Opinion
CV-23-00207-PHX-KML
12-23-2024
Joshua Quinalty and Alene Motta, on behalf of himself and all others similarly situated, Plaintiff, v. FocusIT LLC, Defendant.
ORDER
Honorable Krissa M. Lanham United States District Judge
Defendant FocusIT, LLC, a software vendor, possessed the personal data of plaintiffs Joshua Quinalty and Alene Motta when its computer systems were compromised. Quinalty and Motta had provided their data to non-parties (like banks and mortgage lenders) when applying for mortgage and loan services and the non-parties in turn provided it to FocusIT. When FocusIT's data systems were compromised on June 1, 2022, Quinalty and Motta's personal data was exposed. They filed an amended putative class action complaint against FocusIT on behalf of themselves and class members alleging FocusIT (1) negligently managed their data; and (2) was unjustly enriched as a result. FocusIT moved to dismiss Quinalty and Motta's complaint and strike their class allegations. FocusIT's motion to dismiss is granted and its motion to strike is denied as moot.
I. Background
FocusIT provides software for banks and financial institutions to “process financial transactions, such as loan applications.” (Doc. 36 at 2.) As a condition of providing this software, FocusIT requires these banks and financial institutions to provide personal identifying information (“PII”) of its customers. (Doc. 36 at 5.) These banks in turn require their customers to submit their PII to the banks to receive certain financial services. (Doc. 36 at 15.) The banks and financial institutions then “entrust” their customers' PII to FocusIT. (Doc. 36 at 2.)
On June 1, 2022, unknown actors “compromised a system” in FocusIT's “environment,” exposing to cybercriminals the names, birth dates, addresses, and social security numbers of 147,799 people. (Doc. 36 at 11.) Two months later, the Texas Financial Crimes Intelligence Center (“TFCIC”) notified FocusIT it had detected the breach. (Doc. 36 at 11.) FocusIT was not aware of the breach before the TFCIC's warning. (Doc. 36 at 11.) Governmental authorities reported that the breach resulted from a phishing attack. (Doc. 36 at 11.)
Nearly two months later on September 28, 2022, FocusIT began to notify victims of the data breach. (Doc. 36 at 12.) FocusIT offered free credit monitoring services for a year to those impacted by the breach. (Doc. 36 at 3.)
Quinalty alleges his PII was included in the data breach and as a result he purchased additional credit monitoring services, experienced an increase in spam phone calls, messages, and targeted advertisements, spent approximately twelve hours responding to the breach, and is subject to “the present and continuing risk of fraud, identity theft, and misuse resulting from his PII . . . being placed in the hands of unauthorized third parties/criminals.” (Doc. 36 at 16-17.) To his knowledge, he had never been the victim of a data breach before. (Doc. 36 at 15.) But while the breach was occurring, he alleges two iPhones were purchased under “his Verizon account using a fake ID that contained his PII.” (Doc. 36 at 16.)
Motta also alleges that her data was included in the breach and a result she experienced an increase in spam emails, text messages, and phone calls, including “‘vishing' phone calls from unknown callers engaging in attempted scams”; spent approximately three hours responding to the breach; and discovered her PII was detected on the “dark web” where “[h]ackers can access and then offer for sale” unencrypted PII. (Doc. 38 at 12, 18-19.) As a result, she alleges she has experienced anxiety and emotional distress, including sleep disruption, stomach issues, and trouble focusing. (Doc. 36 at 18.)
Quinalty and Motta filed claims of negligence, unjust enrichment, and violations of the Arizona Consumer Fraud Act (“ACFA”) against FocusIT on behalf of themselves and a putative nationwide class consisting of all United States residents whose PII was compromised in the data breach. (Doc. 26 at 28-38.) FocusIT moved to dismiss the claims, arguing Quinalty and Motta lacked standing and failed to state a claim. (Doc. 27.) The court granted the motion to dismiss in part, finding Quinalty and Motta failed to state a claim for negligence, unjust enrichment, or a violation of the ACFA. (Doc. 34 at 11.)
Quinalty and Motta filed an amended complaint realleging only their claims of negligence and unjust enrichment. (Doc. 36 at 30, 38-39.) FocusIT moved to dismiss again, arguing Quinalty and Motta lacked standing and failed to state a claim. FocusIT also moved to strike their class allegations. (Doc. 40 at 2.) FocusIT's motion to dismiss is granted because plaintiffs have failed to state a claim and its motion to strike is denied as moot.
