Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

In re Barnes & Noble Pin Pad Litigation

United States District Court, N.D. Illinois, Eastern Division

October 3, 2016

IN RE BARNES & NOBLE PIN PAD LITIGATION

          MEMORANDUM OPINION AND ORDER

          Andrea R Wood United States District Judge

         Plaintiffs Ray Clutts, Heather Dieffenbach, Jonathan Honor, and Susan Winstead filed this putative class action against Defendant Barnes & Noble, Inc. in the wake of a data breach during which hackers obtained personal identifying information (“PII”) belonging to Barnes & Noble customers. Plaintiffs purchased products with their credit or debit cards at affected stores during the time period in which this data breach occurred. This Court previously dismissed Plaintiffs' Consolidated Class Action Complaint (“Original Complaint”) for lack of Article III standing. Plaintiffs subsequently filed their First Amended Consolidated Class Action Complaint (“Amended Complaint”), which Barnes & Noble has moved to dismiss pursuant to Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6) (“Motion”). (Dkt. No. 59.) For the reasons stated below, the Court finds that Plaintiffs have established standing but nonetheless have failed to state a claim and thus dismisses all counts of the Amended Complaint.

         BACKGROUND

         In September 2012, unsolicited individuals, known as “skimmers, ” tampered with PIN pad terminals in 63 Barnes & Noble stores located in nine states. (Am. Compl. ¶¶ 2, 50, Dkt. No. 58.) Barnes & Noble uses these PIN pad terminals to process its customers' credit and debit card payments in its retail stores. (Id. ¶ 20.) Six weeks after discovering this potential security breach, Barnes & Noble announced to the public that these skimmers had potentially stolen customer credit and debit information from the affected locations. (Id. ¶ 50.) Plaintiffs were customers of Barnes & Noble at retail stores affected by the data breach during the time period when this data breach occurred.[1] (Id. ¶¶ 12-15.)

         Plaintiffs filed the Original Complaint on March 25, 2013. (Dkt. No. 39.) The Original Complaint pleaded five causes of action: (1) breach of contract; (2) violation of the Illinois Consumer Fraud and Deceptive Business Practices Act (“ICFA”), 815 ILCS § 505/1 et seq.; (3) invasion of privacy; (4) violation of the California Security Breach Notification Act, Cal. Civ. Code § 1798.80 et seq.; and (5) violation of California's Unfair Competition Act (“UCL”), Cal. Bus. & Prof. Code § 17200 et seq. Plaintiffs sought damages for, among other things: unauthorized disclosure of their PII, loss of privacy, expenses incurred attempting to mitigate the increased risk of identity theft or fraud, time lost mitigating the increased risk of identity theft or fraud, an increased risk of identity theft, deprivation of the value of Plaintiffs' PII, and anxiety and emotional distress.

         On April 30, 2013, Barnes & Noble filed a motion pursuant to Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6) to dismiss the Original Complaint. (Dkt. No. 43.) The Court granted the motion to dismiss the Original Complaint on September 3, 2013 (“Order of Dismissal”), finding that the Plaintiffs had failed to establish Article III standing. (Order of Dismissal at 10, Dkt. No. 57.) The Court granted Plaintiffs 21 days to re-plead the Complaint. (Id.)

         Plaintiffs filed their Amended Complaint on September 24, 2013. (Dkt. No. 58.) The Amended Complaint charges the same five causes of action as the Original Complaint and also pleads virtually identical facts. In fact, of the 143 paragraphs included in the Amended Complaint, only six of them include factual allegations that were not included in the Original Complaint.[2] These new allegations include the following:

. On information and belief, Barnes & Noble has complete and full access to the list of credit and debit card information that was skimmed from the affected PIN pad devices. (Am. Compl. ¶ 3, Dkt. No. 58.)
. On information and belief, Plaintiffs' and class members' PII was stolen and disclosed by the skimmers when Plaintiffs and class members swiped their credit and debit cards at the affected Barnes & Noble stores during the relevant time period. (Id. ¶ 4.)
. The skimmers were able to steal Plaintiffs' and class members' PII, which caused costs and expenses to Plaintiffs and class members attributable to responding, identifying, and correcting damages that were reasonably foreseeable as a result of Barnes & Noble's willful and negligent conduct. (Id. ¶ 5.)
. Winstead became aware of the Barnes & Noble data breach in October 2012, shortly after a fraudulent charge was incurred on her credit card in September 2012. At the time of the fraudulent charge, Winstead was unaware of any other recent data breaches that would have affected her credit card. (Id. ¶ 17.)
. Prior to the security breach, Winstead subscribed to identity protection monitoring, for which she paid $16.99 per month. After finding out about the security breach, Winstead continued to subscribe to identity protection monitoring services, in part because of the security breach. (Id. ¶ 18.)
. The cost to Barnes & Noble of collecting and safeguarding PII is built into the purchase price of all of its products sold at its stores, regardless of the method of payment used by a purchaser. Plaintiffs and class members suffered monetary damages in the form of overpaying for the products they purchased, as they were denied the privacy protections that they paid for. (Id. ¶ 71.)

         DISCUSSION

         Barnes & Noble's Motion seeks to dismiss the Amended Complaint on two separate bases. First, Barnes & Noble moves to dismiss the Amended Complaint under Federal Rule of Civil Procedure 12(b)(1), arguing that the Court lacks jurisdiction over these claims because Plaintiffs have failed to allege injury in fact adequately for purposes of Article III standing. Second, Defendants move to dismiss all of Plaintiffs' claims under Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim.[3] The Court addresses each of these arguments in turn.

         I. Motion to Dismiss ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.