Commitments and Contingencies | Commitments and Contingencies Indemnifications In the ordinary course of business, we may provide indemnifications of varying scope and terms to customers, vendors, lessors, business partners, subsidiaries and other parties with respect to certain matters, including, but not limited to, product warranties and losses arising out of our breach of agreements or representations and warranties made by us, including claims alleging that our software infringes on the intellectual property rights of a third party. In addition, our bylaws contain indemnification obligations to our directors, officers, employees, and agents, and we have entered into indemnification agreements with our directors and certain of our officers to give such directors and officers additional contractual assurances regarding the scope of the indemnification set forth in our bylaws and to provide additional procedural protections. We maintain director and officer insurance, which may cover certain liabilities arising from our obligation to indemnify our directors and officers. It is not possible to determine the aggregate maximum potential loss under these indemnification agreements due to the limited history of prior indemnification claims and the unique facts and circumstances involved in each particular agreement. Such indemnification agreements might not be subject to maximum loss clauses. We monitor the conditions that are subject to indemnification to identify if a loss has occurred. Historically, we have not incurred material costs as a result of obligations under these agreements, and we have not accrued any material liabilities related to such indemnification obligations in our Condensed Consolidated Financial Statements. Litigation contingencies From time to time, we are involved in legal proceedings, including, but not limited to, regulatory proceedings, claims, mediations, arbitrations and litigation, arising out of the ordinary court of business. We evaluate contingent liabilities including threatened or pending litigation in accordance with the authoritative guidance on contingencies. We assess the likelihood of any adverse judgements or outcomes from potential claims or proceedings for accrual or disclosure in our Condensed Consolidated Financial Statements. A determination of the amount of an accrual required, if any, for these contingencies is made after the analysis of each separate matter. Because of uncertainties related to these matters, we base our estimates on the information available at the time of our assessment. As additional information becomes available, we reassess the potential liability related to our pending claims and litigation and may revise our estimates and disclosures. We classify our accruals for litigation contingencies in our Condensed Consolidated Balance Sheets as part of Other current liabilities or Other long-term liabilities based on when we expect to pay the claim, if at all. If the period of expected payment is within one year, we classify the amount as short-term; otherwise, it is classified as long-term. The exact timing of payment is subject to uncertainty and could change significantly from our estimated payment period. Trustees of the University of Columbia in the City of New York v. NortonLifeLock As previously disclosed, on May 2, 2022, a jury returned its verdict in a patent infringement case filed in 2013 by the Trustees of Columbia University in the City of New York (Columbia) in the U.S. District Court for the Eastern District of Virginia. Columbia originally brought suit alleging infringement of six patents owned by the university. We won a favorable claim construction order on all six patents, and the claim construction was upheld by the Federal Circuit in 2016 on all but U.S. Patent Nos. 8,601,322 and 8,074,115. We also sought inter partes review by the Patent Trial and Appeal Board of the claims of the ‘322 and ‘115 Patents and all but two claims of the ‘322 Patent and three claims of the ‘115 Patent were invalidated. The remaining claims of the ‘322 and ‘115 Patents were the only claims that remained in suit at trial. The jury found that our Norton Security products and Symantec Endpoint Protection products (the latter of which were sold by us to Broadcom as part of an Asset Purchase Agreement dated November 4, 2019) willfully infringe the ‘322 and ‘115 Patents through the use of SONAR/BASH behavioral protection technology. The jury awarded damages in the amount of $185 million. Columbia did not seek injunctive relief against us. We believe that we have ceased the use of the technology found by the jury to infringe. The jury also found that we did not fraudulently conceal its prosecution of U.S. Patent No. 8,549,643 but did find that two Columbia professors were coinventors of this patent. No damages were awarded related to this patent. On September 30, 2023, the court entered its judgment, which awarded Columbia (i) enhanced damages of 2.6 times the jury award; (ii) prejudgment interest, post-judgment interest, and supplemental damages to be calculated in accordance with the parties’ previous agreement; and (iii) attorneys’ fees subject to the parties meeting and conferring as to amount. We have complied with the court’s order and submitted a stipulation regarding the final calculations of all outstanding interest, royalties and attorneys’ fees. We have posted the required surety bond and have appealed the judgement to the Federal Circuit Court of Appeals, which remains pending. At this time, our current estimate of probable losses from this matter is approximately $591 million, which we have accrued and recorded as part of Other long-term liabilities in the Condensed Consolidated Balance Sheets . There is a reasonable possibility that a loss may be incurred in excess of our accrual for this matter; however, such incremental loss cannot be reasonably estimated. Securities Class Action and Derivative Litigation Securities class action lawsuits, which have since been consolidated, were filed in May 2018 against us and certain of our former officers, in the U.S. District Court for the Northern District of California. The lead plaintiff’s consolidated amended complaint alleged that, during a purported class period of May 11, 2017 to August 2, 2018, defendants made