Cmty. Bank of Trenton v. Schnuck Mkts., Inc.

• Citation: 210 F.Supp.3d 1022
• Decision Date: 28 September 2016
• Docket Number: Case No. 15-cv-01125-MJR
• Parties: COMMUNITY BANK OF TRENTON, University of Illinois Employees Credit Union, First Federal Savings Bank of Champaign-Urbana, and Southpointe Credit Union, individually and on behalf of all similarly situated payment card issues, Plaintiff, v. SCHNUCK MARKETS, INC., Defendant.
• Court: U.S. District Court — Southern District of Illinois

210 F.Supp.3d 1022

COMMUNITY BANK OF TRENTON, University of Illinois Employees Credit Union, First Federal Savings Bank of Champaign-Urbana, and Southpointe Credit Union, individually and on behalf of all similarly situated payment card issues, Plaintiff,

v.SCHNUCK MARKETS, INC., Defendant.

Case No. 15-cv-01125-MJR

United States District Court, S.D. Illinois.

Signed September 28, 2016

Christopher J. Quinn, John J. Driscoll, Driscoll Firm, P.C., St. Louis, IL, Mitchell A. Toups, Weller Green Toups et al., Richard Lyle Coffman, The Coffman Law Firm, Beaumont, TX, for Plaintiff.

Daniel R. Warren, James A. Slater, Sam A. Camardo, Baker & Hostetler LLP, Cleveland, OH, Russell K. Scott, Greensfelder, Hemker & Gale PC, Swansea, IL, for Defendant.

MEMORANDUM AND ORDER

REAGAN, Chief District Judge

A. Introduction and Procedural Overview

Between December 2012 and March 2013, Schnucks (Defendant), a local grocer, fell prey to the increasingly common woe of a major data breach. As a result of the breach, numerous customers' personal information was put at risk, and numerous financial institutions (Plaintiffs) were required to assist their customers in remedying their personal financial risks and losses. A number of the financial institutions forced to spend money and time bailing out their customers filed suit against Schnucks alleging violations of the civil provisions of Racketeer Influenced and Corrupt Organizations Act ("RICO"), contractual breaches, and basic torts. The case is now before the Court on Schnucks's motion to dismiss.¹

Plaintiffs brought this action before the Court, arguing two federal jurisdictional grounds—18 U.S.C. 1961, et seq., pursuant to 18 U.S.C. 1964(a) & (c) ("RICO"); and 28 U.S.C. 1332(d) ("CAFA"). RICO claims would provide an appropriate basis for federal question jurisdiction because RICO is a federal statute. CAFA would provide an appropriate basis for jurisdiction because at least one Plaintiff is an Illinois corporation and Schnucks is a Missouri corporation. Assuming, without deciding, that either RICO claims or the other CAFA prerequisites could be satisfied, this Court has jurisdiction over this action. Schnucks does not contest either of these grounds for jurisdiction, and the Court finds that it enjoys subject matter jurisdiction pursuant to either ground. Venue is also appropriate because at least one Plaintiff—Community Bank of Trenton—is located in the Southern District of Illinois, East St. Louis Division, and Schnucks resided, was found, and conducted business in the Southern District of Illinois, East St. Louis Division.

This Court accepts all factual allegations as true when reviewing a 12(b)(6) motion to dismiss. Erickson v. Pardus , 551 U.S. 89, 94, 127 S.Ct. 2197, 167 L.Ed.2d 1081 (2007). To avoid dismissal for failure to state a claim, a complaint must contain a short and plain statement of the claim sufficient to show entitlement to relief and to notify the defendant of the allegations made against him. FED. R. CIV. P. 8(a)(2) ; Bell Atl. Corp. v. Twombly , 550 U.S. 544, 555–57, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). In order to meet this standard, a complaint must describe the claims in sufficient factual detail to suggest a right to relief beyond a speculative level. Id. ; Ashcroft v. Iqbal , 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) ; EEOC v. Concentra Health Servs. , 496 F.3d 773, 776 (7th Cir. 2007). A complaint need not contain detailed factual allegations, Scott v. Chuhak & Tecs on, P.C., 725 F.3d 772, 782 (7th Cir. 2013), but it must go beyond "mere labels and conclusions" and contain "enough to raise the right to relief above the speculative level," G&S Holdings, LLC v. Cont'l Cas. Co., 697 F.3d 534, 537–38 (7th Cir. 2012).

The Seventh Circuit has outlined the boundaries of 12(b)(6) with two major principles. First, that although facts in the pleadings must be accepted as true and construed in the plaintiff's favor, allegations in the form of legal conclusions are insufficient to survive a motion to dismiss. McReynolds v. Merrill Lynch & Co., Inc. , 694 F.3d 873, 885 (7th Cir. 2012). And, second, "the plausibility standard calls for ‘context-specific’ inquiry that requires the court ‘to draw on its judicial experience and common sense.’ " Id. Threadbare recitals of elements and conclusory statements are not sufficient to state a claim. Id. Put another way, to survive a motion to dismiss "the plaintiff must give enough details about the subject-matter of the case to present a story that holds together [...] the court will ask itself could these things have happened, not did they happen." Swanson v. Citibank, N.A. , 614 F.3d 400, 404 (7th Cir. 2010).

