In Community Bank of Trenton v. Schnuck Markets, Inc., 887 F. 3d 803 (7th Cir. 2018), the court of appeals affirmed the district court's dismissal of credit card issuing bank claims against grocery stores that experienced a data breach. Hackers infiltrated the computer networks at Schnuck Markets, a Midwestern grocery store chain, and stole the data associated with roughly 2.4 million credit and debit cards. By the time the intrusion was detected, financial losses from unauthorized purchases and cash withdrawals reached into the millions. Card-issuing banks and credit unions were required to indemnify their card-holding customers for the losses. The banks had no contract directly with Schnuck Markets, but they were participants in a card payment system that included the card network (i.e., Visa), the acquiring and issuing bank, merchant and customer. The court of appeals ruled that the economic loss rule barred the banks' tort claims; the merchant's failure to adopt adequate security measures did not amount to negligence per se; the merchant was not unjustly enriched; the banks could not recover under a third-party beneficiary theory; the merchant's failure to implement and maintain reasonable payment card data security measures did not constitute an "unfair practice" under the Illinois Consumer Fraud and Deceptive Business Practices Act (ICFA); and the banks failed to plead a claim under the ICFA based on the retailer's violation of the Illinois Personal Information Protection Act.