United States District Court, N.D. Illinois, Eastern Division
OPINION AND ORDER
L.ELLIS, United States District Judge
Plaintiff USAA Federal Savings Bank ("USAA") lost
over $3, 000, 000 in a fraudulent check cashing scheme, USAA
filed suit against Defendants PLS Financial Services, Inc.,
PLS Group, Inc., and The Payday Loan Store of Illinois, Inc.
(collectively, "PLS"), claiming PLS acted
negligently in protecting USAA members' financial
information so as to allow third parties to create fraudulent
checks with that information, that PLS' negligence can be
established based on the per se violation of various
state and federal statutes, and that PLS violated the
Illinois Consumer Fraud and Deceptive Business Practices Act
("ICFA"), 815Ill.Comp.Stat. 505/1 et seq.
PLS has moved to dismiss USAA's first amended complaint.
Because no common law duty exists to safeguard personal
information under Illinois law, the Court dismisses
USAA's negligence claim. And because USAA effectively
abandons its negligence per se claim in response to
PLS' motion to dismiss, the Court dismisses that claim as
well. Finally, the Court dismisses USAA's ICFA claim
because USAA has not adequately alleged that the data breach
affected its Illinois members or that the underlying unfair
conduct took place primarily in Illinois.
provides banking services to members and veterans of the
United States military. PLS, through the three individually
named Defendants, provides check cashing and payday lending
services at approximately 300 retail locations in eleven
states, including Illinois. The individual Defendants share
common directors, officers, and office locations, with
centralized recordkeeping and computer systems, and have
similar business practices. PLS is not a bank and does not
provide bank accounts to its customers. Instead, PLS charges
customers a fee to cash checks, obtain money orders, and use
other financial services.
course of doing business, PLS cashes checks drawn on USAA. In
cashing these checks, as with any other checks, PLS obtains
certain information about the drawer of the check and the
bank on which the check is drawn from the face of the check,
including the drawer's name, the check number, account
number, bank routing number, drawer's signature, and MICR
information. PLS makes an electronic copy of the check
before forwarding the check to the drawer's bank for
October 2012, the United States and PLS agreed to settle a
suit brought by the United States against PLS in which the
United States alleged that PLS did not properly secure its
customers' personal information. The stipulated final
injunction required PLS to develop a comprehensive
information security program to protect the security,
confidentiality, and integrity of consumers' personal
information, including consumers' names, addresses, and
financial institution account numbers. PLS also agreed to
take reasonable measures to protect against unauthorized
access to or use of such information.
with unauthorized access to PLS customers' personal
information continued, however. Specifically, an unidentified
female PLS employee provided third parties with access to
PLS' computer systems, which allowed these third parties
to copy check images and produce counterfeit checks based off
those images. The checks ranged from between $5 and $10, 000.
The third parties then used these counterfeit checks, which
included checks drawn on USAA, to obtain money through
various schemes. The payor banks on the counterfeit checks,
including USAA, ultimately bore the loss because the checks
were unauthorized, meaning the members on whose accounts the
checks were drawn could not be held liable for them. USAA has
discovered over 2, 000 original checks from its members that
were cashed at PLS and subsequently counterfeited, causing
USAA to incur over $3, 000, 000 in damages.
October 2014, USAA notified PLS of the issue and requested
help in coordinating an investigation into the
counterfeiting. USAA indicated it had noticed most of the
checks that were subsequently counterfeited had been cashed
at PLS locations in Texas, Arizona, and California and
subsequently deposited through a bank in Rosemont, Illinois.
PLS responded that it would refer the matter to its general
motion to dismiss under Rule 12(b)(6) challenges the
sufficiency of the complaint, not its merits. Fed.R.Civ.P.
12(b)(6); Gibson v. City of Chicago, 910 F.2d 1510,
1520 (7th Cir. 1990). In considering a Rule 12(b)(6) motion
to dismiss, the Court accepts as true all well-pleaded facts
in the plaintiff's complaint and draws all reasonable
inferences from those facts in the plaintiff's favor.
AnchorBank, FSB v. Hofer, 649 F.3d 610, 614 (7th
Cir. 2011). To survive a Rule 12(b)(6) motion, the complaint
must not only provide the defendant with fair notice of a
claim's basis but must also be facially plausible.
Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct.
1937, 173 L.Ed.2d 868 (2009); see also Bell Atl. Corp. v.
Twombly, 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d
929 (2007). “A claim has facial plausibility when the
plaintiff pleads factual content that allows the court to
draw the reasonable inference that the defendant is liable
for the misconduct alleged.” Iqbal, 556 U.S.
Existence of a Duty
succeed on its negligence claim, USAA must establish that (1)
PLS owed USAA a duty, (2) PLS breached that duty, and (3)
PLS' breach proximately caused USAA injury. Rhodes v.
Ill. Cent. Gulf R.R., 665 N.E.2d 1260, 1267, 172 Ill.2d
213, 216 Ill.Dec. 703 (1996). USAA contends that PLS owed
USAA a general duty of reasonable care to avoid causing
foreseeable harm to USAA and, more specifically, a duty to
safeguard financial information. But PLS claims that no such
duty exists under Illinois law. The existence of a ...