)(2)(B). This has been

6

construed to include computer networks and databases. United States v. Nosal, 844 F.3d

7

1024, 1058 (9th Cir. 2016) (“Nosal II”) (“The CFAA’s restrictions have been applied to

8

computer networks, databases and cell phones.”). Protected computers are “effectively all

9

computers with Internet access.” United States v. Nosal, 676 F.3d 854, 859 (9th Cir.

10

2012) (“Nosal I”). The databases and computers at issue in this action were connected via

11

the Internet and thus were protected as defined by the statute.

12

6.

Whether Garcia had authorization to access Plaintiff’s computers turns on

13

whether Security Specialists gave him permission to use them. See Nosal II, 844 F.3d at

14

1028 (“[W]e conclude that ‘without authorization’ is an unambiguous, non-technical term

15

that, given its plain and ordinary meaning, means accessing a protected computer without

16

permission.”); LVRC Holdings, 581 F.3d 1133 (“an employer gives an employee

17

‘authorization’ to access a company computer when the employer gives the employee

18

permission to use it.”). As the Court previously found, Garcia never had permission to

19

access any of the files that were hacked. Garcia was not a supervisor and neither

20

Tsotsikyan nor Leon ever gave Garcia the administrative username and password.

21

7.

The intent element of the statute is defined with reference to the criminal

22

standard. See Nosal II, 844 F.3d at 1032 (approving use of Ninth Circuit model jury

23

instructions to define “intent to defraud” under the CFAA). Intent to defraud is defined in

24

the Ninth Circuit model jury instructions as “the intent to deceive or cheat.” Instruction

25

8.121. When Garcia accessed the Security Specialists payroll files to alter his hours, he

26

acted with intent to defraud Security Specialists by cheating the company out of wages

27

that he never earned.

28

-24-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 25 of 31 Page ID #:741

1

8.

Garcia was also involved in a conspiracy to hack the Security Specialists

2

network with a username and password that he was unauthorized to use. The hacker

3

accessed the files without Security Specialists’ permission or knowledge, making

4

illegitimate use of a legitimate password. The conspiracy thus acted with intent to defraud

5

Security Specialists.

6

9.

Garcia’s personal actions furthered the payroll fraud to the extent that he was

7

able to collect more than $6,000 in unworked overtime pay. Additionally, the proprietary

8

data the hackers obtained was worth at least $100,000, and the hack itself succeeded in

9

damaging Security Specialists’ network to such an extent that it took at least a month to

10
11

get the various databases and systems back in working order.
10.

Finally, the CFAA defines “losses” to include “any reasonable cost to any

12

victim, including the cost of responding to an offense, conducting a damage assessment,

13

and restoring the data, program, system, or information to its condition prior to the

14

offense, and any revenue lost, cost incurred, or other consequential damages incurred

15

because of interruption of service . . . .” 18 U.S.C. § 1030(e)(11). As discussed above,

16

Security Specialists incurred significant costs in assessing the damage, restoring the data,

17

and in lost revenue.

18
19
20

11.

to hack Security Specialists, and that the hack violated the CFAA.
B.

21
22

Therefore, the Court concludes that Garcia was a participant in a conspiracy
Claim Two: Violation of the Stored Communications Act, 18 U.S.C.
§ 2701(a)

12.

“The Stored Communications Act provides a cause of action against anyone

23

who ‘intentionally accesses without authorization a facility through which an electronic

24

communication service is provided . . . and thereby obtains, alters, or prevents authorized

25

access to a wire or electronic communication while it is in electronic storage.’” Theofel v.

26

Farey-Jones, 359 F.3d 1066, 1072 (9th Cir. 2004) (quoting 18 U.S.C. §§ 2701(a)(1),

27

2707(a)). “Like the tort of trespass, the Stored Communications Act protects individuals’

28

-25-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 26 of 31 Page ID #:742

1

privacy and proprietary interests.” Theofel v. Farey-Jones, 359 F.3d 1066, 1072 (9th Cir.

2

2004). Section 2707 provides for civil liability under the statute.

3

13.

The hack, as described above, included an effective attack on Security

4

Specialists’ email servers as well as the data stored in its network and backup drives.

