Summary
In Anderson v. Kimpton Hotel & Rest. Grp., LLC, 2019 WL 3753308, *1 (N.D. Cal. Aug. 8, 2019), for example, the court held that the plaintiff's conclusory assertions that their “PII was left inadequately protected by [the defendant]” were not sufficient to sustain their claim. See also Maag v. U.S. Bank, Nat'l Ass'n, 2021 WL 5605278, at *2 (S.D. Cal. Apr. 8, 2021)
Summary of this case from Hummel v. Teijin Auto. Techs.Opinion
Case No. 19-cv-01860-MMC
08-08-2019
ORDER GRANTING DEFENDANT'S MOTION TO DISMISS; AFFORDING PLAINTIFFS LEAVE TO AMEND
Re: Dkt. No. 18
Before the Court is defendant Kimpton Hotel & Restaurant Group, LLC's ("Kimpton") Motion, filed June 6, 2019, "to Dismiss Plaintiffs' Class Action Complaint," pursuant to Rules 12(b)(1) and 12(b)(6) of the Federal Rules of Civil Procedure. Plaintiffs Michelle Anderson ("Anderson"), Tom Ainsworth ("Ainsworth"), and Jake Thomas ("Thomas") have filed opposition, to which Kimpton has replied. Having read and considered the papers filed in support of and in opposition to the motion, the Court rules as follows.
By order filed July 12, 2019, the Court took the matter under submission.
BACKGROUND
In their complaint, plaintiffs allege "Kimpton uses an online reservation system that facilitates the booking of hotel reservations." (See Compl. ¶ 16.) Plaintiffs further allege that, on July 28, 2017, Kimpton informed its customers, including each of the three plaintiffs, that "hackers may have accessed reservation information between August 10, 2016 and March 9, 2017." (See id.) In particular, Kimpton advised its customers in writing that, during said seven-month period, there was "unauthorized access of Sabre Hospitality Solutions SynXis Central Reservations system ('Sabre')," a "provider of reservations services" that had been "enlist[ed]" by Kimpton as a "vendor." (See Def.'s Req. for Judicial Notice Ex. A.) According to plaintiffs, "the online reservation system," i.e., Sabre, "only deletes reservation details 60 days after the hotel stay" (see Compl. ¶ 17), thereby providing an unauthorized third party access to reservation information for a nine-month period beginning June 11, 2016, and ending March 9, 2017. Plaintiffs allege that they booked hotel reservations with Kimpton during such period, in particular, "the period of August 10, 2016 to March 9, 2017" (see Compl. ¶ 2), that, in order to do so, they were required to provide and did provide Kimpton with their "private identifiable information ('PII')," specifically, their "full name, credit and debit card account numbers, card expiration dates, card verification codes, emails, phone numbers, [and] full addresses" (see Compl. ¶ 3; see also Compl. ¶¶ 6-9, 18), and that their "PII" was "accessed by hackers" who "proceeded to misuse" it (see Compl. ¶¶ 6, 8, 9).
Kimpton's unopposed request that the Court take judicial notice of the content of said communication, which content is paraphrased in the complaint, is GRANTED. See Branch v. Tunnell, 14 F.3d 449, 454 (9th Cir. 1994) (holding district court may take judicial notice of document not attached to complaint, where "complaint specifically refers to the document" and plaintiff does not challenge authenticity of document).
Based on said allegations, plaintiffs allege on behalf of each plaintiff three causes of action arising under California law, and, on behalf of Thomas alone, five additional causes of action arising under, respectively, the laws of Arizona, Colorado, Pennsylvania, New York, and Texas.
DISCUSSION
As to all of the above-referenced causes of action, Kimpton seeks dismissal for lack of standing and, in the alternative, for failure to state a claim.
A. Standing
To establish standing, a plaintiff must show he "(1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable decision." See Spokeo, Inc. v. Robins, 136 S. Ct. 1540, 1547 (2016).