II. Failure to Allege Jurisdiction
FocusIT moves to dismiss Quinalty and Motta's claims under Rule 12(b)(1) for lack of standing. Facial challenges under Rule 12(b)(1) “are adjudicated under the familiar Rule 12(b)(6) standard.” Bowen v. Energizer Holdings, Inc., 118 F.4th 1134, 1142 n.7 (9th Cir. 2024). Under a facial challenge, as here, the moving party accepts the truth of plaintiff's allegations but asserts they are “insufficient on their face to invoke federal jurisdiction.” Jones v. L.A. Cent. Plaza LLC, 74 F.4th 1053, 1056 n.1 (9th Cir. 2023) (quoting Leite v. Crane Co., 749 F.3d 1117, 1121 (9th Cir. 2014)).
“‘[A]t the pleading stage, plaintiffs must clearly allege facts demonstrating each element' of Article III standing and that the Iqbal pleading standards therefore apply in assessing the facial adequacy of allegations of standing.” Id. at 1056 (quoting Winsor v. Sequoia Benefits & Ins. Servs., LLC, 62 F.4th 517, 523-25 (9th Cir. 2023)). Standing is “an essential and unchanging part of the case-or-controversy requirement of Article III” of the United States Constitution. Lujan v. Defs. of Wildlife, 504 U.S. 555, 560 (1992). A plaintiff must show “(1) an injury in fact that is (a) concrete and particularized and (b) actual or imminent; (2) the injury is fairly traceable to the challenged action of the defendant; and (3) it is likely, not merely speculative, that the injury will be redressed by a favorable decision.” Maya v. Centex Corp., 658 F.3d 1060, 1067 (9th Cir. 2011) (quoting Friends of the Eart, Inc. v. Laidlaw Envtl. Servs., Inc., 528 U.S. 167, 180-81 (2000)).
The court previously rejected FocusIT's standing argument. (Doc. 34 at 5.) FocusIT resurrects that argument now, sometimes adding a slight twist. Because Quinalty, Motta, and the class plaintiffs all have standing, these arguments are rejected again.
First as to Quinalty, FocusIT argues he has not shown a fairly-traceable injury because it is unclear (1) whether the fraudulent charges were caused by the FocusIT data breach or a different breach; (2) Quinalty himself had to pay for the fraudulent charges; and (3) the credit monitoring services provided by FocusIT were inadequate. (Doc. 40 at 56.) FocusIT also argues Quinalty's injury is too speculative because he purchased credit reporting services based on a future risk that has not materialized. (Doc. 40 at 5-6.)
“[A] plaintiff meets the injury-in-fact requirement by alleging an increased risk of identity theft due to the theft of his or her PII even without alleging that any actual identity theft has occurred.” In re Banner Health Data Breach Litig., No. CV-16-02696-PHX-SRB, 2017 WL 6763548, at *2 (D. Ariz. Dec. 20, 2017) (citing Krottner v. Starbucks Corp., 328 F.3d 1139, 1140 (9th Cir. 2010)). Quinalty's complaint exceeds what is required under this standard by alleging the breach actually caused his identity to be stolen and then used to fraudulently purchase iPhones. (Doc. 36 at 15-16.) FocusIT's argument that Quinalty must meet a heightened pleading standard by alleging he was “financially responsible” for the iPhone charges, who purchased the phones, and where they were purchased, relies on case law that is not binding here and itself relies in part on overruled cases. (Doc. 40 at 5 (citing Green v. eBay Inc., No. CIV.A. 14-1688, 2015 WL 2066531, at *4 (E.D. La. May 4, 2015)).) At the motion to dismiss stage, Quinalty need not be so specific; even the time he alleges he spent sorting out the iPhone identity theft is cognizable for standing. See Remijas v. Neiman Marcus Grp., LLC, 794 F.3d 688, 692 (7th Cir. 2015) (victims of identity theft who were later reimbursed still bore “identifiable costs associated with the process of sorting things out.”); cf. Hyunh v. Quora, Inc., 508 F.Supp.3d 633, 650, 611 (N.D. Cal. 2020) (rejecting similar argument at summary judgment stage).
