Kimpton Hotels Can’t Check Out of Class Data Breach Claims

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller

Upscale hotel chain Kimpton Hotel & Restaurant Group LLC can’t completely escape consumer claims that it failed to adequately protect guests’ payment card data and other personal information ( Walters v. Kimpton Hotel & Rest. Group , N.D. Cal., No. 16-cv-05387-VC, partial motion to dismiss granted 4/13/17 ).

Judge Vince Chhabria of the U.S. District Court for the Northern District of California dismissed April 13 California state fraud claims against Kimpton because the named plaintiff, Lee Walters, failed to plead all relevant factors to bring a successful action. However, Chhabria allowed implied contract, negligence and California unfair business practices claims to continue.

Hackers allegedly used malware to access Kimpton Hotels’ computers across the U.S., including in California. According to the amended complaint, the hackers were able to obtain hotel guests’ personal payment card and other data. Walters, on behalf of a proposed class of impacted customers, claimed that Kimpton failed “to take adequate and reasonable measures to ensure its data systems were protected.”

If the parties settle, or if the proposed class is successful at trial, the plantiffs will be reaching into deep pockets at the boutique hotel and restaurant chain. Kimpton was acquired for $430 million in January 2015 by Intercontinental Hotels Group Plc, according to Bloomberg data. Intercontinental is the world’s largest hotel company by room count and operates the popular Holiday Inn franchise, the data show.

Representatives for Kimpton didn’t immediately respond to Bloomberg BNA’s email request for comment.

Standing Conferred

Kimpton attempted to have the case tossed on the grounds that the Walters lacked standing, or the ability to sue in federal court.

Although other federal courts that have ruled that credit card theft isn’t enough to confer standing, the court relied on the U.S. Court of Appeals for the Sixth Circuit opinion in Galaria v. Nationwide Mut. Ins. Co., and the U.S. Court of Appeals for the Seventh Circuit opinion in Lewert v. P.F. Changs’s China Bistro, to reach its conclusion. The plaintiff’s claim that his payment card data were stolen, and “time and effort” were spent on monitoring credit reports, is “sufficient to demonstrate injury for standing purposes,” the court said

Walters is represented by Ram, Olson, Cereghino & Kopczynski LLP and Morgan & Morgan PA. Kimpton is represented by Baker & Hostetler LLP.

To contact the reporter on this story: Daniel R. Stoller in Washington at dStoller@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security