1. Legal Standard
A challenge to a plaintiff's standing raises a jurisdictional issue, and, consequently, is "properly raised" in a motion to dismiss pursuant to Rule 12(b)(1). See White v. Lee, 227 F.3d 1214, 1242 (9th Cir. 2000). "A Rule 12(b)(1) jurisdictional attack may be facial or factual." Safe Air for Everyone v. Meyer, 373 F.3d 1035, 1039 (9th Cir. 2004). "In a facial attack, the challenger asserts that the allegations contained in a complaint are insufficient on their face to invoke federal jurisdiction," id., and a court assumes the plaintiff's "allegations to be true and draw[s] all reasonable inferences in his favor," see Wolfe v. Strankman, 392 F.3d 358, 362 (9th Cir. 2004). "By contrast, in a factual attack, [where] the challenger disputes the truth of the allegations that, by themselves, would otherwise invoke federal jurisdiction," a court "need not presume the truthfulness of the plaintiff's allegations" and "may review evidence beyond the complaint without converting the motion to dismiss into a motion for summary judgment." See Safe Air for Everyone, 373 F.3d at 1039.
2. Application
Here, Kimpton raises both types of challenges. At the outset, Kimpton offers evidence it contends is sufficient to demonstrate the falsity of plaintiffs' allegations that they booked reservations at Kimpton during the period June 11, 2016, through March 9, 2017, what Kimpton characterizes as the "Breach Window" (see Def.'s Mot. at 2:10), and, consequently, Kimpton argues, plaintiffs could not have suffered an injury "fairly traceable to Kimpton" (see id. at 3:25-27). Next, Kimpton challenges the sufficiency of plaintiffs' allegations that they incurred an injury in fact and that any such injury is causally linked to Kimpton.
a. Anderson
Plaintiffs allege Anderson had a reservation for a room at "Kimpton's Sir Francis Drake Hotel in San Francisco, California during the time of the Data Breach" (see Compl. ¶ 6), i.e., "during the period of August 10, 2016 to March 9, 2017" (see Compl. ¶ 2 (referring to such seven-month period as "Data Breach" period)). Kimpton has offered undisputed evidence, however, that its records reflect only one reservation for Anderson at the Sir Francis Drake Hotel, which reservation, made on May 4, 2016, was for a two-night stay beginning May 21, 2016. (See Christy Decl. ¶ 10.) Because an unauthorized third party who accessed the Sabre system during the Data Breach period could only have obtained PII for customers whose stay ended no earlier than June 11, 2016, i.e., no earlier than sixty days before August 10, 2016, Anderson's reservation would not have been in the Sabre system in the period during which third parties had access to said system. (See Compl. ¶ 17.) Consequently, plaintiffs have failed to show Anderson suffered any injury by reason of the breach of Sabre's system.
Accordingly, the complaint, as alleged on behalf of Anderson, is subject to dismissal for lack of standing.
b. Ainsworth
Plaintiffs allege Ainsworth had a reservation for a room at "Kimpton's Sir Francis Drake Hotel in San Francisco, California during the time of the Data Breach." (See Compl. ¶ 9.) Kimpton offers evidence, however, that the only reservation in its records for Ainsworth is a reservation made on February 4, 2016, for a stay from March 29, 2016, through April 1, 2016 (see Christy Decl. ¶ 13), which evidence plaintiffs have not disputed. For the reasons discussed above, such reservation would not have been in the Sabre system in the period during which third parties are alleged to have had unauthorized access to said system (see Compl. ¶ 17), and, consequently, plaintiffs have failed to show Ainsworth suffered any injury by reason of the breach of Sabre's system.
Kimpton does not state whether such reservation was for the Sir Francis Drake Hotel or another Kimpton hotel.
Accordingly, the complaint, as alleged on behalf of Ainsworth, is subject to dismissal for lack of standing. //
3. Thomas
Plaintiffs allege that, during the Data Breach period, Thomas had reservations at seven different Kimpton hotels. (See Compl. ¶ 7.)
Kimpton first challenges the allegation by offering evidence that its records for "Jake Thomas" include only three reservations, two of which, in 2011 and 2015, respectively (see Christie Decl. ¶ 14), predate the Breach Window, and the third of which, although made on February 6, 2017, was not made through the Sabre system, but, rather, through "Expedia," under which circumstance "no payment card information . . . [is] entered into the Sabre reservation system" (see id. ¶ 15). In support of their opposition, however, plaintiffs have submitted a declaration from Thomas, in which he states he made his reservations under the name "Jacob Thomas," not "Jake Thomas." (See Thomas Decl. ¶ 3.) Additionally, plaintiffs have attached to Thomas's declaration evidence showing that the seven alleged reservations he asserts he made were for one-night stays between September 25, 2016, and January 26, 2017. (See id. Exs. A-G.) Consequently, the evidence on which Kimpton relies does not demonstrate the falsity of the complaint's allegation that Thomas booked reservations "during the time of the Data Breach." (See Compl. ¶ 7.)
