A federal court has dismissed with prejudice a data-breach suit filed by a group of credit unions against Noodles & Co., holding that the restaurant had no independent duty of care to the unions distinct from its contractual agreements with MasterCard and Visa. SELCO Cmty. Credit Union v. Noodles & Co., No. 16-2247 (D. Colo., order entered July 21, 2017). The plaintiffs, four credit unions whose cardholders’ information was compromised by the data breach, sued for negligence, negligence per se and declaratory relief, claiming they lost revenue due to decrease in card usage after the breach was publicized and incurred costs related to canceling and reissuing cards, responding to cardholder inquiries and monitoring accounts. The court held that economic loss rules in both Colorado and the unions’ home states barred recovery in tort for purely financial losses caused by negligence. Further, the court found, no independent duty exceptions to those rules existed and any duty of care Noodles & Co. allegedly breached arose from interrelated contracts coordinated by the payment networks.