FocusIT argues a different data breach could have caused Quinalty's fraudulent charges. (Doc. 40 at 5.) But this factual question is inappropriate to resolve at this stage of the litigation. McAfee v. LifeStance Health Grp. Inc., No. CV-23-01144-PHX-DJH, 2024 WL 1115831, at *7 n.10 (D. Ariz. Mar. 13, 2024) (“[E]valuation of a motion to dismiss is limited to the four corners of the complaint.”).
FocusIT's attack on Quinalty's allegations that he purchased credit monitoring services because of the breach is similarly misplaced. Although expenses for mitigation do not themselves qualify as an actual injury where the harm is not imminent, Clapper v. Amnesty Int'l, 568 U.S. 398, 422 (2013), it is reasonable for a victim of a data breach to think it necessary to subscribe to credit monitoring services, as here. Remijas, 794 F.3d at 694. FocusIT itself provided credit monitoring for affected customers and “[i]t is unlikely that it did so because the risk is so ephemeral that it can safely be disregarded.” Id.; see also In re Anthem, Inc. Data Breach Litig., No. 15-MD-02617-LHK, 2016 WL 3029783, at *25-26 (N.D. Cal. May 27, 2016) (credit monitoring efforts constituted injury sufficient for standing).
Second, as to Motta, FocusIT argues her injuries are too speculative. (Doc. 40 at 6.) Motta alleges not only emotional distress and anxiety because of the data breach, but also time spent mitigating the impact-including research, contacting legal counsel, reviewing accounts for fraud, and performing a scan of the dark web showing her PII had been detected. (Doc. 36 at 18.) She also alleges she suffered an increase in spam emails, text messages, and phone calls due to the breach. (Doc. 36 at 19.) As the court found before, see Doc. 34 at 5 n.1, these allegations are sufficient for standing. See Callahan v. Ancestry.com Inc., No. 20-CV-08437-LB, 2021 WL 2433893, at *4 (N.D. Cal. June 15, 2021) (“In data-breach cases . . . anxiety and stress about a credible threat of future identity theft is injury in fact conveying Article III standing.”); see also Banner Health, 2017 WL 6763548 at *2 (when PII was stolen, “the plaintiffs' increased risk of identity theft was no longer conjectural, but real and immediate.”).
Finally, FocusIT argues the putative class as a whole lacks standing because the only injury pleaded is the conclusory statement they suffered “actual identity theft, emotional distress, and incurred out-of-pocket expenses.” (Doc. 40 at 8.) “Because putative class members are not before the court at the Rule 12 stage,” a jurisdictional objection is not “available” to FocusIT. Moser v. Benefytt, Inc., 8 F.4th 872, 878 (9th Cir. 2021). Furthermore, Quinalty and Motta have sufficiently alleged class members suffered an injury by alleging “an increased risk of identity theft due to the theft of his or her PII even without alleging that any actual identity theft has occurred.” Banner Health, 2017 WL 6763548, at *2.
Quinalty and Motta also now allege “Plaintiffs and Class Members have and will continue to spend time trying to mitigate the consequences of the Data Breach,” “damages to and diminution in the value of their PII,” “lost time, annoyance, interference, and inconvenience because of the Data Breach and a heightened concern for the loss of their privacy and PII,” and “physical harm, including identity theft committed by unknown malicious individuals using Plaintiffs' and Class Members' compromised PII to engage in transactions not authorized by Plaintiffs nor Class Members.” (Doc. 36 at 20-21.) These assertions meet the additional elements for common injury deficient in plaintiffs' earlier complaint (Doc. 34 at 6) and “plausibly suggest an entitlement to relief.” Ashcroft v. Iqbal, 556 U.S. 662, 681 (2009). All plaintiffs therefore have standing and Rule 12(b)(1) does not require dismissal.