Kimpton next challenges the adequacy of plaintiffs' allegations as to Thomas's standing. See Spokeo, 136 S. Ct. at 1547 (holding "at the pleading stage, the plaintiff must clearly allege facts demonstrating each element [of standing]") (internal quotation, alteration and citation omitted). Specifically, Kimpton argues, even if Thomas's PII was accessed by third-parties, plaintiffs have failed to sufficiently allege any resulting injury. The Court disagrees. Although plaintiffs allege no facts to support their conclusory assertion that Thomas's "PII has already been misused" (see Compl. ¶ 8), the Ninth Circuit has held a third party's unauthorized access to information such as that alleged here (see Compl. ¶¶ 3, 7-8) constitutes "an injury in fact based on a substantial risk that the . . . hackers will commit identity fraud or identity theft." See In re Zappos.com, Inc., 888 F.3d 1020, 1029 (9th Cir. 2018); see also id. at 1027 (finding, where complaint alleged plaintiffs' "full credit card numbers," along with other identifying information such as names, emails, and billing addresses, were accessed by unauthorized third party, plaintiffs had standing to raise claims based on data breach, even though plaintiffs did not allege such information had been used).
Lastly, Kimpton argues plaintiffs have failed to sufficiently allege the second element of standing, the existence of a causal connection between Thomas's asserted injury and Kimpton's conduct. In particular, Kimpton argues, although plaintiffs have pleaded Kimpton had "inadequate security measures," the complaint is "devoid of facts" to support such conclusory assertion. (See Def.'s Mot. at 10:28 - 11:1.) As set forth below, the Court agrees.
Kimpton does not argue plaintiffs have failed to sufficiently allege the third element, specifically, that the claimed injury is likely to be redressed by a favorable judicial decision.
In support of their claims, plaintiffs allege Kimpton "failed to implement and maintain reasonable security procedures and practices appropriate to protect [Thomas's] PII" (see Compl. ¶ 33), "fail[ed] to establish and implement appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of [Thomas's] PII" (Compl. ¶ 39), "[did] not take all obligatory precautions to properly safeguard PII from unauthorized access" (Compl. ¶ 21), and "opted to maintain an insufficient and inadequate system to protect [Thomas's] PII" (Compl. ¶ 25), with the result that Thomas's "PII was left inadequately protected by Kimpton" (Compl. ¶ 24). Plaintiffs fail to allege, however, any facts to support those conclusory allegations. In particular, the complaint does not allege the nature of any assertedly reasonable, appropriate, obligatory, sufficient and/or adequate action Kimpton failed to take.
Accordingly, the complaint, as alleged on behalf of Thomas, is subject to dismissal for lack of standing. // //
B. Failure to State a Claim
As set forth below, the Court will afford plaintiffs leave to amend to allege facts to support plaintiffs' standing to assert the claims they seek to bring against Kimpton. Under such circumstances, and given plaintiffs' assertion in their opposition that they intend to amend if provided such opportunity, the Court finds it appropriate to address the additional issue raised in Kimpton's motion to dismiss, specifically, whether plaintiffs have failed to state a claim upon which relief could be granted.
1. Legal Standard
Dismissal under Rule 12(b)(6) "can be based on the lack of a cognizable legal theory or the absence of sufficient facts alleged under a cognizable legal theory." See Balistreri v. Pacifica Police Dep't, 901 F.2d 696, 699 (9th Cir. 1990). Rule 8(a)(2), however, "requires only 'a short and plain statement of the claim showing that the pleader is entitled to relief.'" See Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 555 (2007) (quoting Fed. R. Civ. P. 8(a)(2)). Consequently, "a complaint attacked by a Rule 12(b)(6) motion to dismiss does not need detailed factual allegations." See id. Nonetheless, "a plaintiff's obligation to provide the grounds of his entitlement to relief requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do." See id. (internal quotation, citation, and alteration omitted).
