On December 10, 2014, a United States District Court in the Northern District of Illinois dismissed the class action complaints filed by two customers of P.F. Chang’s China Bistro who alleged damages resulting from a data security breach that affected 33 P.F. Chang’s restaurants in 18 states. The plaintiffs asserted that P.F. Chang’s alleged failure to comply with reasonable data security standards breached an implied contract with its customers to protect their credit card information and also constituted a violation of the Illinois Consumer Fraud and Deceptive Business Practices Act. The court granted P.F. Chang’s motion to dismiss the claims on the basis that the plaintiffs failed to allege they suffered an injury sufficient to establish standing.
The plaintiffs—two P.F. Chang’s customers—filed suit against P.F. Chang’s following P.F. Chang’s June 12, 2014 announcement of a data security breach involving the theft of customers’ credit and debit card data. The plaintiffs alleged that they had incurred several types of damages stemming from P.F. Chang’s data security breach. First, the plaintiffs alleged that their purchase from P.F. Chang’s included a charge for the protection of their personal information, and that by virtue of P.F. Chang’s failure to provide that protection, the plaintiffs had overpaid for those services. The plaintiffs also claimed monetary damages for losses arising from fraudulent charges and resulting bank fees. They claimed an opportunity cost for the inability to accrue rewards points during the time it took to cancel and replace their stolen credit cards. Finally, the plaintiffs claimed damages due to the costs associated with identity theft and the increased risk of identity theft. P.F. Chang’s moved to dismiss the complaint, arguing that the plaintiffs failed to allege an injury sufficient to confer standing.
Please see full alert below for more information.