[EDRM Editor’s Note: The opinions and positions are those of Michael Berman.]
The decision in Legault v. Costco Wholesale Corporation, 2025 WL 3252653 (E.D. Ark. Nov. 21, 2025), is succinct in its discussion of the production of native files.
The court wrote: “Legault’s motion to compel Costco to provide him with native files and metadata is denied because Costco states the files are security sensitive configuration files. While Legault argues that this is insufficient, Costco has offered to make the files available to Legault…. Additionally, the parties were unable to come to an agreement on a protective order, therefore, Legault’s argument about recourse of confidentiality concerns being through a protective order is denied.”
Legault’s motion to compel Costco to provide him with native files and metadata is denied because Costco states the files are security sensitive configuration files.
Legault v. Costco Wholesale Corporation, 2025 WL 3252653 (E.D. Ark. Nov. 21, 2025).
That’s all there is on this issue in the court’s opinion.
Bloomberg Law reports that the claim is an employment action for retaliation leading to termination. In ¶20 of the Complaint, plaintiff alleged irregularities in his personal devices “that indicated potential IT security issues.” Plaintiff alleged that they “originated from Costco’s systems….”
Alleging no satisfactory response from Costco after presenting his concerns, plaintiff “downloaded files to his device so he could research these issues at home and report them to Costco again.” Compl., ¶34. The files were configuration files. Id., ¶37. He was suspended the next day and contacted by employees “who ran Cyber Operations for Costco.” Id., ¶35.
Bloomberg Law posted a copy of Costco’s response to the motion to compel. ECF No. 36. It states: “Costco terminated Legault’s employment after it discovered that Legault had removed, or ‘exfiltrated,’ approximately 6,000 files from Costco’s secure IT network.”
Costco wrote that, in the motion to compel, plaintiff wanted to review “configuration files” in native form. It wrote: “Legault has demanded that Costco produce the ‘native files’ that he exfiltrated. Costco has produced over 4,000 of those files.”
Costco then asserted:
The remaining files, however, are security-sensitive “configuration” files. Configuration files are customizable instructions for software systems—they instruct the systems to do whatever they are designed to do based on the preferences and settings contained in the files. In his deposition, Legault acknowledged that a configuration file “provides a roadmap” of whatever software system it configures…. As stated in Costco’s investigation report regarding Legault’s exfiltration: “Configuration files could be used by an adversary to harm Costco’s network or Warehouse Operations.”
Costco wrote that it offered to make the files available for review at a deposition; however, it claims that plaintiff never responded and asserted that plaintiff “never raised the subject of reviewing the files during Helm’s deposition.” Plaintiff disputed this; Costco asserts that it renewed the offer; and, Costco wrote that plaintiff never responded.
Assisted by GAI and LLM Technologies per EDRM GAI and LLM Policy.