In analyzing a motion to dismiss, a district court must accept as true all material allegations in the complaint and construe them in the light most favorable to the nonmoving party. See NL Indus., Inc. v. Kaplan, 792 F.2d 896, 898 (9th Cir. 1986). "To survive a motion to dismiss, a complaint must contain sufficient factual material, accepted as true, to 'state a claim to relief that is plausible on its face.'" Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Twombly, 550 U.S. at 570). "Factual allegations must be enough to raise a right to relief above the speculative level[.]" Twombly, 550 U.S. at 555. Courts "are not bound to accept as true a legal conclusion couched as a factual allegation." See Iqbal, 556 U.S. at 678 (internal quotation and citation omitted). //
2. Application
The Court considers in turn the eight claims alleged in the complaint.
a. First Claim for Relief
In the First Claim for Relief, plaintiffs allege Kimpton breached its contractual obligations owed to plaintiffs. In support thereof, plaintiffs allege Kimpton's customers, such as plaintiffs, are required to "read and accept" the terms of Kimpton's "Privacy Policy" before "their hotel reservation can be confirmed" (see Compl. ¶ 19), and, consequently, the promises made in the Privacy Policy are contractual in nature (see Compl. ¶¶ 57-58). In that regard, plaintiffs allege Kimpton failed to comply with the following provision in the Privacy Policy:
We are committed to protecting the confidentiality and security of the information that you provide to us. To do this, technical, physical and organizational security measures are put in place to protect against any unauthorized access, disclosure, damage or loss of your information. The collection, transmission and storage of information can never be guaranteed to be completely secure, however, we take steps to ensure that appropriate security safeguards are in place to protect your information.(See Compl. ¶¶ 20, 62.)
Kimpton argues the complaint fails to include facts to support a finding that Kimpton breached the above-quoted provision. As set forth below, the Court agrees.
In endeavoring to plead Kimpton's breach of the contractual provision on which they rely, plaintiffs do no more than allege Kimpton, as set forth above, failed to act in a "reasonable" and "appropriate" manner and failed to take "obligatory," "sufficient," and "adequate" steps to protect plaintiffs' PII. (See Compl. ¶¶ 21, 24, 25, 33, 39.) Plaintiffs do not, however, plead any facts to support those conclusory assertions. See Iqbal, 556 U.S. at 678 (holding courts are "not bound to accept as true a legal conclusion couched as a factual allegation"); see also, e.g., Fowler v. California Highway Patrol, 2013 WL 3944280, at *3 (N.D. Cal. July 29, 2013) (finding "insufficient," in case in which plaintiff sought to hold supervisor personally liable for conduct of subordinate, allegations defendant "failed to provide adequate training, supervision, and take the appropriate disciplinary actions to address [subordinate's] misconduct"; characterizing such allegations as "bald" and "conclusory").
Accordingly, the First Claim for Relief is subject to dismissal.
b. Second Claim for Relief
In the Second Claim for Relief, plaintiffs allege Kimpton violated § 1798.81.5 of the California Civil Code, which provides that any "business that owns, licenses, or maintains personal information about a California resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information, to protect the personal information from unauthorized access, destruction, use, modification, or disclosure." See Cal. Civ. Code § 1798.81.5(b); see also Cal. Civ. Code § 1798.84 (providing cause of action for violation of § 1798.81.5(b)).
As Kimpton points out, however, plaintiffs fail to allege any facts in support of their conclusory assertion that Kimpton violated § 1798.81.5 by "failing to implement and maintain reasonable security procedures and practices." (See Compl. ¶ 70); Razuki v. Caliber Home Loans, Inc., 2018 WL 6018361, at *1 (S.D. Cal. November 15, 2018) (dismissing § 1798.81.5 claim where plaintiff alleged "[d]efendant knew of higher-quality security protocols available to them but failed to implement them"; finding allegation was "precisely the type of threadbare claim Iqbal warns of") (internal quotation and citation omitted). Moreover, plaintiffs allege Thomas is "an Arizona citizen residing in Mesa, Arizona" (see Compl. ¶ 7), i.e., not a California resident, and, consequently, § 1798.81.5 does not apply to him.