5

Tsotsikyan was unable to access his email during the hack, and many emails were simply

6

lost. This result was one of the intended purposes of the hack. Accordingly, the Court

7

concludes that the conspiracy to hack Security Specialists also violated the Stored

8

Communications Act.

9

C.

10
11

Claim Three: Violation of the California Computer Data Access and
Fraud Act, California Penal Code Section 502

14.

California Penal Code section 502 imposes civil liability on a person who

12

“[k]nowingly accesses and without permission takes, copies, or makes use of any data

13

from a computer, computer system, or computer network, or takes or copies any

14

supporting documentation, whether existing or residing internal or external to a computer,

15

computer system, or computer network.” Id. § 502(c)(2); see also id. § 502(e)(1)

16

(permitting a plaintiff to bring a civil action for a violation of any provision of section

17

502(c), for compensatory, injunctive, and equitable relief). Garcia violated section 502

18

when, without permission, he accessed Security Specialists’ payroll system from his patrol

19

laptop and altered his payroll records. He was also involved in the conspiracy to hack

20

Security Specialists, and through that conspiracy obtained proprietary files and databases,

21

including Leon’s confidential employee personnel file and the FileMaker Pro forms that

22

he gave to Caspari.

23

15.

Accordingly, the Court concludes that Garcia violated section 502.

24

D.

Claim Four: Violation of the CUTSA, California Civil Code section 3426,

25
26

et seq.
16.

“Trade secret misappropriation occurs whenever a person . . . discloses or

27

uses, without consent, another’s trade secret that the person ‘[u]sed improper means to

28

acquire knowledge of’ . . .” Altavion, Inc. v. Konica Minolta Sys. Lab. Inc., 226 Cal. App.

-26-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 27 of 31 Page ID #:743

1

4th 26, 41–42, 171 Cal. Rptr. 3d 714 (2014) (quoting Cal. Civ. Code § 3426.1(b)(2)(A)).

2

“Improper means includes theft, . . . misrepresentation, . . . or espionage through

3

electronic or other means.” SASCO v. Rosendin Elec., Inc., 207 Cal. App. 4th 837, 844,

4

143 Cal. Rptr. 3d 828 (2012), as modified on denial of reh’g (Aug. 7, 2012) (quoting Cal.

5

Civ. Code § 3426.1(a)). A trade secret is defined as “information, including a . . .

6

program . . . that: (1) [d]erives independent economic value, actual or potential, from not

7

being generally known to the public or to other persons who can obtain economic value

8

from its disclosure or use; and (2) [i]s the subject of efforts that are reasonable under the

9

circumstances to maintain its secrecy.” Id. (quoting Cal. Civ. Code § 3426.1(d)).

10

17.

The California Supreme Court has emphasized that “the primary purpose of

11

California’s trade secret law . . . is to promote and reward innovation and technological

12

development and maintain commercial ethics.” DVD Copy Control Ass’n, Inc. v. Bunner,

13

31 Cal. 4th 864, 878, 4 Cal. Rptr. 3d 69 (2003), as modified (Oct. 15, 2003) (internal

14

quotation marks omitted).

15

18.

Plaintiff has met its burden to show that its confidential client databases and

16

FileMaker Pro files were trade secrets. Tsotsikyan testified that the FileMaker Pro forms

17

he developed, such as the forms that allowed Security Specialists Patrol Officers to send

18

reports to clients instantly from the field, gave Security Specialists a competitive edge.

19

Indeed, Garcia himself recognized the independent value of Security Specialists’ files and

20

databases when he offered Caspari access to the forms in exchange for Caspari’s

21

willingness to help Garcia by taking a position in Garcia’s fledgling security company.

22

Cf. Direct Techs., LLC v. Elec. Arts, Inc., 836 F.3d 1059, 1071 (9th Cir. 2016) (affirming

23

grant of summary judgment in favor of the defendant where a putative trade secret had

24

“no actual or even potential value to [the plaintiff] outside of a single ephemeral project

25

for a single customer.”).

26

19.

Additionally, Security Specialists made reasonable efforts to keep these

27

materials secret by authorizing only its two highest ranked and most trusted employees,

28

Tsotsikyan and Leon, to edit its FileMaker Pro files and confidential client information.