Furthermore, Federal Rule of Civil Procedure 9(b) requires that allegations of fraud be pled with particularity—a heightened standard of pleading. Windy City Metal Fabricators & Supply, Inc. v. CIT Technology Financing Serv., Inc. , 536 F.3d 663, 668 (7th Cir. 2008). Particularity requires alleging the circumstances of fraud or mistake, including: "the identity of the person who made the misrepresentation, the time, place, and content of the misrepresentation, and the method by which the misrepresentation was communicated to the plaintiff." Id. (internal citation omitted). The complete lack of information about the timing, place, or manner of communicating alleged misrepresentations may render a claim insufficiently pled, particularly where the plaintiffs are the alleged audience for the misrepresentations. See Gandhi v. Sitara Capital Mgmt., LLC , 721 F.3d 865, 870 (7th Cir. 2013).

The case before the Court presents an impressive 13 different theories of relief for the Plaintiffs to recover against Schnucks. Many of the theories have been tested in other data breach litigation against major retailers across the country, such as Target, Jimmy Johns, Barnes and Noble, Home Depot, and Neiman Marcus, to name a few.² However, there is a critical distinction between the present set of claims, and those presented in the aforementioned cases—the claims in the present case are being brought by the financial institutions as opposed to by the merchant's customers. In actions brought by customers, there are typically at least a few plaintiffs who identify tangible harms such as fraudulent charges on their accounts, late fees incurred as a result of fraudulent activity, and costs incurred in acquiring ongoing identity theft monitoring services. In the cases brought by customers, parties have effectively illustrated plausible claims for relief under various theories by appealing to the common life experience of a consumer walking into a merchant to buy a sandwich or a book. The concrete fraud charges on customer payment cards and the familiar expectations of a store customer make the claims in those cases hold together to illustrate a plausible story.

By contrast, in the present litigation, the allegations of harms sustained are general. For example, the Complaint says that of the potentially 2.4 million cards breached, the payment card processor only alerted Schnucks to fraudulent activity on "a handful of payment cards" (Doc. 1 at 19, ¶ 43). The Complaint alleges that Plaintiffs have incurred and will continue to incur costs to: cancel and reissue cards; close and reopen accounts; notify customers; and, investigate and monitor for fraud. Plaintiffs allege that they may also lose profits if customers use payment cards less frequently. The Complaint also makes an ambiguous statement that "[w]hile Schnucks threw consumers somewhat of a bone in an effort to rebuild customer loyalty and improve its financial outlook, it has not offered Plaintiffs and Class Members any compensation for the damages they have suffered (and will continue to suffer)" (Id. at 23, ¶ 58).³

The Court finds that more than just the harms are general—all of the pleadings in this case are highly general. Though the case centers on the notion that Schnucks made fraudulent representations or omissions regarding their data security practices, the Complaint simply says "[t]he dates and substance of Schnucks's internal and external fraudulent communications, via the interstate wires, in furtherance of the above-described schemes, as well as its fraudulent communications to Plaintiffs and Class Members, via the interstate wires, in furtherance of such schemes to cheat and defraud are in Schnucks's possession, custody, and control, and await discovery" (Doc. 1 at 26, ¶ 66). Despite vague allegations about the precise statements or omissions, Plaintiffs nevertheless seem to argue that they relied on said bad information in releasing customer funds to Schnucks, but that they would not have done so had they known of poor data security.

Schnucks's Motion to Dismiss (Doc. 27) and the Plaintiffs' Response (Doc. 31) suffer from the same level of generality and ambiguity. In those pleadings, the parties spent much time reciting elements of claims and identifying precedent without particularizing their arguments to the facts of the case before the Court. The Court also notes receipt of Schnucks's reply brief (Doc. 32), Plaintiffs supplemental authority and letter brief (Doc. 36), and Schnucks's response to the authority (Doc. 37). Though the Court recognizes that the parties are charting relatively new territory in the data breach context by presenting a case between financial institutions and a merchant (as opposed to customers and a merchant), and that the parties were subject to page limits in filing, the Court notes that the generality made it difficult to assess the plausibility of the potential claims. For this reason, the Court dismissed many of the claims without prejudice to allow the Plaintiffs an opportunity to file more substantive pleadings. After a brief synopsis of the factual allegations, the Court will assess each of the 13 claims in turn.

B. Factual Allegations

Between December 2012 and March 2013, Schnucks experienced a data breach, which made payment...