Accordingly, the Second Claim for Relief is subject to dismissal.
c. Third Claim for Relief
In the Third Claim for Relief, plaintiffs allege Kimpton violated § 17200 of the California Business & Professions Code, which prohibits, inter alia, "unlawful" business practices. See Cal. Bus. & Prof. Code § 17200. Plaintiffs base their claim on Kimpton's alleged violation of § 1798.81.5 (see Compl. ¶ 75), as well as Kimpton's alleged violation of 15 U.S.C. § 45 (see Compl. ¶¶ 76-79), which statute prohibits "[u]nfair methods of competition" and "unfair or deceptive acts or practices." See 15 U.S.C. § 45(a)(1).
To the extent the claim is based on an alleged violation of § 1798.81.5, it is subject to dismissal for the reasons stated above with respect to the Second Claim for Relief.
To the extent the claim is based on an alleged violation of § 45, the claim likewise is subject to dismissal, for the reason that such claim is based on plaintiffs' allegations that Kimpton "fail[ed] to use reasonable measures to protect [p]rivate [i]nformation" and failed to "comply[ ] with applicable industry standards" (see Compl. ¶ 79), but plaintiffs fail to allege what "reasonable measures" Kimpton failed to use or how Kimpton deviated from or otherwise failed to conform to any industry standard. Cf. Hameed-Bolden v. Forever 21 Retail, Inc., 2018 WL 6802818, at *1, 4 (C.D. Cal. October 1, 2018) (finding, where plaintiffs based § 17200 claim on violation of § 5, premised on theory defendant "failed to employ reasonable, industry standard, and appropriate security measures" to protect customer data, plaintiffs sufficiently stated claim in light of factual allegation that defendant retailer had "implemented encryption technology" but "had not . . . activated" it in stores where plaintiffs shopped, which omission allowed hackers to obtain plaintiffs' credit card information).
Accordingly, the Third Claim for Relief is subject to dismissal.
d. Fourth Claim for Relief
In the Fourth Claim for Relief, plaintiffs allege Kimpton violated the Arizona Consumer Fraud Act, Arizona Revised Statutes § 44-1522, which Act makes it "unlawful" to engage in a "deceptive or unfair act or practice . . . in connection with the sale or advertisement of any merchandise." See Ariz. Rev. Stat. § 44-1522(A). In particular, plaintiffs allege Kimpton engaged in the following deceptive or unfair acts or practices: (1) "[f]ailing to implement and maintain reasonable security and privacy measures"; (2) "[f]ailing to identify foreseeable security and privacy risks"; (3) "[f]ailing to comply with common law and statutory duties pertaining to the security and privacy of [Thomas], including duties imposed by the FTC Act [§ 45]"; (4) "[m]isrepresenting that it would protect the privacy and confidentiality of [Thomas's] PII, including by implementing and maintaining reasonable security measures"; (5) "mispresenting that it would comply with common law and statutory duties pertaining to the security and privacy of [Thomas]"; (6) "omitting" the "fact that it did not reasonably or adequately secure [Thomas's] [p]ersonal [i]nformation"; and (7) "omitting" the "fact it did not comply with common law and statutory duties pertaining to the security and privacy of [Thomas]." (See Compl. ¶ 86.)
Under Arizona law, "merchandise" includes "services." See Maurer v. Cerkvenik-Anderson Travel, Inc., 181 Ariz. 294, 297 (Ariz. Ct. App. 1994) (holding "merchandise," for purposes of § 44-1522, includes services provided by travel agency).
As noted above, the Fourth Claim for Relief, as well as the Fifth through Eighth Claims for Relief, are asserted on behalf of Thomas only.
Kimpton argues the Fourth Claim for Relief is subject to dismissal for several reasons. As set forth below, the Court agrees.
First, the allegations in the complaint indicate this claim is barred by the applicable statute of limitations, which is one year. See Ariz. Rev. Stat. § 12-541. In particular, plaintiffs allege Kimpton advised Thomas of the data breach on July 28, 2017 (see Compl. ¶ 16), i.e., a date more than one year before April 5, 2019, the date on which the complaint was filed, and fail to plead any facts to support a finding that an exception to the statute of limitations exists, see Udom v. Fonseca, 846 F.2d 1236, 1238 (9th Cir. 1988) (holding "[i]n order to invoke the benefit of [an exception to the statute of limitations], the plaintiff must allege facts that, if believed, would provide a basis for [the exception]").
Second, the claim is wholly based on the same conclusory allegations on which plaintiffs base the First Claim for Relief, i.e., their claim for breach of contract (see Compl. ¶¶ 21, 24, 25, 33, 39, 83), and, for the reasons stated above with respect to the First Claim for Relief, said allegations are insufficient to state a cognizable claim, see Iqbal, 556 U.S. at 678.
