MEMORANDUM OPINION AND ORDER
JOHN W. DARRAH, District Judge.
Plaintiffs Ray Clutts, Heather Dieffenbach, Jonathan Honor, and Susan Winstead have filed a Consolidated Class Action Complaint against Defendant Barnes & Noble, Inc., alleging five causes of action: (1) breach of contract; (2) violation of the Illinois Consumer Fraud and Deceptive Business Practices Act ("ICFA"), 815 ILCS § 505/1 et seq.; (3) invasion of privacy; (4) violation of California Security Breach Notification Act, Cal. Civ. Code § 1798.80 et seq.; and (5) violation of California's Unfair Competition Act ("UCA"), Cal. Bus. & Prof. Code § 17200 et seq. Barnes & Noble moves to dismiss the Complaint pursuant to Fed.R.Civ.P. 12(b)(1) and 12(b)(6).
Barnes & Noble is a Delaware corporation with its principal place of business in New York. (Compl. ¶ 15.) Barnes & Noble is the largest book retailer in the United States, with nearly 700 retail book stores throughout the country. ( Id. ) Barnes & Noble uses PIN pad terminals to process its customers' credit and debit card payments in its retail stores. ( Id. ¶ 16.) To make a purchase using a PIN pad terminal, a customer swipes her card and, if it is a debit card, enters her PIN. ( Id. ¶ 17.) The PIN pad will temporarily store the cardholder's card information and PIN, transmitting the information to a bank for verification to complete the purchase. ( Id. )
"Skimming" is a form of electronic hacking that enables the unauthorized collection of credit and debit card data. ( Id. ¶ 18.) On October 24, 2012, Barnes & Noble announced to the public it had experienced a security breach, whereby unsolicited individuals, known as "skimmers, " potentially stole customer credit and debit information from sixty-three locations. (Compl. ¶ 2.) These sixty-three stores were located in nine states: California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania, and Rhode Island. ( Id. ¶ 46.) The security breach occurred when the skimmers tampered with PIN pad devices in the Barnes & Noble stores in order to steal information from customers who used the devices to process transactions. ( Id. ¶¶ 2, 18, 46.) There was a nearly six-week delay between the time Barnes & Noble became aware of the security breach and when it publically announced it. ( Id. ¶ 46.) Barnes & Noble announced the security breach to the press and published a notice on its website, which instructed customers to take precautions against identity theft and fraud. ( Id. ¶¶ 52-53, 55.) Barnes & Noble did not directly notify its customers that a security breach occurred. ( Id. ¶ 58.)
Plaintiffs in this action were customers of Barnes & Noble during the time period when the skimming occurred. ( Id. ¶¶ 10-13.) Clutts and Honor are Illinois citizens who made purchases with their debit cards at breached Barnes & Noble stores in Deer Park, Illinois, and Chicago, Illinois, respectively. ( Id. ¶¶ 10, 12.) Dieffenbach is a California citizen who made a purchase with her debit card at a Barnes & Noble store that was breached in Calabasas, California. ( Id. ¶ 11.) Winstead is an Illinois citizen who made a purchase with her credit card at a breached Barnes & Noble store in Deerfield, Illinois. ( Id. ¶ 13.)
Plaintiffs claim they suffered many different types of damages due to the security breach, including: untimely and inadequate notification of the security breach, improper disclosure of their personal identifying information or "PII", loss of privacy, expenses incurred in efforts to mitigate the increased risk of identity theft or fraud, time lost mitigating the increased risk of identity theft or fraud, an increased risk of identity theft, deprivation of the value of Plaintiffs' PII, and anxiety and emotional distress. ( Id. ¶¶ 67-69.) Only Winstead suffered from actual fraudulent activity, when a fraudulent charge was made to her credit card. ( Id. ¶ 14.) This fraudulent charge occurred after she shopped at the breached Barnes & Noble store. ( Id. ) Winstead was contacted by her credit card company about a potentially fraudulent charge, she confirmed it was fraudulent; her card was cancelled; and Winstead was unable to use her credit card until a replacement card arrived. ( Id. )
An individual's PII has value, both to the individual and on the black market. ( Id. ¶¶ 59-62.) The value on the black market has been estimated to be between $1.50 and $90.00 per card number. ( Id. ¶ 65.) There is also value in keeping this information private. ( Id. ¶ 63.) At the time of the security breach, Barnes & Noble did not adhere to security protocols and regulations mandated by its credit partners, such as Visa and other members of the payment card industry ("PCI"). ( Id. ¶¶ 25-30, 32-34.)
Fed. R. Civ. P. 12(b)(1) permits a defendant to move for the dismissal of a claim due to lack of standing. See Retired Chicago Police Ass'n. v. City of Chicago, 76 F.3d 856, 862 (7th Cir. 1996). The plaintiff bears the burden of showing the jurisdictional requirements, including standing, have been met. Kathrein v. City of Evanston, 636 F.3d 906, 914 (7th Cir. 2011) (citing Apex Digital, Inc. v. Sears, Roebuck & Co., 572 F.3d 440, 443 (7th Cir. 2009)). All material allegations of the complaint are construed as true, and all reasonable inference are drawn in favor of the plaintiff when determining these motions. Apex Digital, 572 F.3d at 444. "[T]he question of standing is whether the litigant is entitled to have the court decide the merits of the dispute or particular issues." Id. (citations and quotations omitted).
Barnes & Noble's Motion to Dismiss Pursuant to Fed.R.Civ.P. 12(b)(1)
Barnes & Noble moves to dismiss the Complaint under Fed.R.Civ.P. 12(b)(1). Barnes & Noble asserts Plaintiffs lack standing to bring the claims alleged in the Complaint. For the following reasons, the motion to dismiss for lack of standing is granted. Hence, the issues raised by Barnes & Noble regarding ...