Irwin v. Jimmy John’s Franchise LLC, No. 2:14-cv-02275 (C.D. Ill., filed Nov. 6, 2014)

In September, Jimmy John’s announced that an intruder stole log-in credentials from its point-of-sale vendor and used these stolen credentials to remotely access the point-of-sale systems at about 216 stores, compromising the credit card information of customers of those stores for nearly three months. On November 6, Barbara Irwin, a customer, filed suit on behalf of a putative class of affected customers in 39 states and the District of Columbia.  Ms. Irwin claims that Jimmy John’s failure to secure its point-of-sale system and failure to notify the customers gave rise to claims for violations of state data breach statutes, breach of implied contract, bailment, unjust enrichment, and violations of the Arizona and Illinois consumer fraud statutes.  Ms. Irwin claims that she and the class suffered harm through fraudulent credit card charges and the risk of future identity theft.