Lastly, to the extent the claim is based on Kimpton's having assertedly made misrepresentations and omissions, the claim sounds in fraud. (See Compl. ¶¶ 24 (alleging Kimpton "misrepresented its data security practices"); Compl. ¶¶ 86.iv, 86.vi (alleging Kimpton made "material" misrepresentations and omissions regarding the "adequacy of [its] data security and ability to protect the confidentiality of consumers' PII") Compl. ¶ 88 (alleging Kimpton "intended to mislead [Thomas] . . . and induce [him] to rely on its misrepresentations and omissions"); Compl. ¶ 8 (alleging that, if Thomas had been told Kimpton had "inadequate security," he would have "booked his room at another hotel"); Compl. ¶ 91 (alleging Kimpton's misrepresentations and omissions caused Thomas to "suffer injury, ascertainable losses of money and property, and monetary and non-monetary damages")); see also Moore v. Meyers, 31 Ariz. 347, 354 (1927) (holding, under Arizona law, "elements of actionable fraud" are " (1) [a] representation; (2) its falsity; (3) its materiality; (4) the speaker's knowledge of its falsity or ignorance of its truth; (5) his intent that it should be acted upon by the person and in the manner reasonably contemplated; (6) the hearer's ignorance of its falsity; (7) his reliance on its truth; (8) his right to rely thereon; (9) his consequent and proximate injury").
Where, as here, a claim "sound[s] in fraud," even where fraud is not a "necessary element" of the cause of action, the plaintiff must comply with Rule 9(b). See Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir. 2009). Plaintiffs do not argue they have complied with Rule 9(b), and they plainly have not, as the complaint includes no facts, as opposed to conclusions, to support a finding that any misrepresentation or omission was false, let alone false at the time made. See Fecht v. Price Co., 70 F.3d 1078, 1083 (9th Cir. 1995) (holding Rule 9(b) requires plaintiff to allege "sufficient evidentiary facts" to show challenged "statements were false when made").
Accordingly, the Fourth Claim for Relief is subject to dismissal.
e. Fifth Claim for Relief
In the Fifth Claim for Relief, plaintiffs allege Kimpton violated the Colorado Consumer Protection Act, Colorado Revised Statutes § 6-1-105, which Act prohibits "any deceptive trade practice." See Colo. Rev. Stat. § 6-1-105. The allegedly deceptive trade practices on which plaintiffs base this claim are the same practices on which plaintiffs base the Fourth Claim for Relief. (Compare Compl. ¶ 98 with Compl. ¶ 86.)
For the reasons stated above with respect to the Fourth Claim for Relief, the Court finds the conclusory allegations by which such practices are described are insufficient to state a cognizable claim. See Iqbal, 556 U.S. at 678. Further, to the extent the Fifth Claim for Relief is based on misrepresentations and omissions, the Court, for the reasons stated above with respect to the Fourth Claim for Relief, finds such claim fails to comply with Rule 9(b). See Fecht, 70 F.3d at 1083 (9th Cir. 1995); see also Bristol Bay Productions, LLC v. Lampack, 312 P.3d 1155, 1160 (Colo. 2013) (setting forth elements of fraud under Colorado law).
Kimpton also argues the Colorado statute on which plaintiffs rely does not apply because, according to Kimpton, plaintiffs fail to allege facts to support a finding that Thomas's claim has any connection to Colorado. Plaintiffs, however, allege Thomas, in reliance on an assertedly false statement that his data would be protected, paid Kimpton for services Kimpton provided to him in Colorado. (See Compl. ¶¶ 7-8, 19-24.) Given those allegations, the Court declines to find the claim is subject to dismissal on such additional ground asserted by Kimpton.
Accordingly, the Fifth Claim for Relief is subject to dismissal.
