The opinion of the court was delivered by: Michael M. Mihm United States District Judge
Plaintiff Bloomington-Normal Seating Company, Inc. ("Bloomington") filed a Complaint against Defendant Jason Albritton ("Albritton"). Before the Court is Albritton's Motion to Dismiss Bloomington's Complaint. For the reasons set forth below, the Court DENIES the Motion [#8].
According to the Complaint, Bloomington is a maker of automotive seating which maintains its confidential budgetary information, accounting information, and human resources information on a password-protected computerized system, and limits access to this information to those employees who have a need to know such information in order to perform their job functions. Bloomington contends that it requires all of its employees to enter into a confidentiality agreement in which they agree not to engage in the unauthorized use or disclosure of the confidential information. Further, Bloomington states that it maintains an internet and email policy to maintain the integrity of its electronic data and its information system. This internet and email policy provides that, without specific authorization, employees are not to access another's email, or internet accounts; listen to or publish another person's email or electronic communications; or download any computer programs or files without the express permission of the Information Systems Department.
Bloomington hired Albritton to be its sales and purchasing coordinator and alleges that it took reasonable steps to ensure that he maintained the confidentiality of information to which he had access and restricted his access to information that he did not need to perform his job. Bloomington asserts that Albritton misappropriated its confidential information by, among other things, accessing and obtaining information that he was not authorized to view and disclosing this information to individuals not authorized to receive such information. Specifically, the Complaint alleges that Albritton accessed confidential information without authorization, accessed his manager's email, transmitted computer commands resulting in email transmissions of various confidential budget and human resources information to co-workers, activated commands which caused unauthorized activation and use of certain software on Bloomington's equipment, transmitted commands resulting in approximately 1,200 unauthorized instant messages (some of which disseminated confidential information), transmitted commands to set up unauthorized remote access to other computers, and performed many of these actions by the unauthorized use of a Bloomington administrator's password. (Compl. ¶¶ 15-16). Bloomington's Complaint includes two counts: Count I for violation of the Federal Computer Fraud and Abuse Act ("CFAA") and Count II for violation of the Stored Communications Act ("SCA").
Albritton moves to dismiss the Complaint pursuant to Fed. R. Civ. P. 12(b)(6), arguing that Bloomington cannot prove any set of facts in support of its claims that would entitle it to relief.
A complaint should not be dismissed unless it appears from the pleadings that the plaintiff could prove no set of facts in support of his claim which would entitle him to relief. See Conley v. Gibson, 355 U.S. 41 (1957); Gould v. Artisoft, Inc., 1 F.3d 544, 548 (7th Cir. 1993). Rather, a complaint should be construed broadly and liberally in conformity with the mandate in Federal Rules of Civil Procedure 8(f).
For purposes of a motion to dismiss, the complaint is construed in the light most favorable to the plaintiff, its well-pleaded factual allegations are taken as true, and all reasonably-drawn inferences are drawn in favor of the plaintiff. See Albright v. Oliver, 510 U.S. 266, 268 (1994); Hishon v. King & Spalding, 467 U.S. 69 (1984); Lanigan v. Village of East Hazel Crest, 110 F.3d 467 (7th Cir. 1997); M.C.M. Partners, Inc. v. Andrews-Bartlett & Assoc., Inc., 62 F.3d 967, 969 (7th Cir. 1995); Early v. Bankers Life & Cas. Co., 959 F.2d 75 (7th Cir. 1992).
1. Count I: Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et. seq.
Albritton argues that Bloomington does not adequately state a claim under the CFAA because Bloomington failed to allege damage and loss. The CFAA describes a violator of the statute:
Whoever (i) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct knowingly causes damage without authorization to a protected computer; (ii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and (iii) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage; and by conduct.caused. loss to 1 or more persons during any 1-year period.aggregating at least $5,000 in value. 18 U.S.C. § 1030(a)(5)
The statute defines "damage" as "any impairment to the integrity or availability of data, a program, a system, or information. 18 U.S.C. § 1030(e)(8). The statute defines "loss" as "any reasonable cost to any victim, including the cost of responding to an offense, conducting any damage assessment, and restoring the data, program, system or information to its condition prior to the offense, and any revenue lost, cost incurred, or consequential damages incurred because of the interruption of service." 18 U.S.C. § 1030(e)(11). The statute further states:
Any person who suffers damage or loss by reason of a violation of this section may maintain a civil action against the violator to obtain compensatory damages and injunctive relief or other equitable relief. A civil action for a violation of this section may be brought only if the conduct involves 1 of the factors set forth in ...