false and misleading statements in violation of Sections 10(b) and 20(a), and that certain individuals violated Section 20A, of the Securities Exchange Act of 1934, as amended (the Exchange Act). On May 24, 2021, the parties reached a proposed settlement and release of all claims in the class action, for $70 million, and on June 8, 2021, the parties executed a Stipulation and Agreement of Settlement, exclusive of any claims that may be brought by shareholders who opted out of the class action. Of the $70 million, $67 million was covered under the applicable insurance policy with the remainder paid by us into escrow in September 2021. The Court approved the settlement on February 12, 2022, releasing the settlement payment from escrow. On November 22, 2021, investment funds managed by Orbis Investment Management Ltd. which previously opted out of the securities class action, filed suit under the Exchange Act, the Arizona Securities Act, the Arizona Consumer Fraud Act and certain common law causes of action to recover alleged damages for losses incurred by the funds for their purchases or acquisitions of our common stock during the class period. On February 7, 2023, our Motion to Dismiss was granted in part and denied in part. The parties have now settled the matter and the action was dismissed with prejudice on April 26, 2023. The impact of settlement was not material. Purported shareholder derivative lawsuits were filed against us and certain of our former officers and current and former directors in the Delaware Court of Chancery ( In re Symantec Corp. S’holder. Deriv. Litig. ), Northern District of California ( Lee v. Clark et al., ), and the District of Delaware ( Milliken vs. Clark et al. ). These assert generally the same facts and circumstances as alleged in the securities class action and allege claims for breach of fiduciary duty and related claims. On January 4, 2023, after reaching an agreement on the terms of the proposed settlement, which provides for, among other things, a payment of $12 million to the Company by the insurers of the Company’s directors and officers, the parties to the Chancery action filed a Stipulation and Agreement of Settlement, Compromise and Release in that Court, which was approved by the Court on May 4, 2023, over the objection of the Lee and Milliken plaintiffs, and releases all claims in the Chancery, Lee , and Milliken actions, as well as any other claims based on the same operative facts. The parties in the Milliken action stipulated to a dismissal with prejudice, which was entered by that Court on May 12, 2023. The parties in the Lee action stipulated to a dismissal with prejudice, which was entered by that Court on June 12, 2023. All three shareholder derivative lawsuits are now resolved. A fourth lawsuit filed in the Delaware Superior Court, Kukard v. Symantec , brought claims derivatively on behalf of our 2008 Employee Stock Purchase Plan. The parties have reached a settlement in principle, subject to Court approval. The impact of settlement was not material. GSA During the first quarter of fiscal 2013, we were advised by the Commercial Litigation Branch of the Department of Justice’s (DOJ) Civil Division and the Civil Division of the U.S. Attorney’s Office for the District of Columbia that the government is investigating our compliance with certain provisions of our U.S. General Services Administration (GSA) Multiple Award Schedule Contract No. GS-35F-0240T effective January 24, 2007, including provisions relating to pricing, country of origin, accessibility, and the disclosure of commercial sales practices. As reported on the GSA’s publicly available database, our total sales under the GSA Schedule contract were approximately $222 million from the period beginning January 2007 and ending September 2012. We fully cooperated with the government throughout its investigation, and in January 2014, representatives of the government indicated that their initial analysis of our actual damages exposure from direct government sales under the GSA Schedule contract was approximately $145 million; since the initial meeting, the government’s analysis of our potential damages exposure relating to direct sales increased. The government also indicated they would pursue claims for certain sales to California, Florida, and New York as well as sales to the federal government through reseller GSA Schedule contracts, which could significantly increase our potential damages exposure. In 2012, a sealed civil lawsuit was filed against us related to compliance with the GSA Schedule contract and contracts with California, Florida, and New York. On July 18, 2014, the Court-imposed seal expired, and the government intervened in the lawsuit. On September 16, 2014, the states of California and Florida intervened in the lawsuit, and the state of New York notified the Court that it would not intervene. On October 3, 2014, the DOJ filed an amended complaint, which did not state a specific damages amount. On October 17, 2014, California and Florida combined their claims with those of the DOJ and the relator on behalf of New York in an Omnibus Complaint, and a First Amended Omnibus Complaint was filed on October 8, 2015; the state claims also do not state specific damages amounts. On March 23, 2021, plaintiffs withdrew their demand for a jury trial and we consented to proceed with a bench trial, which concluded on March 24, 2022. We settled with the State of Florida before trial and the State of New York during trial, both for immaterial amounts which have been paid. On January 19, 2023, the Court issued its Findings of Facts and Conclusions of Law in which it found in favor of the United States in part and awarded damages and penalties in the amount of $1.3 million. The Court also found in favor of the State of California in part and awarded penalties in the amount of $0.4 million. The resulting Judgment was filed by the Court on January 20, 2023. On February 16, 2023, plaintiffs filed Motions to Amend Judgment to revive the damages claimed at trial. On January 16, 2024, the Court granted in part and denied in part the United States’ Motion to Amend and awarded $53 million in damages and penalties. The State of California’s Motion to Amend was denied. The January 2023 judgment amount has been paid, and at this