United States District Court, N.D. Illinois, Eastern Division
MEMORANDUM OPINION AND ORDER
MANISH S. SHAH, District Judge.
Envision Healthcare, Inc. was a customer of First Chicago Bank & Trust. Envision claims that in March 2011, a computer hacker stole the log-in information for one of the company's employees, and used that employee's user ID and password to access the bank's online banking system. According to Envision, the hacker then issued a wire-transfer order in the employee's name, which the bank processed the next day. Envision sued the bank in state court, alleging breach of contract, negligence, and breach of the bank's implied duty of good faith and fair dealing. The bank was closed by Illinois authorities two days later, and the Federal Deposit Insurance Corporation was appointed as receiver. The FDIC, substituted as defendant in this case, moves for summary judgment on Counts I, II, and III of Envision's amended complaint. Envision cross-moves for summary judgment on the same counts. For the reasons discussed below, defendant's motion is granted, and Envision's cross-motion is denied.
I. Legal Standard
Summary judgment may be granted where "there is no genuine issue of material fact and... the movant is entitled to judgment as a matter of law." Hussey v. Milwaukee Cnty., 740 F.3d 1139, 1142 (7th Cir. 2014) (quoting Jackson v. Indian Prairie Sch. Dist. 204, 653 F.3d 647, 654 (7th Cir. 2011)). A genuine issue of material fact exists "if the evidence is such that a reasonable jury could return a verdict for the nonmoving party." Serednyj v. Beverly Healthcare, LLC, 656 F.3d 540, 547 (7th Cir. 2011) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). In reviewing a summary-judgment motion or a cross-motion for summary judgment, I must construe all facts, and draw all reasonable inferences from those facts, in favor of the non-moving party. United States v. P.H. Glatfelter Co., 768 F.3d 662, 668 (7th Cir. 2014) (quoting Laskin v. Siegel, 728 F.3d 731, 734 (7th Cir. 2013)).
A. The Cash Management User Agreement
On May 28, 2009, Envision Healthcare entered a banking agreement with First Chicago Bank & Trust. See  at 3-4 ¶ 6; see also Exhibit C to the Amended Complaint, [39-1] at 4-7. Daniel Kubik, Envision's controller, signed on behalf of Envision. See  at 4 ¶ 7; see also [39-1] at 7-8. This agreement, entitled the Cash Management User Agreement (CMUA), addressed "eBanking" services ( i.e., "BeB" services) to be provided by the bank to Envision. See  at 2-3 ¶ 5; see also [39-1] at 4. The CMUA provided:
[The] Bank will verify that [Envision] has authorized, canceled or amended an entry that constitutes a payment order solely by means of the security procedures inherent in the BeB product. This Security Procedure uses SSL encryption and requires use of a Company ID, User ID and User Password.... [Envision] expressly agrees to be bound by any Order, whether or not authorized, issued in its name and accepted by Bank in compliance with the Security Procedure.
[39-1] at 4 ¶ 4. The agreement also stated:
The Bank will act on instructions received under valid Passwords, will have no duty to further verify the identity of any BeB user with valid Passwords and shall not have any liability for transactions occurring on [Envision's] account originated with valid Passwords.
Id. ¶ 3.
The CMUA further provided that once Envision had executed that agreement and the attached "enrollment form" (and the bank had approved the company's use of BeB), Envision would receive a corresponding company ID, user ID, and password. See id. After Envision obtained its BeB credentials, it would then have the ability "to set up additional users to access [its] accounts." Id. Under the CMUA, Envision was "solely responsible for the use by anyone of BeB who utilize[d Envision's] correct Passwords." Id.
In the enrollment form attached to the CMUA, see id. at 8, Envision could designate a "Company Administrator" who would have "maintenance authority over [Envision's] Passwords." Id. By designating someone as such an Administrator, Envision "authorized [the bank] to establish and issue initial passwords" to that person. Id. Molly Hamideh was listed as the appointed Company Administrator for Envision Healthcare in the enrollment form executed by Daniel Kubik on May 28, 2009. See id.; see also  at 5 ¶ 10.
Also included in the enrollment form signed by Kubik was a section entitled "Requested Services for Company Accounts." See [39-1] at 8. In this section was a table in which specific bank-account numbers could be "indicated" for use with specific eBanking services, such as "Wire, " "Remote Deposit, " and "Loan Sweep." See id. In the form signed by Kubik on May 28, 2009, this table was left blank. See id.; see also  at 8-9 ¶ 6.
B. The Wire Transfer Agreement
Also on May 28, 2009, Daniel Kubik executed on behalf of Envision Healthcare a "Wire Transfer Agreement" with First Chicago Bank & Trust. See Exhibit E to the Amended Complaint, [39-1] at 12-13; see also  at 6 ¶¶ 14-15. This agreement authorized the bank "to initiate a funds transfer from any of [Envision's] accounts, " based on "payment orders received by [the bank] in writing with [Envision's] original signature" or the original signature of one of Envision's "Authorized Agents." [39-1] at ...