The opinion of the court was delivered by: Blanche M. Manning United States District Judge
Plaintiff Barbara Richardson seeks leave to amend her complaint to add a count under the Illinois Consumer Fraud and Deceptive Practices Act ("CFA"), 815 ILCS § 505/1, et seq. The court assumes familiarity with its prior order ruling on defendant DSW's motion to dismiss, which set forth the facts alleged in the original complaint in detail and dismissed Richardson's CFA claim. For the following reasons, Richardson's motion to amend is granted.
Richardson seeks to amend her complaint to add newly discovered facts regarding the theft of credit information from DSW shoe shoppers. Richardson alleges, among other things, that credit card companies (American Express, Diners Club, Discover Card, Mastercard International, and/or Visa) notified DSW in writing of its contractual obligations regarding proper handling and disposal of credit and debit card information provided by customers to facilitate transactions. DSW chose not to abide by these contractual obligations in order to save money, and its failure to follow the procedures specified by the credit card companies led to the security breaches that form the basis of this suit. In response, DSW contends that amendment to add these facts is futile because the new facts do not cure the deficiencies previously identified by the court.
Standard for a Motion to Amend
Whether to grant a motion to amend is within the discretion of the trial court. Foman v. Davis, 371 U.S. 178, 182 (1962). Leave to amend a pleading "shall be freely given when justice so requires." Fed. R. Civ. P. 15(a). Under this standard, leave should be granted "[i]n the absence of any apparent or declared reason -- such as undue delay, bad faith or dilatory motive on the part of the movant, repeated failure to cure deficiencies by amendments previously allowed, undue prejudice to the opposing party by virtue of allowance of the amendment, futility of amendment, etc." Foman, 371 U.S. at 182.
As the court noted in its order addressing DSW's motion to dismiss the original complaint, to state a violation of the CFA, a plaintiff must allege: "(1) an unfair or deceptive act or practice by the defendant; (2) the defendant's intent that plaintiff rely on the deception; and (3) the occurrence of the deception in the course of conduct involving trade or commerce." Parks v. Wells Fargo Home Mortgage, Inc.,398 F.3d 937, 942 (7th Cir. 2005). Moreover, a defendant's unfair or deceptive practice must be intentional and inure to the defendant's benefit in order to form the basis of a CFA claim. See id.
The court previously found that Richardson's failure to allege that DSW intentionally caused the security breach that led to the misappropriation of her credit and debit card information meant that she could not plead that DSW intentionally engaged in an unfair or deceptive act or practice. The proposed amended complaint cures this problem as it alleges that DSW intentionally failed to follow the security procedures mandated by its contracts with numerous credit card companies in order to save money and thus made its customer information vulnerable to hacking.
The court also held that the allegations in the original complaint did not support an inference that DSW received any benefit caused by the hackers theft of purchasers' credit information. The amended complaint asserts that DSW benefitted from its lax and thus cost-effective security measures. So, did DSW's alleged breach of its agreements with credit card issuers, which led to DSW's supposed cost-savings, count as a benefit under the CFA when a separate act (the hacking incident) actually harmed Richardson and other affected consumers and led to increased costs and negative publicity for DSW? The court finds that the benefit accruing from DSW's allegedly intentional corner-cutting to conserve costs is enough to satisfy the benefit prong.
To see why, the court propounds the following hypothetical. Suppose that the Art Institute of Chicago decides to remove the security system guarding one of its Van Gogh paintings to save money. This benefits the museum, as it lessens the overall cost of museum security. There is no downside as long as no one takes advantage of the security breach and steals the unguarded painting. So the museum benefits from the cost-saving measure of dispensing with part of its security system. It also necessarily must believe that this benefit is not offset by the risk that someone will steal the painting and hope that no one actually steals the painting.
For the sake of discussion, let us now assume that someone takes advantage of the reduced security and steals the unguarded Van Gogh. There are two moments at which one can assess whether the museum's decision to save money on security in fact benefitted the museum:
(1) when it saved money by decreasing its security; and (2) after the painting disappeared, at which point the value of the painting would be offset against the value of the cost-saving program. The court finds that the first point in time is the appropriate moment as the cost-savings and the opportunity for someone to pull off the heist are a certain result of the decision to reduce security. In contrast, the second option (assessing the overall benefit to the museum as of the time the painting is stolen) is dependent on events outside the museum's control (i.e., whether someone decides to steal the painting and is able to pull off the planned theft).
Similarly, in DSW's situation, its alleged decision to save money by not following the credit card companies' security measures is the key act. This decision not only allowed DSW to realize a definite benefit (reduced costs) but also created the opportunity for the hackers to steal customer credit information. Moreover, based on the facts alleged by Richardson, DSW should have reasonably foreseen the hacking incident given its purported failure to follow necessary procedures to protect consumer information. The court, therefore, concludes that the ...