Summary
holding that being spammed is not a GBL injury
Summary of this case from Cohen v. Casper Sleep Inc.Opinion
No. 08 Civ 5359.
March 12, 2009.
Jennifer Feldscher, David Andrew Stampley, Kamber Edelson, LLC, New York, NY, for Plaintiff.
Alissa Miriam Ifowodo, Gordon Schnell, Robert L. Begleiter, Constantine Cannon PC, New York, NY, for Defendants.
DECISION AND ORDER
Plaintiff Stacy Cherny ("Cherny") brought this action against defendants Emigrant Bank ("Emigrant") and John Does 1 to 100, alleging a violation of Section 349 of New York General Business Law ("Section 349"), breach of fiduciary duty, breach of contract, and negligent misrepresentation. Cherny seeks compensatory and equitable relief for the alleged disclosure of his e-mail address and the potential dissemination of certain confidential information from his account at Emigrant, and he purports to represent a class of plaintiffs who allegedly have suffered the same harms. Emigrant now moves pursuant to Federal Rule of Civil Procedure 12(b)(6) ("Rule 12(b)(6)") to dismiss the amended complaint, filed September 15, 2008 ("Amended Complaint"). For the reasons stated below, Emigrant's motion to dismiss is GRANTED.
I. BACKGROUND
The facts below are taken from the Amended Complaint, which the Court accepts as true for the purpose of ruling on a motion to dismiss. See Spool v. World Child Int'l Adoption Agency, 520 F.3d 178, 180 (2d Cir. 2008) (citing GICC Capital Corp. V. Tech. Fin. Group, Inc., 67 F.3d 463, 465 (2d Cir. 1995)).
In or around mid-2006, Cherny opened a money-market depository account with EmigrantDirect, an online banking division of Emigrant. Cherny provided EmigrantDirect with a unique e-mail address he created specifically for account correspondence with Emigrant. Cherny never published, used, or provided this e-mail address to any other person. Shortly after providing the e-mail address to Emigrant, Cherny began to receive spam at that e-mail address. According to Cherny, other account holders also received spam at the e-mail addresses they provided to EmigrantDirect.
Cherny filed the initial complaint in this matter on June 11, 2008. On July 31, 2008, Emigrant filed a motion to dismiss. At a conference held on August 29, 2008, the Court permitted Cherny to amend his complaint to remedy the deficiencies identified by Emigrant in its motion to dismiss.
In the Amended Complaint, Cherny alleges that Emigrant violated its Consumer Privacy Policy, which states that the bank "ensure[s] the confidentiality of all of your confidential information," when it disclosed account information and subsequently failed to notify account holders of the security breach. (Amended Complaint ¶¶ 1, 4.) Cherny alleges that these actions constitute a violation of Section 349, breach of fiduciary duty, breach of contract, and negligent misrepresentation.
Emigrant now moves to dismiss the Amended Complaint, arguing that the claims against it fail because: (1) no legally cognizable injury has been alleged; (2) the requisite pleading standard under the Federal Rules of Civil Procedure has not been satisfied; and (3) the requisite elements of the individual claims for relief have not been satisfied.
II. DISCUSSION
A. LEGAL STANDARD
In assessing a motion to dismiss under Rule 12(b)(6), dismissal of the complaint is appropriate if the plaintiff has failed to offer sufficient factual allegations making the asserted claim plausible on its face. See Iqbal v. Hasty, 490 F.3d 143, 157-58 (2d Cir. 2007). A court should not dismiss a complaint for failure to state a claim if the factual allegations sufficiently "raise a right to relief above the speculative level." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). The task of the court in ruling on a motion to dismiss is to "assess the legal feasibility of the complaint, not to assay the weight of the evidence which might be offered in support thereof." In re Initial Pub. Offering Sec. Litig., 383 F. Supp. 2d 566, 574 (S.D.N.Y. 2005) (internal quotation marks and citation omitted). The court must accept all well-pleaded factual allegations in the complaint as true, and draw all reasonable inferences in the plaintiff's favor. See Chambers v. Time Warner, Inc., 282 F.3d 147, 152 (2d Cir. 2002).
B. APPLICATION
1. No Actual Injury or Damages Alleged
Actual injury or damages is an element of three of the claims Cherny has asserted against Emigrant: violation of Section 349; breach of fiduciary duty; and breach of contract. See Cohen v. JP Morgan Chase Co., 498 F.3d 111, 126 (2d Cir. 2007) (identifying injury as one of the three elements in establishing a Section 349 claim); SCS Commc'ns, Inc. v. Herrick Co., 360 F.3d 329, 342 (2d Cir. 2004) (identifying damages as an element for establishing breach of fiduciary duty); First Investors Corp. v. Liberty Mut. Ins. Co., 152 F.3d 162, 168 (2d Cir. 1998) (identifying damages as an element for establishing breach of contract claim).
Cherny alleges several harms, the most basic of which is the non-receipt of an "expected level of service." (Plaintiff's Memorandum in Opposition to Defendant Emigrant Bank's Motion to Dismiss at 13.) He further alleges that as a result of the failures on Emigrant's part, he and other class members have suffered a loss of privacy; undue risk in the acquisition and/or conversion of their confidential information; loss of the benefit of the bargain; deprivation of the opportunity to choose to preserve the benefit of the bargain; and deprivation of the opportunity to choose to protect their privacy interests. (See Amended Complaint, ¶ 58.)
