Opinion
05 C 4599.
January 18, 2006
MEMORANDUM AND ORDER
Plaintiff Barbara Richardson seeks leave to amend her complaint to add a count under the Illinois Consumer Fraud and Deceptive Practices Act ("CFA"), 815 ILCS § 505/1, et seq. The court assumes familiarity with its prior order ruling on defendant DSW's motion to dismiss, which set forth the facts alleged in the original complaint in detail and dismissed Richardson's CFA claim. For the following reasons, Richardson's motion to amend is granted.
Background
Richardson seeks to amend her complaint to add newly discovered facts regarding the theft of credit information from DSW shoe shoppers. Richardson alleges, among other things, that credit card companies (American Express, Diners Club, Discover Card, Mastercard International, and/or Visa) notified DSW in writing of its contractual obligations regarding proper handling and disposal of credit and debit card information provided by customers to facilitate transactions. DSW chose not to abide by these contractual obligations in order to save money, and its failure to follow the procedures specified by the credit card companies led to the security breaches that form the basis of this suit. In response, DSW contends that amendment to add these facts is futile because the new facts do not cure the deficiencies previously identified by the court.
Standard for a Motion to Amend
Whether to grant a motion to amend is within the discretion of the trial court. Foman v. Davis, 371 U.S. 178, 182 (1962). Leave to amend a pleading "shall be freely given when justice so requires." Fed.R.Civ.P. 15(a). Under this standard, leave should be granted "[i]n the absence of any apparent or declared reason — such as undue delay, bad faith or dilatory motive on the part of the movant, repeated failure to cure deficiencies by amendments previously allowed, undue prejudice to the opposing party by virtue of allowance of the amendment, futility of amendment, etc." Foman, 371 U.S. at 182.Discussion
As the court noted in its order addressing DSW's motion to dismiss the original complaint, to state a violation of the CFA, a plaintiff must allege: "(1) an unfair or deceptive act or practice by the defendant; (2) the defendant's intent that plaintiff rely on the deception; and (3) the occurrence of the deception in the course of conduct involving trade or commerce." Parks v. Wells Fargo Home Mortgage, Inc., 398 F.3d 937, 942 (7th Cir. 2005). Moreover, a defendant's unfair or deceptive practice must be intentional and inure to the defendant's benefit in order to form the basis of a CFA claim. See id.
The court previously found that Richardson's failure to allege that DSW intentionally caused the security breach that led to the misappropriation of her credit and debit card information meant that she could not plead that DSW intentionally engaged in an unfair or deceptive act or practice. The proposed amended complaint cures this problem as it alleges that DSW intentionally failed to follow the security procedures mandated by its contracts with numerous credit card companies in order to save money and thus made its customer information vulnerable to hacking.
The court also held that the allegations in the original complaint did not support an inference that DSW received any benefit caused by the hackers theft of purchasers' credit information. The amended complaint asserts that DSW benefitted from its lax and thus cost-effective security measures. So, did DSW's alleged breach of its agreements with credit card issuers, which led to DSW's supposed cost-savings, count as a benefit under the CFA when a separate act (the hacking incident) actually harmed Richardson and other affected consumers and led to increased costs and negative publicity for DSW? The court finds that the benefit accruing from DSW's allegedly intentional corner-cutting to conserve costs is enough to satisfy the benefit prong.
To see why, the court propounds the following hypothetical. Suppose that the Art Institute of Chicago decides to remove the security system guarding one of its Van Gogh paintings to save money. This benefits the museum, as it lessens the overall cost of museum security. There is no downside as long as no one takes advantage of the security breach and steals the unguarded painting. So the museum benefits from the cost-saving measure of dispensing with part of its security system. It also necessarily must believe that this benefit is not offset by the risk that someone will steal the painting and hope that no one actually steals the painting.
For the sake of discussion, let us now assume that someone takes advantage of the reduced security and steals the unguarded Van Gogh. There are two moments at which one can assess whether the museum's decision to save money on security in fact benefitted the museum: (1) when it saved money by decreasing its security; and (2) after the painting disappeared, at which point the value of the painting would be offset against the value of the cost-saving program. The court finds that the first point in time is the appropriate moment as the cost-savings and the opportunity for someone to pull off the heist are a certain result of the decision to reduce security. In contrast, the second option (assessing the overall benefit to the museum as of the time the painting is stolen) is dependent on events outside the museum's control ( i.e., whether someone decides to steal the painting and is able to pull off the planned theft).
Similarly, in DSW's situation, its alleged decision to save money by not following the credit card companies' security measures is the key act. This decision not only allowed DSW to realize a definite benefit (reduced costs) but also created the opportunity for the hackers to steal customer credit information. Moreover, based on the facts alleged by Richardson, DSW should have reasonably foreseen the hacking incident given its purported failure to follow necessary procedures to protect consumer information. The court, therefore, concludes that the cost-saving measures and the resulting security breach are inseparable and thus form the basis of a benefit to DSW that can support a CFA claim.
This line of reasoning is supported by the fact that Illinois courts recognize that a plaintiff may recover damages under the CFA:
only when his injury is a direct and proximate result of an alleged violation of the act. Where an independent criminal act of a third person intervenes between defendant's act and plaintiff's injury, which causes the injury and without which the injury could not have occurred, the criminal act is a superseding cause of the injury relieving defendant of liability. However, if the criminal act is reasonably foreseeable at the time of defendant's act, the causal chain is not necessarily broken. The question of whether proximate cause existed is generally one of fact, however, a defendant may escape liability by demonstrating that the intervening event was unforeseeable as a matter of law. Petrauskas v. Wexenthaller Realty Management, Inc., 186 Ill.App.3d 820, 832 (1st Dist. 1989) (internal citations and quotations omitted). Given the procedural posture of this case, the court cannot find that the hacking incident was unforeseeable as a matter of law, so Richardson's new allegations support a cause of action based on the CFA.
DSW attempts to avoid this conclusion by citing the well-established proposition that "a `deceptive act or practice' involves more than the mere fact that a defendant promised something and then failed to do it." Zankle v. Queen Anne Landscaping, 311 Ill.App.3d 308, 312-13 (2d Dist. 2000) ("a naked breach-of-contract claim does not support a Consumer Fraud Act claim"). This rule is inapposite as Richardson's injury is based on illegal activity (the hacking) flowing from a breach of contract. She has not brought a breach of contract claim against DSW, and is not basing her CFA claim solely on DSW's alleged breach of the contracts between DSW and the credit card companies.
Accordingly, Richardson's motion to amend her complaint to add allegations supporting her CFA claim is granted. In light of this ruling, the court will not address the parties' remaining arguments.
Conclusion
For the above reasons, Richardson's motion to amend her complaint to add allegations supporting her CFA claim is granted. The clerk is directed to file Richardson's amended complaint instanter.