Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Trans Union LLC v. Equifax Information Services LLC

United States District Court, N.D. Illinois, Eastern Division

June 19, 2018




         Plaintiffs Trans Union LLC and TransUnion Interactive Inc. (collectively, “TransUnion”) have filed suit against Defendants Equifax Information Services LLC (“EIS”), Equifax Inc., and Equifax Consumer Services LLC (“ECS”), formerly known as Equifax Consumer Services, Inc., (collectively, “Equifax”) over a dispute regarding contract interpretation. The parties have contracted to share data at a certain price, which they amend from time to time, and they disagree over whether a specific pricing amendment applies to data sharing resulting from the major breach that Equifax suffered in the summer of 2017. Unsurprisingly, Equifax's interpretation of the amendment results in it paying TransUnion less money that it would under TransUnion's interpretation of the amendment. Equifax moves to dismiss, arguing that the plain language of their agreement precludes TransUnion's suit and that Equifax Inc. is not a proper defendant. Because the Court finds that, at least for the purposes of this motion, the plain language of the agreement allows TransUnion's suit to proceed, it denies Equifax's motion to dismiss the complaint overall. However, the Court agrees that TransUnion's claims do not apply to Equifax Inc., and so it grants Equifax's motion to dismiss Equifax Inc. from the suit.


         Equifax and TransUnion are two of the three major credit reporting agencies. The agencies provide consumer credit reports and identity theft protection products, including “3-in-1” or “Tribureau” reports that pull information from all three of the national credit reporting bureaus. When a company is the victim of a data breach, it may contract with one of the credit reporting agencies to provide “3-in-1” monitoring to the company's affected consumers. To facilitate this monitoring, EIS and TransUnion entered into a Reciprocal Data Supply Agreement, effective October 1, 2011 (the “Agreement”). The Agreement set forth pricing terms for various data products supplied between the two credit bureaus. One of the products covered by the Agreement is credit monitoring, which the parties supply to each other at an agreed and occasionally amended price on a per subscriber per month basis (the “Standard Rate”).

         The parties negotiated an amendment to the Agreement (the “Amendment”) that became effective on July 9, 2017. In the Amendment, the parties added a new product to the Agreement for credit monitoring specifically. The new product applied only for “subscriptions resulting from new breach events occurring after July 1, 2017.” Doc. 25 ¶ 5. The parties agreed to provide the new product at a significantly reduced price per subscriber per month (the “New Breach Rate”) for credit monitoring contracts with companies offering credit monitoring services to their customers or consumers after a data breach event. According to the Amendment, the New Breach Rate is “not to be retroactively applied nor applied to existing Consumers.” Id.

         While the parties were negotiating and executing the Amendment, Equifax was in the midst of a massive data breach (the “Equifax Breach”) that lasted from mid-May through July 2017. On September 7, 2017, Equifax publicly announced that the breach occurred and that it first discovered the breach on July 29, 2017. Equifax also announced that it would offer all U.S. consumers a free one-year subscription to its TrustedID Premier monitoring product. Because the TrustedID Premier product includes 3-in-1 monitoring, Equifax must purchase credit monitoring from TransUnion to provide the service.

         A few days after Equifax's announcement, TransUnion informed Equifax that the New Breach Rate did not apply to credit monitoring used as a result of the Equifax Breach because the breach commenced prior to July 1, 2017. As a result, TransUnion has billed credit monitoring services obtained for the Equifax Breach at the Standard Rate. Prior to the execution of the Amendment, Equifax used two Customer IDs for purchasing credit monitoring from TransUnion, one ending in 22 (the “22 Account”) and one ending in 26 (the “26 Account”). Additionally, prior to the execution of the Amendment, Equifax paid for TrustedID credit monitoring under the 26 Account. After announcing its free year-long subscription to TrustedID, Equifax began paying the New Breach Rate for all credit monitoring services incurred through the 26 Account, which included services other than those related to the Equifax Breach. In a phone call between TransUnion's Vice President of Indirect Sales and Equifax's Enterprise Alliance Manager, Equifax expressed that it intended to apply the New Breach Rate to credit monitoring services derived through the Equifax Breach. Equifax Inc. reaffirmed this intent in a letter dated November 20, 2017. In spite of the dispute between the credit bureaus over the proper rate, TransUnion has continued to provide credit monitoring services to Equifax.


         A motion to dismiss under Rule 12(b)(6) challenges the sufficiency of the complaint, not its merits. Fed.R.Civ.P. 12(b)(6); Gibson v. City of Chicago, 910 F.2d 1510, 1520 (7th Cir. 1990). In considering a Rule 12(b)(6) motion to dismiss, the Court accepts as true all well-pleaded facts in the plaintiff's complaint and draws all reasonable inferences from those facts in the plaintiff's favor. AnchorBank, FSB v. Hofer, 649 F.3d 610, 614 (7th Cir. 2011). To survive a Rule 12(b)(6) motion, the complaint must not only provide the defendant with fair notice of a claim's basis but must also be facially plausible. Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009); see also Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678.


         I. Interpretation of the Amendment

         The question at the heart of this motion is how to interpret a relatively short phrase in the Amendment: “for subscriptions resulting from new breach events occurring after July 1, 2017.” Equifax is emphatic that this phrase includes data breaches[2] that began occurring before July 1 but continued occurring after July 1; TransUnion is equally emphatic that the phrase only includes data breaches that commenced after July 1.

         The parties agree that disputes regarding the Agreement and the Amendment are governed by Delaware law. Under Delaware law, the proper construction of a contract is purely a question of law. Rhone-Poulenc Basic Chems. Co. v. Am. Motorists Ins. Co., 616 A.2d 1192, 1195 (Del. 1992). In light of this, courts may properly address the meaning of contract language on a motion to dismiss. See Allied Capital Corp. v. GC-Sun Holdings, L.P., 910 A.2d 1020, 1030 (Del. Ch. 2006). “[W]hen interpreting a contract, the role of a court is to effectuate the parties' intent. In doing so, [the courts] are constrained by a combination of the parties' words and the plain meaning of those words where no special meaning is intended.” AT&T Corp. v. Lillis, 953 A.2d 241, 252 (Del. 2008) (citation omitted) (internal quotation marks omitted). Delaware law requires that courts consider “what a reasonable person in the position of the parties would have thought the language of a contract means.” Lorillard Tobacco Co. v. Am. Legacy Found., 903 A.2d 728, 738 (Del. 2006). “‘Clear and unambiguous language . . . should be given its ordinary and usual meaning.'” Id. at 739 (quoting Rhone-Poulenc, 616 A.2d at 1195).

         The dispute here is whether a breach event that the parties agree (for the purposes of this motion) commenced before July 1, 2017 but continued to occur after July 1, 2017 could be considered a “new breach event occurring after July 1, 2017.” Under the plain language of the Amendment, the Court finds that the Equifax Breach could not be considered a “new breach event occurring after July 1, 2017.” The answer to this question turns on the application of the word “new” in the relevant language. A reasonable person in the position of the parties would interpret this to mean a breach event that does not occur until after July 1, 2017. Otherwise, it would be unnecessary for the parties to include the word “new.” See Zimmerman v. Crothall, 62 A.3d 676, 691 (Del. Ch. 2013) (“Courts . . . attempt to give meaning and effect to each word in a contract, assuming that the parties would not include superfluous ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.