Enslin v. The Coca-Cola Company

136 F.Supp.3d 654 (2015)

Facts

It all started with a theft of fifty-five laptops allegedly containing the personal identification information (PII) of P and 74,000 other current and former employees of D. As an employee, P was required to provide P with his PII. This included P's Social Security number, address, bank account information, credit card numbers, driver's license information, and motor vehicle records. This data was stored by D on one or more laptop computers in an unencrypted format. D represented to P that, in exchange for his employment, his PII would be securely retained. In 2007, P left his job with D. Over a nearly six-year period, beginning in January 2007 and continuing through November 2013, fifty-five of these laptop computers were stolen from D. On November 17, 2013, Ds discovered that the theft had occurred and undertook efforts to recover the stolen laptops. Thomas William Rogers, an employee of D, was responsible for the theft of the laptops. Rogers was arrested. On February 23, 2014, D sent a letter to P, notifying him of the theft of the laptops and informing him that these laptops may have contained his PII. A few months later, P began to experience unauthorized uses of his finances and identity by unknown persons.  Identity thieves fraudulently purchased $958.44 of merchandise from Bloomingdale's, Inc., and had the merchandise shipped to an address in Staten Island, New York. The same identity thieves then used money from P's checking account to pay this bill. P was forced to close that account, incurring a $17.00 charge. They struck again on April 8, 2014, by ordering $825.86 of merchandise from Fingerhut and delivered to the same address in Staten Island. The identity thieves also attempted to change the addresses for each of P's bank accounts to the same address in Staten Island. P's credit cards were hit as well. The identity thieves also attempted to open new credit cards. They successfully changed the address on P's Macy's credit card to an address in their control. P was required to expend time and effort in order to revert the changes the identity thieves had made to his Macy's credit card account. P closed his Macy's credit card account. An identity thief was able to obtain a job at United Parcel Service of America (UPS) using P's name. They also used cards on P's name to make overseas purchases in the Republic of Ireland. D eventually contacted P and offered him an upgrade to the credit monitoring service originally provided to him. p sued D on ten claims on behalf of himself and all others similarly situated. P in part alleges that Ds breached their contractual relationship with him when they failed to maintain the security of his PII.  D moved to dismiss for failure to state a claim under Rule 12(b)(6).