Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Customers of Barnes & Noble Inc. have not suffered injuries sufficient to grant them standing in a putative class action against the book retailer following a data breach, the U.S. District Court for the Northern District of Illinois ruled Sept. 3, dismissing the case (In re Barnes & Noble Pin Pad Litig., N.D. Ill., No. 1:12-cv-08617, dismissed 9/3/13).
In October 2012, Barnes & Noble revealed that it had discovered tampering with the personal identification number pads used to process payment card transactions at 63 of its stores (11 PVLR 1584, 10/29/12). The hackers used a technique known as “skimming” to collect customers' credit and debit card information, the court said.
The plaintiffs filed a consolidated class action complaint against Barnes & Noble, alleging the following five causes of action: breach of contract; violation of the Illinois Fraud and Deceptive Business Practices Act, 815 Ill. Comp. Stat. §§ 505/2; invasion of privacy; violation of the California Security Breach Notification Act, Cal. Civ. Code §§ 1798.80-1798.82 and § 1798.84; and violation of California's Unfair Competition Act, Cal. Bus. & Prof. Code §§ 17200-17210.
According to the plaintiffs, there was a six-week delay between the time Barnes & Noble learned of the breach and when it publicly announced the breach. They also alleged that the company failed to directly notify its customers. In addition, they claimed that the company failed to follow security protocols and regulations maintained by the payment card industry.
Barnes & Noble moved to dismiss the complaint pursuant to Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6). The court, however, found it unnecessary to analyze the book retailer's 12(b)(6) arguments.
The court granted the company's motion to dismiss for lack of standing after finding all of the alleged injuries insufficient to support standing.
It rejected the plaintiffs' argument that the delay or inadequacy of the breach notification increased the risk that they would suffer injuries and therefore supported standing. “Merely alleging an increased risk of identity theft or fraud is insufficient to establish standing,” the court said.
“Nothing in the Complaint indicates Plaintiffs have suffered either a 'certainly impending' injury or a 'substantial risk' of an injury, and therefore, the increased risk is insufficient to establish standing,” the district court said, quoting the U.S. Supreme Court's holding in Clapper v. Amnesty Int'l USA, 33 S. Ct. 1138 (2013) (12 PVLR 350, 3/4/13).
Allegations that statutes were breached, without any allegation of actual damages resulting from the breach, were inadequate to establish standing, the court said.
The alleged improper disclosure of the plaintiffs' personally identifiable information (PII) was insufficient to establish standing because the plaintiffs failed to allege that the information was disclosed, the court said. For the same reason, their alleged loss of privacy did not convey standing.
Nor did the plaintiffs' alleged time and expenses incurred to mitigate the risks of identity theft confer standing, the court concluded. They failed to allege expenses with specificity, and Clapper held that such expenses are not actual injuries in the absence of imminent harm, the court said.
An increased risk of identity theft is also inadequate to support standing, the court determined, noting that Clapper held that speculation of future harm is not an actual injury.
The plaintiffs did not allege an actual injury based on the deprivation of the value of their PII, the court said. “Plaintiffs do not allege their personal information was sold, nor do they allege the information could be sold by Plaintiffs for value,” it said.
In addition, anxiety and emotional distress following a breach are insufficient to confer standing, the court concluded, again noting the lack of an imminent threat to their PII.
The court found unpersuasive the plaintiffs' argument that the diminished value of their products and services supported standing because they “have not pled that Barnes & Noble charged a higher price for goods whether a customer pays with credit, and therefore, that additional value is expected in the use of a credit card.”
Finally, a fraudulent charge on one plaintiff's credit card was insufficient to confer standing because that plaintiff failed to plead that she suffered a monetary loss resulting from the charge and failed to connect that charge to the breach, the court said.
Edmund S. Aronowitz and Adam J. Levitt, of Grant & Eisenhofer PA, in Chicago; Joseph J. Siprut, of Siprut PC, in Chicago; Aleksandra M. S. Vold, of Synergy Law Group, in Chicago; and Ben Barnow, of Barnow and Associates PC, in Chicago, represented the plaintiffs. Peter V. Baugher and Kristen E. Hudson, of Schopf & Weiss LLP, in Chicago; and Kenneth L. Chernof and Hadrian R. Katz, of Arnold & Porter, in Washington, represented Barnes & Noble.
Full text of the court's opinion is available at http://www.bloomberglaw.com/public/document/In_Re_Barnes_and_Noble_Pin_Pad_Litigation_Docket_No_112cv08617_ND.
Full text of the consolidated class action complaint is available at http://www.bloomberglaw.com/public/document/In_Re_Barnes_and_Noble_Pin_Pad_Litigation_Docket_No_112cv08617_ND/1.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)