In light of these findings, the Court does not address herein the parties' dispute as to whether Colorado law prohibits a plaintiff from proceeding with a claim under § 6-1-105 on behalf of a class, and whether any such Colorado law applies in federal court.
f. Sixth Claim for Relief
In the Sixth Claim for Relief, plaintiffs allege Kimpton violated the Pennsylvania Unfair Trade Practices and Consumer Protection Law, Pennsylvania Statutes and Consolidated Statutes § 201-3, which Law prohibits "[u]nfair or deceptive acts in the conduct of any trade or commerce." See Pa. Cons. Stat. § 201-3. The allegedly unfair or deceptive acts on which plaintiffs base this claim are the same practices on which plaintiffs base the Fourth and Fifth Claims for Relief. (Compare Compl. ¶ 109 with Compl. ¶¶ 86, 98.)
For the reasons stated above with respect to the those two Claims for Relief, the Court finds the conclusory allegations made in support of the Sixth Claim for Relief are insufficient to state a cognizable claim, see Iqbal, 556 U.S. at 678, and, to the extent the Sixth Claim for Relief is based on misrepresentations and omissions, it fails to comply with Rule 9(b), see Fecht, 70 F.3d at 1083 (9th Cir. 1995); see also Gibbs v. Ernst, 538 Pa. 193, 207 (1994) (setting forth elements of fraud under Pennsylvania law).
Accordingly, the Sixth Claim for Relief is subject to dismissal.
g. Seventh Claim for Relief
In the Seventh Claim for Relief, plaintiffs allege Kimpton violated New York General Business Law § 349, which prohibits "[d]eceptive acts or practices in the conduct of any business." See N.Y. Gen. Bus. Law § 349(a). The allegedly deceptive acts or practices on which plaintiffs base this claim are, with one exception, the same practices on which plaintiffs base the Fourth, Fifth and Sixth Claims for Relief. (Compare Compl. ¶ 117 with Compl. ¶¶ 86, 98, 109.)
The one exception is that the Seventh Claim for Relief, unlike the Fourth, Fifth, and Sixth Claims for Relief, is not based on an allegation that Kimpton "misrepresent[ed] that it would comply with common law and statutory duties pertaining to the security and privacy of [Thomas]." (See id.)
For the reasons stated above with respect to those three Claims for Relief, the Court finds the conclusory allegations made are insufficient to state a cognizable claim, see Iqbal, 556 U.S. at 678, and, to the extent the Seventh Claim for Relief is based on misrepresentations and omissions, it fails to comply with Rule 9(b). See Fecht, 70 F.3d at 1083 (9th Cir. 1995); see also Eurycleia Partners, LP v. Seward & Kissel, LLP, 12 N.Y. 3d 553, 559 (2009) (setting forth elements of fraud under New York law).
Accordingly, the Seventh Claim for Relief is subject to dismissal.
h. Eighth Claim for Relief
In the Eighth Claim for Relief, plaintiffs allege Kimpton violated the Texas Deceptive Trade Practices - Consumer Protection Act, Texas Business and Professions Code § 17.46, which Act prohibits "[f]alse, misleading, or deceptive acts or practices in the conduct of any trade or commerce." See Tex. Bus. & Com. Code § 17.46. The allegedly deceptive acts or practices on which plaintiffs base this claim are the same practices on which plaintiffs base the Fourth, Fifth, Sixth and Seventh Claims for Relief. (Compare Compl. ¶ 129 with Compl. ¶¶ 86, 98, 109, 117.)
For the reasons stated above with respect to those four Claims for Relief, the Court finds the conclusory allegations made are insufficient to state a cognizable claim, see Iqbal, 556 U.S. at 678, and, to the extent the Eighth Claim for Relief is based on misrepresentations and omissions, it fails to comply with Rule 9(b), see Fecht, 70 F.3d at 1083 (9th Cir. 1995); see also JPMorgan Chase Bank N.A. v. Orca Assets G.P., L.L.C., 546 S.W. 3d 648, 653 (Tex. 2018) (setting forth elements of fraud under Texas law).
Accordingly, the Eighth Claim for Relief is subject to dismissal.
C. Leave to Amend
In their opposition, plaintiffs request leave to amend. As it appears plaintiffs may be able to amend to cure at least some of the deficiencies identified above with respect to standing, as well as pleading a cognizable claim for relief, plaintiff's request will be granted.
CONCLUSION
For the reasons stated above, Kimpton's motion to dismiss is hereby GRANTED, and the complaint is hereby DISMISSED in its entirety.
Any First Amended Complaint shall be filed no later than August 30, 2019.
IT IS SO ORDERED. Dated: August 8, 2019
/s/_________
MAXINE M. CHESNEY
United States District Judge