time, our current estimate of the low end of the range of probable estimated losses from this matter is $53 million, which we have accrued and recorded as part of Other current liabilities in the Condensed Consolidated Balance Sheets. On February 13, 2024, we filed a motion to amend and correct the judgement in that the revised damages in the January 2024 decision include damages for products not included on the GSA schedule at issue in the case. The Court denied that motion on August 30, 2024, and subsequently issued its Judgment on September 30, 2024. The parties’ deadline to file a Notice of Appeal was October 29, 2024. Neither party filed a Notice of Appeal and we expect to pay the judgment, including post-judgment interest, in November 2024. In addition, we are currently negotiating the amount of attorneys’ fees owed to the Relator. If a negotiated resolution as to fees is not reached, Relator’s deadline to bring a motion for fees is December 2, 2024. Jumpshot Matters At the end of 2019, Avast came under media scrutiny for provision of Avast customer data to its data analytics subsidiary Jumpshot Inc. Jumpshot was a subsidiary of Avast with its own management team and technical experts. Avast announced the decision to terminate its provision of data to, and wind down, Jumpshot on January 30, 2020. As Avast has previously disclosed, it has been in communication with certain regulators and authorities prior to completion of the acquisition of Avast, and we will continue cooperating fully in respect of all regulatory enquiries. On December 23, 2019, the United States Federal Trade Commission (FTC) issued a Civil Investigative Demand (CID) to Avast seeking documents and information related to its privacy practices, including Jumpshot's past use of consumer information that was provided to it by Avast. Avast responded cooperatively to the CID and related follow-up requests from the FTC. On October 29, 2021, staff at the FTC sent Avast a draft complaint and proposed settlement order. We engaged in ongoing negotiations with the FTC staff and have reached a negotiated agreement on the terms of a Consent Decree resolving this investigation, the terms of which are now final. This includes a provision for a non-material amount of monetary relief, which has been paid. On February 27, 2020, the Czech Office for Personal Data Protection (the Czech DPA) initiated offense proceedings concerning Avast`s practices with respect to Jumpshot, the Czech DPA issued a decision in March 2022 finding that Avast had violated the GDPR and issued a fine of CZK 351 million, which is approximately $15 million. Avast appealed the decision, which was affirmed by the Czech DPA on April 10, 2024. Avast has now paid the fine levied by the DPA. On June 15, 2024, Avast brought a judicial action in the administrative law court challenging the decision of the Czech DPA. That matter is still pending. On March 27, 2024, Stichting CUIC – Privacy Foundation for Collective Redress, a Dutch foundation (the Foundation), filed its writ of summons to initiate a collective action. The Foundation has asserted it represents the interests of Avast customers in the Netherlands whose data was provided to Jumpshot and that by doing so Avast violated the requirements of the GDPR and other provisions in Dutch and European Union privacy and consumer law entitling those customers to damages and other compensation, all of which we dispute. No specific amount of damages has been alleged to date. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible or estimate the range of any potential loss. On April 18, 2024, we received a letter before action from counsel in the United Kingdom asserting it may bring a representative action on behalf of a class of Avast users in the United Kingdom and Wales for breach of contract and misuse of private information and seeking unspecified damages and a permanent injunction. No lawsuit has been commenced. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible or estimate the range of any potential loss. On December 12, 2022, a putative class action, Lau v. Gen Digital Inc. and Jumpshot Inc ., was filed in the Northern District of California alleging violations of the Electronic Communications Privacy Act, California Invasion of Privacy Act, statutory larceny, unfair competition and various common law claims related to the provision of customer data to Jumpshot. Such claims, to the extent related to Jumpshot, have now been dismissed from the case as has Jumpshot Inc. as a defendant. At this stage, we are unable to assess whether any material loss or adverse effect is reasonably possible as a result of this action or estimate the range of any potential loss. We dispute these claims and intend to defend them vigorously. The outcome of the regulatory proceedings, government enforcement actions and litigation is difficult to predict, and the cost to defend, settle or otherwise resolve these matters may be significant. Plaintiffs or regulatory agencies or authorities in these matters may seek recovery of large or indeterminate amounts or seek to impose sanctions, including significant monetary penalties, as well as equitable relief. The monetary and other impact of these litigations, proceedings or actions may remain unknown for substantial periods of time. Further, an unfavorable resolution of litigations, proceedings or actions could have a material adverse effect on our business, financial condition, and results of operations and cash flows. The amount of time that will be required to resolve these matters is unpredictable, and these matters may divert management’s attention from the day-to-day operations of our business. Any future investigations or additional lawsuits may also adversely affect our business, financial condition, results of operations and cash flows. Other We are involved in a number of other judicial and administrative proceedings that are incidental to our business. Although adverse decisions (or settlements) may occur in one or more of the cases, it is not possible to estimate the possible loss or losses from each of these cases. The final resolution of these lawsuits, individually or in the aggregate, is not expected to have a material adverse effect on our business, results of operations, financial condition or cash flows. |