Minimum Competence - Daily Legal News Podcast
Minimum Competence
Thurs 4/6 - chipotle isn't Chipotle, is Malware, Legal fee Disputes and Biometrics in the Labor Realm.

Thurs 4/6 - chipotle isn't Chipotle, is Malware, Legal fee Disputes and Biometrics in the Labor Realm.

In today’s episode we have chipotle not to be confused with Chipotle, is a bucket of malware, legal fee disputes and a biometric-meets-labor story.

Chipotle has filed a lawsuit against Sweetgreen for trademark infringement, alleging that the salad chain's "Chipotle Chicken Burrito Bowl" menu item copies the name and branding of Chipotle's burrito bowls. The complaint, which was filed in a California federal court, claims that Sweetgreen's use of the word "Chipotle" in its advertising and the dish's name is likely to cause consumer confusion. Chipotle alleges that Sweetgreen has used the word "Chipotle" as a source-identifying trademark and that Instagram users have associated the two companies. In addition, a restaurant industry news article has noted that Sweetgreen's new dish "veers directly into arch-rival Chipotle Mexican Grill's territory." Chipotle had contacted Sweetgreen about branding concerns and recommended that the chain rename the dish to use "chipotle" in lowercase, but Sweetgreen did not respond, according to the complaint. The Mexican food chain owns five federal trademark registrations for the word "Chipotle." Sweetgreen has not yet responded to the lawsuit.

Chipotle Sues Sweetgreen for ‘Chipotle Chicken Burrito Bowl’ (1)

IRS-authorized tax e-file software provider,, was found serving JavaScript malware called 'popper.js,' containing a base64-encoded code that attempts to load JavaScript from a third party website. This code aims to prevent caching and load a fresh copy of malware when visited. This issue concerns and not the IRS e-file infrastructure or domains. Researchers have found the malware to be present on almost every page of until April 1st. Additionally, the same Amazon AWS endpoint was serving another file called 'update.js' that prompts users to download next-stage payloads, which establish a connection to a Tokyo-based IP address, hosted with Alibaba. The same IP address also hosts an illicit domain associated with the incident. Further analysis revealed the PHP script as a backdoor malware that remotely accesses an infected device, connects to a remote command and control server every ten seconds, and receives a task to execute on the infected device. The malware can allow full access to a device, providing the threat actor initial access to a corporate network for further attacks. The company has yet to release the full scope of the attack and if it has infected any of its customers. has been approached with questions but has not responded. This is the latest in a long series of problems with for-profit tax filing software companies, from security breaches to bait and switch advertising.

Hackers Strike Again: Service Suffers Major Cyber Attack

IRS-authorized tax return software caught serving JS malware

Law firm Quinn Emanuel Urquhart & Sullivan is opposing an attempt by two US health insurers to review certain internal records as the firm prepares to seek $185m in legal fees from a $3.7bn settlement with the US government. The dispute comes after a court struck down the $185m award in January, with the US Court of Appeals for the Federal Circuit saying the lower court had not "adequately" justified the amount. The health insurers have suggested about $8m in fees would be appropriate. In a statement, surprising no one, Quinn Emanuel's Adam Wolfson said the fee agreement the class members agreed to "should stand."

Law firm Quinn Emanuel resists probe after its $185 mln fee award is tossed | Reuters

The Illinois Supreme Court has ruled that unionized workers who sue for violations of the state’s Biometric Information Privacy Act (BIPA) are pre-empted if the worker is covered by a collective bargaining agreement with a broad management rights clause. Instead, the dispute resolution process set out in the union contract must be used, which typically involves grievance arbitration. The ruling is part of a surge in litigation under Illinois' biometric privacy law, which requires companies to disclose the purpose of collecting the information, obtain permission, and publish data retention or destruction policies. Such violations can be expensive, with a $228m judgment awarded against BNSF Railway Co. truck drivers for collecting employee fingerprints without consent. Arbitrators are responsible for deciding disputes over whether biometric privacy claims must go through a collective bargaining agreement’s dispute resolution process but it remains unclear what happens to such allegations in arbitration. Unions are expected to negotiate for strong biometric privacy protections in future contracts as a result of the ruling.

Union Workers in ‘Uncharted Territory’ on Illinois Privacy Law

The US Department of Justice has agreed to a $144.5 million settlement with survivors and families of the victims of the 2017 mass shooting at a Texas church that killed 26 people, for which a judge found the Air Force primarily responsible. The settlement with more than 75 plaintiffs requires approval by U.S. District Judge Xavier Rodriguez in San Antonio. It would end the government's appeal of Rodriguez's order that it pay approximately $230 million over the November 5, 2017 massacre by former Air Force airman Devin Patrick Kelley at the First Baptist Church in Sutherland Springs, Texas. Kelley had used firearms he should not have been allowed to buy after admitting in a 2012 court martial to domestic violence. In July 2021, Rodriguez found the Air Force 60% responsible over its failure to enter Kelley's plea in a database used for background checks prior to firearms purchases. Though finding Kelley 40% responsible, Rodriguez said not even Kelley's parents knew as much as the government about their son's capacity for violence. The settlement ends a painful chapter for the victims of the crime.

US reaches $144.5 million settlement with Texas church shooting victims | Reuters

Minimum Competence - Daily Legal News Podcast
Minimum Competence
The idea is that this podcast can accompany you on your commute home and will render you minimally competent on the major legal news stories of the day. The transcript is available in the form of a newsletter at