-27-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 28 of 31 Page ID #:744

1

20.

Finally, Garcia’s later use of Security Specialists’ client list and FileMaker

2

Pro files to poach clients constitutes misappropriation under the statute. Garcia was never

3

authorized to access the files, let alone use them to his advantage and to Security

4

Specialists’ great expense. See, e.g., Reeves v. Hanlon, 33 Cal. 4th 1140, 1155, 17 Cal.

5

Rptr. 3d 289 (2004) (internal citations omitted) (“A violation of the [CUTSA] occurs

6

when an individual misappropriates a former employer’s protected trade secret client list,

7

for example, by using the list to solicit clients or to otherwise attain an unfair competitive

8

advantage.”). By participating in a conspiracy to steal Security Specialists’ confidential

9

files and databases by accessing Plaintiff’s network without authorization — and then

10

personally using those files to undercut Security Specialists’ competitive standing by

11

soliciting its clients while it worked to repair the damage from the hack — Garcia

12

misappropriated Plaintiff’s trade secrets.

13

E.

Claim Five: Civil Conspiracy

14

21.

Allegations of civil conspiracy cannot constitute a separate claim for relief

15

under California law. See, e.g., Moran v. Endres, 135 Cal. App. 4th 952, 954, 37 Cal.

16

Rptr. 3d 786, 788 (2006) (“Conspiracy is not a cause of action, but a legal doctrine that

17

imposes liability on persons who, although not actually committing a tort themselves,

18

share with the immediate tortfeasors a common plan or design in its perpetration.”)

19

(internal quotation marks and citation omitted); Ram v. Wachovia Mortgage, FSB, No.

20

CIV S-10-1834 LKK DAD PS, 2011 WL 1135285, at *9 (E.D. Cal. Mar. 25, 2011) (“No

21

cause of action for conspiracy exists unless the pleaded facts show some wrongful act that

22

would support a cause of action without the conspiracy.”) (quoting Jones v. Wells Fargo

23

Bank, 112 Cal. App. 4th 1527, 1541, 5 Cal. Rptr. 3d 835 (2003)); Haning, Flahavan &

24

Kelly, Cal. Practice Guide: Personal Injury (The Rutter Group) ¶ 2:946 (“A civil

25

conspiracy is not itself an actionable tort.”). Therefore, the Court interprets Plaintiff’s

26

fifth claim for relief as an alternative basis for holding Garcia liable for the forgoing torts.

27

Where the Court has concluded that Garcia is liable under a theory of civil conspiracy, the

28

Court has so noted in the above discussion.

-28-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 29 of 31 Page ID #:745

1

F.

Remedies

2

22.

Under the CFAA, an injured plaintiff may collect as damages “‘any

3

reasonable cost . . . including the cost of responding to an offense, conducting a damage

4

assessment, and restoring the data, program, system, or information to its condition prior

5

to the offense, and any revenue lost, cost incurred, or other consequential damages

6

incurred because of interruption of service.’” Facebook, Inc. v. Power Ventures, Inc., 844

7

F.3d at 1066 (quoting 18 U.S.C. § 1030(e)(11)). As calculated above in the Findings of

8

Fact, the Court awards Plaintiff damages for Garcia’s unworked overtime pay, the various

9

costs to recover and repair Security Specialists’ lost and damaged files, the fair value of

10

the FileMaker Pro files, and Security Specialists’ lost profits as a result of the hack. The

11

same damages suffice to compensate Plaintiff for its injuries under the Stored

12

Communications Act, Penal Code section 502, and the CUTSA.

13

23.

Additionally, the CUTSA permits an injured plaintiff to obtain “exemplary

14

damages in an amount not exceeding twice any” damages award for willful and malicious

15

misappropriation. Cal. Civ. Code § 3426.3(c); see also Mattel, Inc. v. MGA Entm’t, Inc.,

16

705 F.3d 1108, 1110 (9th Cir. 2013) (explaining that the CUTSA permits an award of

17

punitive damages for willful and malicious trade secret misappropriation). However,

18

California requires specific evidence of the defendant’s financial condition to award

19

punitive damages. See Vacco Indus., Inc. v. Van Den Berg, 5 Cal. App. 4th 34, 46 n.11, 6

20

Cal. Rptr. 2d 602 (1992), as modified (Apr. 14, 1992) (holding that, under Adams v.