III. Failure to State a Claim
FocusIT also moves to dismiss Quinalty and Motta's negligence and unjust enrichment counts for failure to state a claim. (Doc. 40 at 9.) “To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.'” Id. at 678 (quoting BellAtl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (internal citations omitted)). This is not a “probability requirement,” but a requirement that the factual allegations show “more than a sheer possibility that a defendant has acted unlawfully.” Id. A claim is facially plausible “when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. “[Determining whether a complaint states a plausible claim is context specific, requiring the reviewing court to draw on its experience and common sense.” Id. at 663-64.
a. Negligence
FocusIT argues Quinalty and Motta's negligence claim fails because they do not adequately allege duty, breach, and proximate cause. (Doc. 40 at 9.) “To establish a claim for negligence, a plaintiff must prove four elements: (1) a duty requiring the defendant to conform to a certain standard of care; (2) a breach by the defendant of that standard; (3) a causal connection between the defendant's conduct and the resulting injury; and (4) actual damages.” Gipson v. Kasey, 150 P.3d 228, 230 (Ariz. 2007) (en banc). Whether a duty exists is a matter of law and “[t]he other elements, including breach and causation, are factual issues usually decided by the jury.” Id. Quinalty and Motta have not pleaded these elements adequately to survive a motion to dismiss.
In Arizona, a duty may be based on either recognized common-law “special relationships”-relationships created by “contract, familial relationship, or joint undertaking”-or on relationships created by “public policy.” Cal-Am Props. Inc. v. Edais Eng'g Inc., 509 P.3d 386, 389 (Ariz. 2022); Quiroz v. ALCOA Inc., 416 P.3d 824, 830 (Ariz. 2018). Special relationships giving rise to a duty ordinarily require a “preexisting, recognized relationship between the parties.” Cal-Am Props., 509 P.3d at 390. Although in limited circumstances a joint undertaking may create a relationship between two parties not in privity with each other, a defendant in that type of third-party arrangement must have undertaken conduct “directly with or for a plaintiff.” Id. Arizona has explicitly declined to recognize special relationships created by foreseeability, that is, where it is foreseeable that a defendant's conduct would impact the victim. Id.; see also Gipson 150 P.3d at 231 (foreseeability of conduct does not create a duty).
Here, there is no special relationship between FocusIT and plaintiffs that would create a duty under Arizona law. Quinalty and Motta were not FocusIT's customers; they were the customers of the banks and mortgage lenders to which they provided their data. (Doc. 36 at 2 (“Plaintiffs and Class Members are former and present customers, applicants, and account holders of the banks and financial institutions that Defendant services”), 5 (“Defendant is a vendor of financial and information technology services and products . . . for banks and financial institutions . . . Defendant maintains the PII of customers of its business partners”), 15 (“Quinalty was required to provide his PII to a mortgage or loan company . . . . In turn, Plaintiff Quinalty's PII was provided to FocusIT[.]”), 17 (“Motta is a current mortgage applicant with a company which . . . is one of Defendant's customers”).) FocusIT did not undertake conduct “directly with or for” plaintiffs. See Cal-Am Props., 509 P.3d at 390. Instead, as the complaint alleges, it stored PII “for banks and financial institutions.” (Doc. 36 at 2.) And even if a direct relationship did exist, Arizona law requires the risk of physical harm to impute a duty of care. Guerra v. State, 348 P.3d 423, 425 (Ariz. 2015). Quinalty and Motta fail on both fronts to establish a special relationship.
Quinalty points to Travis v. Assured Imaging LLC, No. CV-20-00390-TUC-JCH, 2021 WL 1862446, at *5 (D. Ariz. May 10, 2021), to argue that the type of identity theft he experienced is considered a physical injury, but Travis only determined the harm was a sufficiently-alleged injury in fact for standing purposes, not for the merits of plaintiffs' negligence claim.
Public policy, established by state and federal statutes or the common law, can also create a duty to third parties with whom no direct relationship exists. Cal-Am, 509 P.3d at 390. The “declaration of ‘public policy'” is a primarily a legislative function, Quiroz, 416 P.3d at 830, and administrative regulations designed to protect the public from economic harm are not a source of duty. Cal-Am Props., 509 P.3d at 391. In the absence of statutory guidance, a duty “should be so thoroughly established as a state of public mind, so united and so definite and fixed that its existence is not subject to any substantial doubt.” Quiroz, 416 P.3d at 830. And a plaintiff alleging a public-policy duty must (1) be “within the class of persons to be protected by the statute,” and (2) have suffered the type of harm the statute “sought to protect against.” Id. at 829.
