Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Green v. Ebay Inc.

United States District Court, E.D. Louisiana

May 4, 2015

COLLIN GREEN, Plaintiff,
v.
EBAY INC., Defendant Section:

ORDER AND REASONS

SUSIE MORGAN, District Judge.

Before the Court is Defendant eBay Inc.'s ("eBay") Motion to Dismiss Plaintiff's Class Action Complaint pursuant to Federal Rules of Civil Procedure 12(b)(1) and 12(b)(6).[1] In its motion, eBay first argues the Class Action Complaint should be dismissed pursuant to Rule 12(b)(1) because Plaintiff Collin Green, the sole named Plaintiff in this action, has failed to allege a cognizable injury-in-fact; therefore, he lacks Article III standing to pursue this case in federal court. In the alternative, eBay contends the Class Action Complaint should be dismissed pursuant to Rule 12(b)(6) for failure to state a claim upon which relief can be granted.

This case raises the issue of whether the increased risk of future identity theft or identity fraud posed by a data security breach confers Article III standing on individuals whose information has been compromised by the data breach but whose information has not yet been misused. After considering the parties' briefs and the relevant case law, the Court finds itself positioned with the majority of district courts that have held the answer is no. Because Plaintiff has failed to allege a cognizable Article III injury, the Court grants eBay's motion and dismisses the Class Action Complaint for lack of standing.

BACKGROUND

eBay is a global e-commerce website that enables its over 120 million active users to buy and sell in an online marketplace.[2] In its normal course of business, eBay maintains personal information of its users, including: names, encrypted passwords, dates of birth, email addresses, physical addresses, and phone numbers.[3] In February and March 2014, unknown persons accessed eBay's files containing this user information (the "Data Breach").[4] On May 21, 2014, eBay notified its users of the Data Breach and recommended that users change their passwords.[5] Although eBay also collects other information, including credit card and bank account information, there is no indication that any financial information was accessed or stolen during the Data Breach.[6]

Plaintiff Collin Green filed this 10-count consumer privacy putative class action against eBay on behalf of himself and all eBay users in the United States whose personal information was accessed during the Data Breach.[7] Plaintiff alleges that as a direct and proximate result of eBay's conduct, "Plaintiff and the putative class members have suffered economic damages, "[8] "actual identity theft, as well as (i) improper disclosures of their personal information; (ii) out-of-pocket expenses incurred to mitigate the increased risk of identity theft and/or identity fraud due to eBay's failures; (iii) the value of their time spent mitigating identity theft and/or identity fraud, and/or the increased risk of identity theft and/or identity fraud; (iv) and deprivation of the value of their personal information."[9] The Class Action Complaint asserts federal causes of action under the Federal Stored Communications Act, Fair Credit Reporting Act, and Gramm-Leach-Bliley Act and several state law causes of action, including negligence, breach of contract, and violation of state privacy laws. eBay now moves to dismiss the Class Action Complaint pursuant to Federal Rules of Civil Procedure 12(b)(1) for lack of standing and 12(b)(6) for failure to state a claim.[10]

ANALYSIS

The gravamen of eBay's motion to dismiss is that Plaintiff lacks Article III standing to bring this action in both his individual and representative capacities. eBay contends the Court lacks subject-matter jurisdiction because Plaintiff "has not alleged any cognizable injury whatsoever, and he thus lacks Article III standing."[11] eBay argues "Plaintiff does not allege that he has been injured by misuse of the stolen information[, ]... that anyone has used his password, or that anyone has even tried to commit identity fraud with his information-let alone that anyone has actually succeeded in doing so- and that he has thereby suffered harm."[12] Instead, eBay claims "Plaintiff relies on vague, speculative assertions of possible future injury-that maybe at some point in the future, he might be harmed.... But the speculative possibility of future injury does not constitute injury-in-fact."[13] eBay asserts that the Supreme Court recently made clear in Clapper v. Amnesty International USA that a future injury must be "certainly impending" to establish injury-in-fact, and "[b]ecause Plaintiff has not alleged specific facts constituting an injury that is present or certainly impending, ' Plaintiff lacks standing and the Complaint must be dismissed."[14] In support, eBay points to numerous post- Clapper data breach cases where courts have held that neither the increased risk of identity theft nor expenses incurred to mitigate this speculative risk constitute injury-infact as required for Article III standing.[15]

Plaintiff argues eBay has misconstrued recent Supreme Court case law on standing and contends the Class Action Complaint sufficiently alleges injury-in-fact because Plaintiff and the putative class members are now subject to the "statistically certain threat" of identity theft or identity fraud, and they have incurred, or will incur, costs to mitigate that risk.[16] Plaintiff states his personal information was stolen, along with that of all of the members of the putative class, and "[e]mpirical data shows a vast number of the class members will be significantly harmed."[17] Although Plaintiff concedes the entire class may not suffer injury, [18] he argues the Fifth Circuit "has explained... that the fact a section of the class may not suffer the damages alleged is not sufficient to destroy Article III standing; it is the allegation of injury that determines at this phase."[19]

"Article III of the United States Constitution limits the jurisdiction of federal courts to actual Cases' and Controversies.'"[20] "One element of the case-or-controversy requirement is that plaintiffs must establish that they have standing to sue."[21] Because standing is a matter of subject-matter jurisdiction, a motion to dismiss for lack of standing is properly brought pursuant to Federal Rule of Civil Procedure 12(b)(1).[22] Federal courts must dismiss an action if, "at any time, " it is determined that subject-matter jurisdiction is lacking.[23] As the party invoking federal jurisdiction, the plaintiff constantly bears the burden of establishing the jurisdictional requirements, including standing.[24]

"To establish Article III standing, a plaintiff must show (1) an injury in fact, ' (2) a sufficient causal connection between the injury and the conduct complained of, ' and (3) a likel[ihood]' that the injury will be redressed by a favorable decision.'"[25] The first prong focuses on whether the plaintiff suffered harm, the second focuses on who inflicted that harm, and the third focuses on whether a favorable decision will likely alleviate that harm.[26] Although all three elements are required for Article III standing, the injury-in-fact element is often determinative.[27]

In the class action context, "named plaintiffs who represent a class must allege and show that they personally have been injured, not that injury has been suffered by other, unidentified members of the class."[28] "[I]f none of the named plaintiffs purporting to represent a class establishes the requisite of a case or controversy with the defendants, none may seek relief on behalf of himself or any other member of the class."[29]

In this case, eBay contends Green, the only named Plaintiff, lacks standing because he has failed to allege a cognizable injury. The injury-in-fact element "helps ensure that the plaintiff has a personal stake in the outcome of the controversy."[30] Recently, the Supreme Court in Clapper v. Amnesty International USA provided guidance on the standard for establishing injury-in-fact:[31]

[A]n injury must be concrete, particularized, and actual or imminent.... Although imminence is concededly a somewhat elastic concept, it cannot be stretched beyond its purpose, which is to ensure that the alleged injury is not too speculative for Article III purposes-that the injury is certainly impending. Thus, we have repeatedly reiterated that threatened injury must be certainly impending ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.