21

Murakami, 54 Cal.3d 105, 116, 123, 284 Cal. Rptr. 318 (1991), “substantial evidence of [a

22

defendant’s] financial condition” is required to award a plaintiff punitive damages

23

pursuant to the CUTSA). California courts consider “evidence of the defendant’s

24

financial condition” to be “essential for evaluating whether the amount of punitive

25

damages actually awarded is appropriate.” Robert L. Cloud & Assocs., Inc. v. Mikesell, 69

26

Cal. App. 4th 1141, 1151 n.8, 82 Cal. Rptr. 2d 143 (1999), as modified (Feb. 11, 1999)

27

(emphasis added).

28

-29-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 30 of 31 Page ID #:746

1

24.

Here, Plaintiff presented no evidence of Garcia’s financial condition.

2

Garcia’s paystubs from 2014 indicate that he was at that time earning less than $15 per

3

hour as a Patrol Officer for Security Specialists. Plaintiff has presented no evidence as to

4

Garcia’s current financial condition. Accordingly, the Court cannot award Plaintiff

5

punitive damages under California law.

6
VERDICT

7
8

The Court FINDS and RULES as follows:

9

On Plaintiff’s Claim One for violation of the CFAA, Defendant Garcia knowingly

10

accessed Security Specialists’ payroll system, and altered his records to reflect that he

11

worked more overtime hours than he really did. Additionally, Defendant Garcia

12

participated in a civil conspiracy to knowingly access without authorization Security

13

Specialists’ network, with the intent to defraud, and thereby obtained Security Specialists’

14

valuable, proprietary information. The Court thus finds in favor of Plaintiff.

15

On Plaintiff’s Claim Two for violation of the Stored Communications Act,

16

Defendant Garcia participated in a civil conspiracy to intentionally access and cripple,

17

without authorization, Security Specialists’ email servers. The Court thus finds in favor of

18

Plaintiff.

19

On Plaintiff’s Claim Three for violation of California Penal Code section 502,

20

Defendant Garcia knowingly and without permission accessed Security Specialists’

21

payroll system and altered his records to reflect that he worked more overtime than he

22

really did. As a result, Defendant Garcia was paid thousands of dollars more in overtime

23

wages than he was really owed. Additionally, Defendant Garcia participated in a civil

24

conspiracy to knowingly access without authorization Security Specialists’ network, with

25

the intent to defraud, and thereby obtained Security Specialists’ valuable, proprietary

26

information. The Court thus finds in favor of Plaintiff.

27
28

On Plaintiff’s Claim Four for violation of the CUTSA, Garcia participated in a
conspiracy to steal, and subsequently used, Security Specialists’ confidential databases

-30-

 Case 2:15-cv-05443-MWF-JPR Document 132 Filed 05/02/17 Page 31 of 31 Page ID #:747

1

and files to undercut Security Specialists’ competitive advantage. The Court thus finds in

2

favor of Plaintiff.

3

On Plaintiff’s Claim Five for civil conspiracy, the Court concludes that civil

4

conspiracy is not a separate claim for relief under California law, but rather an alternative

5

means of finding liability. As a technical matter the Court finds in favor of Defendant

6

Garcia on this claim, but the Court has previously noted where it has found Defendant

7

Garcia liable for the foregoing claims on a theory of civil conspiracy.

8
9
10
11

In total, Plaintiff is awarded $318,661.70 in damages. As the prevailing party,
Plaintiff may be entitled to statutory attorneys’ fees, in a sum to be calculated at a later
date.
Plaintiff has pending claims against one other Defendant in this action, Mher

12

Uzunyan. The Court will enter a separate judgment pursuant to Federal Rules of Civil

13

Procedure 54 and 58(b) once those claims are resolved and the entire action is concluded.

14
15
16
17

Dated: May 2, 2017.
MICHAEL W. FITZGERALD
United States District Judge

18
19
20
21
22
23
24
25
26
27
28

-31-