Quinalty and Motta rely on 15 U.S.C. § 45 as a source of public policy. That federal statute states: “[u]nfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce, are hereby declared unlawful.” 15 U.S.C. § 45(a)(1). Section 45 does not contain a private right of action and only allows the Federal Trade Commission (“FTC”) to initiate enforcement proceedings in “the interest of the public.” Lee v. PHH Mortg., No. CV-24-00057-TUC-SHR, 2024 WL 4364139, at *5 (D. Ariz. Sept. 30, 2024); 15 U.S.C. § 45(b).
Quinalty and Motta argue FocusIT committed “unfair or deceptive acts” in violation of 15 U.S.C. § 45 when it misrepresented “that it uses reasonable measures to protect from theft and misuse Plaintiffs' and Class Members' PII that Defendant obtained from its customers[.]” (Doc. 38 at 28-29.) But to hold that this statute creates a public-policy relationship would transform every business (mis)representation into an Arizona negligence claim, regardless of how distant the relationship between the parties or whether the plaintiff even knew of the misrepresentation. The court has “substantial doubt” that Arizona law would recognize such a sweeping public policy duty for a negligence claim. See Cal-Am Props., 509 P.3d at 391 (rejecting public safety statutes as a source of public policy). Moreover, if Quinalty and Motta fall “within the class of persons to be protected by the statute,” so does every member of the public. Arizona has rejected reasoning far more targeted and plaintiff-specific than this. Id.
Separately, Quinalty and Motta's attempt to elevate industry guidelines into a duty via 15 U.S.C. § 45 also fails under Arizona law. Quinalty and Motta allege in a conclusory fashion that FocusIT violated security guidelines and standards promulgated by the U.S. Cybersecurity & Infrastructure Security Agency, the Federal Bureau of Investigation, the FTC, the National Institute of Standards and Technology, the International Standardization Organization, and the Center of Internet Security Critical Security Controls. (Doc. 36 at 7.) They do not explain how these guidelines constitute industry standards and if they had, even administrative regulations that bind a defendant-unlike these-are not a source of duty in Arizona. Id. Moreover, FocusIT itself warned that although it tries to follow industry standards for data security, it “cannot guarantee [the] absolute security” of PII. (Doc. 36 at 29.) For multiple reasons, Quinalty and Motta's allegations are insufficient to create a public-policy-based duty.
This does not leave plaintiffs without a remedy. In contractor-subcontractor relationships, for instance, third parties who are economically harmed can “sue the general contractor it hired for breach ofcontract and, perhaps the subcontractor for breach of contract as a third-party beneficiary” or “obtain an assignment of liability from the contractor.” Id. FocusIT's alleged conduct could be “viewed . . . as a failure in the performance of [FocusIT's] obligations to its contractual partner[s,]” the banks and financial institutions, just “not as a breach of duty in tort” to plaintiffs. Cal-Am, 509 P.3d at 392.
Neither plaintiff has sufficiently alleged a duty consistent with Arizona law. But if they had, Motta's claim would nonetheless fail because she did not sufficiently plead damages. (Doc. 34 at 8.) Negligence damages must be actual and appreciable, non-speculative, and unlike the injury sufficient for standing, more than merely the threat of future harm. CDT, Inc. v. Addison, Roberts & Ludwig, 7 P.3d 979, 982-83 (Ariz.Ct.App. 2000). Motta alleges actual damages of lost time, present harm, threats of future harm, and misuse of data (including that her data was posted on the dark web). (Doc. 42 at 12; Doc. 36 at 18-19.) But lost time alone is not a cognizable form of damage. Griffey v. Magellan Health Inc., 562 F.Supp.3d 34, 45 (D. Ariz. 2021). Likewise, “[t]hreats of future harm, on their own, are not cognizable negligence injuries.” Id. at 46. And although the diminished value of PII can be a cognizable injury if the plaintiff shows a “robust market” for the PII and a deprivation of her ability to sell personal data on that market, Svenson v. Google Inc., No. 13-cv-04080-BLF, 2015 WL 1503429, at 5* (N.D. Cal. Apr. 1, 2015) (citing In re Facebook Privacy Litig., 572 Fed.Appx. 494 (9th Cir. 2014)), the “black market” is not a “legitimate market by which individuals may sell their information.” See Griffey, 562 F.Supp.3d at 46. Accordingly, Motta has not alleged sufficient damages and her negligence claim would be dismissed even if FocusIT owed her a duty.