Cherny's claims arise from the alleged disclosure of his personal e-mail address more than two years ago. Cherny maintains that he has incurred damages as a result of the loss of his confidential information, and that the loss of something intangible or something with an unknown or undefined monetary value, such as an e-mail address, can constitute an injury. Courts have held, however, that the release of potentially sensitive information alone, without evidence of misuse, is insufficient to cause damage to a plaintiff. See Key v. DSW, Inc., 454 F. Supp. 2d 684, 690 (S.D. Ohio 2006) (finding that being subjected to an increased risk of identity theft or other related financial crimes when unauthorized persons obtained access to customers' confidential financial information is not an actual or imminent injury); Forbes v. Wells Fargo, 420 F. Supp. 2d. 1018, 1021 (D. Minn. 2006) (holding that bank customers whose personal information was stolen from a company that had been retained by the bank did not suffer any present injury or reasonably certain future injury); Giordano v. Wachovia Sec., L.L.C., No. 06-476, 2006 WL 2177036, at *4 (D.N.J. July 31, 2006) (finding that plaintiff failed to show an actual or imminent injury when she alleged the potential of identity theft, rather than the actual theft and misuse of her identity). This Court finds that the release of an e-mail address, by itself, does not constitute an injury sufficient to state a claim under any of the legal theories Cherny asserts.
Courts have differed as to whether the disclosure of a personal e-mail address is an invasion of privacy. See Nkihtagmikon v. Bureau of Indian Affairs, 493 F. Supp. 2d 91, 108 (D. Me. 2007) (disclosure of personal email addresses is a "clearly unwarranted invasion of personal privacy"); ASIS Internet Servs. v. Active Response Group, No. C07 6211, 2008 WL 2129417, at *4 (N.D. Cal. May 20, 2008) ("customers (and former customers) have some privacy interest in their email addresses"); but see Estate of Rice ex rel. Garber v. City and County of Denver, Colo., No. 07-CV-01571, 2008 WL 2228702, at *4 (D. Colo. May 27, 2008) ("Common experience is that most people do not adequately protect from disclosure their birth dates, home addresses or telephone numbers, e-mail addresses, or drivers' license numbers so as to reasonably call them private or confidential."). Regardless, the Court here focuses on whether the disclosure of an e-mail address can constitute an injury or damages as required by Cherny's claims asserting violation of Section 349, breach of contract, and breach of fiduciary duty.
Cherny also alleges that his personal or financial information most likely resides in the same database as his e-mail address, and that it is possible that this information was compromised. As noted above, courts have also held that the risk of some undefined future harm is too speculative to constitute a compensable injury. See Key, 454 F. Supp. 2d, at 690; Forbes, 420 F. Supp. 2d, at 1021; Giordano, 2006 WL 2177036, at *4. The Court finds that Cherny's concern that his confidential information may at some point be acquired is "solely the result of a perceived and speculative risk of future injury that may never occur."Shafran v. Harley-Davidson, Inc., No. 07 Civ. 01365, 2008 WL 763177, at *3 (S.D.N.Y. Mar. 20, 2008). "Courts have uniformly ruled that the time and expense of credit monitoring to combat an increased risk of future identify theft is not, in itself, an injury the law is prepared to remedy." Id.
Cherny has alleged only one specific harm. The Amended Complaint states that "Cherny provided Emigrant with a unique e-mail address he created specifically for account correspondence with Emigrant" and that Cherny subsequently "began to receive spam at that e-mail address." (Amended Complaint ¶¶ 22-23.) The receipt of spam by itself, however, does not constitute a sufficient injury entitling Cherny to compensable relief. See Burgess v. Eforce Media, Inc., No. 1:07CV231, 2007 WL 3355369, at *6 (W.D.N.C. Nov. 9, 2007) ("While all internet users, including this court, are frustrated by unwanted and unwelcomed emails, and viruses, the end internet user has no legal recourse for such frustration. Instead, our remedies are found in Spam blockers, which of course are not always effective."); Gordon v. Virtumundo, Inc., No. 06-0204, 2007 WL 1459395, at *8 (W.D. Wash. May 15, 2007) (plaintiffs lacked standing under the CAN-SPAM Act of 2003 because the harm suffered "must rise beyond the level typically experienced by consumers — i.e., beyond the annoyance of spam"); Smith v. Chase, 741 N.Y.S. 2d 100, 102 (2d Dept. 2002) (finding that the offering of products and services via junk mail to customers whose confidential information had been allegedly sold to a third party by the bank did not qualify as an actual harm). The Court therefore finds that Cherny has not pled sufficient injury to state a claim for relief based on receiving spam.
Because Cherny has not alleged an actual injury for which damages are appropriate, the motion to dismiss is granted as to his claims pursuant to violation of Section 349, breach of fiduciary duty, and breach of contract.
2. No Negligent Misrepresentation Claim
With respect to Cherny's claim of negligent misrepresentation, under New York's economic loss rule, a plaintiff asserting a claim of negligent misrepresentation who has not suffered any personal or property damage is limited to an action in contract. See Manhattan Motorcars, Inc. v. Automobili Lamborghini, S.p.A., 244 F.R.D. 204, 212, 215 (S.D.N.Y. 2007). As discussed above, Cherny's breach of contract and other claims fail for lack of actual injury or damages, and he therefore has not alleged personal or property damage. His negligent misrepresentation claim is therefore limited to an action in contract, which cannot succeed. Emigrant's motion to dismiss as to Cherny's negligent misrepresentation claim is granted.
C. NO REMAINING DEFENDANTS
Cherny has not named or served any of the unknown defendants referred to in his Amended Complaint. Thus, upon dismissal of the claims against Emigrant, no defendants will remain in this action.
III. ORDER
For the reasons discussed above, it is hereby
ORDERED that the motion (Docket No. 4) of defendant Emigrant Bank to dismiss the amended complaint of plaintiff Stacy Cherny is GRANTED.
The Clerk of the Court is directed to withdraw any pending motions and to close this case.