Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
Oct. 4 — Compromised payment card PIN pads at Barnes & Noble Inc. stores don't present a harmful enough threat to allow consumers to recover damages ( In re Barnes & Noble Pin Pad Litig., N.D. Ill., No. 12-cv-08617, dismissal, 10/3/16 ).
Although the class plaintiffs stated sufficient risk of harm in their amended complaint to establish the basic step for a suit, they failed to establish sufficient injury tied directly to the data breach, Judge Andrea R. Wood of the U.S. District Court for the Northern District of Illinois said Oct. 3 in dismissing the case.
The case stems from a fall 2012 data breach that revealed tampering of the personal identification number pads used to process payment card transactions at 63 of its nationwide stores—nearly 9 percent of the stores in the chain. The hackers tampered with the credit card personal identification number pads to allow them to skim customers' credit and debit card information.
The plaintiffs brought claims under common law breach of contract, Illinois and California consumer fraud and deceptive business practices laws and California's breach notice statute. The plaintiffs sought monetary damages for the loss of their personal sensitive data, loss of privacy and expenses incurred to limit the risk of identify theft.
The court dismissed the original class complaint Sept. 3, 2013 because the plaintiffs failed to establish standing to sue in federal court. The plaintiffs then refiled their first amended complaint Sept. 24, 2013 with similar claims against Barnes & Noble. The amended class complaint only added six new allegations, which included costs associated with identity theft monitoring and Barnes & Noble's negligence in not discovering and reporting the breach sooner.
However, the plaintiffs' claims still didn't plead enough injury to sue in federal court. Judge Wood tossed the plaintiffs' claims because they didn't plead “any economic or out-of-pocket damages that were caused by the Barnes & Noble data breach.”
Because the plaintiffs didn't “allege actual damages to state a claim for relief,” the claims must be tossed, the court said.
The case highlights the potential longevity of a data breach class action and the high litigation costs that may accompany a drawn out case. A company may face less litigation and reputational costs if it can settle out of court early after a data breach.
New York-based Barnes & Noble is the tenth largest public e-commerce discretionary company in the U.S. with a $813.45 million market capitalization, Bloomberg data show.
The court also dismissed plaintiffs' Illinois state consumer law allegations that Barnes & Noble didn't “implement adequate, commercially reasonable security measures to protect” the sensitive personal information and “by failing to inform” the putative class of the breach.
The court noted that the “plaintiffs' failure to plead any economic damages” is “fatal to this cause of action.” Because the plaintiffs didn't allege claims that show that they “suffered actual monetary losses,” the Illinois claims were thrown out.
The court also dismissed the plaintiffs' California data breach notification law claims.
California enacted the first-in-the-nation data breach notification statute in 2002. It requires companies possessing or controlling personally identifiable information to notify individuals of a security breach if the personal information was or was presumed to be accessed by an unauthorized person. Now, 47 states and the District of Columbia have breach notice laws.
Although the court found that “Barnes & Noble was insufficiently prompt in notifying” the plaintiffs of the data breach, the putative class failed to adequately claim that they were injured by the delay in breach notification. The court was unable to find a “causal connection” between plaintiffs' harm and the “six-week delay in reporting the breach.”
The putative class has until Oct. 31 to file a second amended complaint to “cure the deficiencies” as outlined in the opinion.
Barnes & Noble didn't respond to Bloomberg BNA's e-mail request for comments.
Honigman Miller Schwartz and Cohn LLP and Arnold & Porter LLP represent Barnes & Noble. Grant & Eisenhofer PA, Siprut PC and Barnow and Associates PC represented the putative class.
To contact the reporter on this story: Daniel R. Stoller in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald G. Aplin at email@example.com
Full text of the opinion is available at http://www.bloomberglaw.com/public/document/In_Re_Barnes_and_Noble_Pin_Pad_Litigation_Docket_No_112cv08617_ND/4.
Copyright © 2016 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)