Accordingly, Quinalty and Motta's negligence claim is dismissed.
b. Unjust Enrichment
“Unjust enrichment occurs when one party has and retains money or benefits that in justice and equity belong to another.” Loiselle v. Cosas Mgmt. Group, LLC, 228 P.3d 943, 946 (Ariz.Ct.App. 2010). The elements of an unjust enrichment are: “(1) an enrichment, (2) an impoverishment, (3) a connection between the enrichment and the impoverishment, (4) the absence of justification for the enrichment and the impoverishment, and (5) the absence of a remedy provided at law.” Span v. Maricopa Cnty. Treasurer, 437 P.3d 881, 886 (Ariz.Ct.App. 2019). FocusIT argues Quinalty and Motta have not alleged an enrichment. (Doc. 40 at 14-15.) FocusIT is correct.
The second amended complaint alleges that FocusIT was enriched by money paid to FocusIT's customers (i.e., the banks and mortgage lenders) that was then transferred to FocusIT. (Doc. 42 at 14.) But Quinalty and Motta do not plead an enrichment. They allege FocusIT benefited from their PII because “this was used to facilitate payment and services,” (Doc. 36 at 39) but they are simply describing the terms of the contract. FocusIT did not benefit because of an unalleged extrinsic value of their PII. They benefited because hosting this data was necessary to fulfill its obligations under contracts with banks and financial institutions. The benefit it received in exchange for these services was money, not the ability to possess plaintiffs' data.
Separately, Quinalty and Motta only plead an indirect relationship. Although under Arizona law Quinalty and Motta “need only show that a defendant acquired ‘money under circumstances which renders [defendant's] retention of the money inequitable,'” Dearing v. Magellan Health Inc. 2021 Ariz. Super. LEXIS 840, *13 (Ariz. Supp. Ct. May 3, 2021) (quoting Johnson v. Am. Nat. Ins. Co., 613 P.2d 1275, 1279 (Ariz.Ct.App. 1980)), every case they cite involved some payment for services on the plaintiffs' behalf, even if by a third party. Here, the data processing and hosting services FocusIT provided were for the banks, not the plaintiffs.
Because Quinalty and Motta were not directly benefited by FocusIT and FocusIT was not enriched by possessing their data, their claim fails.
c. Class Allegations
Because Quinalty and Motta, the only named plaintiffs, have not stated claims for relief and “possess the same interest and suffer the same injury shared by all members of the class [they seek to] represent[,]” Schlesinger v. Reservists Comm. to Stop the War, 418 U.S. 208, 216 (1974), their class-wide allegations are also dismissed under Rule 12(b)(6). See Robey v. Shapiro, Marianos & Cejda, L.L.C., 434 F.3d 1208, 1213 (10th Cir. 2006) (where named plaintiff's allegations are dismissed for failure to state a claim, class allegations must also be dismissed); Morrelli v. Corizon Health, Inc., No. 1:18-CV-1395-LJO-SAB, 2019 WL 918210, at *12 (E.D. Cal. Feb. 25, 2019) (collecting district court cases in which “[w]ithout a cognizable substantive underlying claim which the putative class could join, there was no basis for the use of a class action device and the class allegations were dismissed”). The portion of FocusIT's motion seeking to strike plaintiffs' class allegations (Doc. 40 at 15) is therefore denied as moot.
d. Leave to Amend
Despite two attempts, Quinalty and Motta have failed to state a claim. The facts they have now twice alleged show they do not have a relationship with FocusIT that would give rise to negligence or unjust enrichment claims under Arizona law. Granting leave to amend would therefore be futile. Cervantes v. Countrywide Home Loans, Inc., 656 F.3d 1034, 1041 (9th Cir. 2011). The first amended complaint (Doc. 30) is dismissed without leave to amend.
Accordingly, IT IS ORDERED the Motion to Dismiss (Doc. 40) is GRANTED.
IT IS FURTHERED ORDERED the Motion to Strike (Doc. 40) is DENIED as moot.
IT IS FURTHER ORDERED the amended complaint (Doc. 36) is DISMISSED WITH PREJUDICE. The Clerk of Court shall enter judgment in favor of defendants and close this case.