Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Kuhns v. Scottrade, Inc.

United States Court of Appeals, Eighth Circuit

August 21, 2017

Matthew Kuhns, Individually and on behalf of all others similarly situated Plaintiff - Appellant/Cross-Appellee
v.
Scottrade, Inc., a Missouri Corporation Defendant-Appellee!Cross-Appellant

          Submitted: April 5, 2017

         Appeals from United States District Court for the Eastern District of Missouri - St. Louis

          Before WOLLMAN and LOKEN, Circuit Judges, and ROSSITER, [*] District Judge.

          LOKEN, Circuit Judge.

         In 2013, hackers accessed the internal database of Scottrade, a securities brokerage firm based in St. Louis, Missouri. The hackers acquired personal identifying information ("PII") of over 4.6 million Scottrade customers, including plaintiff Matthew Kuhns, and exploited the information to operate a stock price manipulation scheme, illegal gambling websites, and a Bitcoin exchange. Kuhns and three others affected by the data breach brought putative class actions against Scottrade. After the actions were consolidated in the United States District Court for the Eastern District of Missouri, plaintiffs filed a Consolidated Class Action Complaint under the Class Action Fairness Act, 28 U.S.C. § 1332(d), asserting, as relevant here, claims of breach of contract, breach of implied contract, unjust enrichment, declaratory judgment, and violation of the Missouri Merchandising Practices Act ("MMPA"), Mo. Rev. Stat. § 407.025. The district court[1] concluded plaintiffs lacked Article III standing because they had not suffered injury in fact and dismissed the Consolidated Complaint for lack of subject matter jurisdiction. The court's judgment dismissed the Consolidated Complaint with prejudice. Kuhns appealed, and Scottrade filed a cross-appeal arguing that, even if plaintiffs have standing, Kuhns failed to state a claim upon which relief can be granted. We conclude that plaintiffs have Article III standing, at least for their contract-related claims. We affirm the dismissal with prejudice because the Consolidated Complaint did not state claims upon which relief can be granted.

         I. Background.

         When Kuhns opened a Scottrade account in 2005, he signed a Brokerage Agreement and provided Scottrade with his name, address, social security number, tax identification number, telephone number, employer information, and work history. The Brokerage Agreement provided that Kuhns agreed to pay Scottrade brokerage fees and commissions for purchases and sales of securities "on a per order basis." Addendum 2 of the Brokerage Agreement was Scottrade's "Privacy Policy and Security Statement" describing "how we protect your personal and financial information that we collect in the course of providing our financial services."

         The Statement explained that Scottrade collects customers' PII but will "maintain physical, electronic and procedural safeguards that comply with federal regulations to guard your nonpublic personal information, " and "offers a secure server and password-protected environment . . . protected by Secure Socket Layer (SSL) encryption." In addition, the Consolidated Complaint alleges that an Online Privacy Statement represented: "We comply with applicable laws and regulations regarding the protection of personal information. . . . We use industry leading security technologies, including layered security and access controls over personal information."[2] A document available on Scottrade's website represented: "We keep all customer information confidential and maintain strict physical, electronic and procedural safeguards to protect against unauthorized access to your information."

         Between September 2013 and February 2014, hackers successfully accessed Scottrade's customer databases, extracting the PII of more than 4.6 million Scottrade customers, including Kuhns. The hackers used the acquired PII to operate a stock price manipulation scheme and "operated a dozen illegal Internet gambling websites, and a Bitcoin exchange." The FBI informed Scottrade of the data breach in August 2015. Scottrade sent affected customers a notice of the data breach on October 2, one week after the FBI advised Scottrade that it could inform its customers. The notice explained that customer PII may have been compromised and encouraged customers to be "vigilant for the next 12 to 24 months and report any suspected incidents of fraud." Scottrade arranged to have customers pre-qualified for one year of identity repair and protection services "with no enrollment required, " and offered customers free enrollment in one year of credit monitoring and identity theft insurance.

         Plaintiffs' Consolidated Class Action Complaint asserted that Scottrade provided deficient cybersecurity in violation of its "contractual and other obligations, " resulting in a data breach "by people willing to use the information for any number of improper purposes and scams, including making the information available for sale on the black-market." Kuhns alleged that a portion of the fees paid in connection with his Scottrade account "were used for data management and security, " but "one or more data thieves . . . transferred, sold, opened, read, mined and otherwise used Mr. Kuhns' PII, without his authorization, to their financial benefit and his financial and other detriment." The Complaint alleged that plaintiffs faced an immediate and continuing increased risk of identity theft and identity fraud; incurred financial costs of monitoring their credit and financial accounts to mitigate against that risk; received Brokerage Agreement services diminished in value and therefore overpaid Scottrade for those services; suffered economic damage from the decline in value of their PII; and suffered invasion of privacy and breach of confidentiality.

         Scottrade filed a Motion to Dismiss for lack of subject matter jurisdiction and for failure to state a claim. The district court granted the Rule 12(b)(1) Motion to Dismiss for lack of subject matter jurisdiction because plaintiffs did not have standing to bring their claims. Kuhns (but not the other plaintiffs) appeals that ruling. The district court did not address Scottrade's fully briefed Rule 12(b)(6) Motion to Dismiss for failure to state a claim. Scottrade urges us to affirm the Rule 12(b)(1) dismissal and in a cross appeal urges us to dismiss for failure to state a claim. With the appeal fully briefed and awaiting oral argument before this court, Kuhns filed a motion to voluntarily dismiss his appeal and to dismiss Scottrade's cross-appeal. Kuhns argued that the litigation should proceed in a California action filed by

          Kuhns's attorneys on behalf of a non-appealing co-plaintiff following the district court's dismissal, which had been remanded to state court based on the district court's ruling that there was no federal subject matter jurisdiction.

         II. Standing.

         We review a district court's dismissal for lack of subject matter jurisdiction de novo. Diversified Ingredients, Inc. v. Testa, 846 F.3d 994, 995 (8th Cir.), cert. denied, 2017 WL 1426363 (2017). Like the district court, we consider Scottrade's facial attack on jurisdiction based on the face of the Consolidated Complaint and on other materials necessarily embraced by the pleadings, such as relevant contract documents. See Zean v. Fairview Health Servs., 858 F.3d 520, 526-27 (8th Cir. 2017). We accept ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.