Rogers v. SP Plus Corp., No. 2014-CH-15575 (Ill. Cir. Ct., filed Sept. 25, 2014).

After applying for a job at SP Plus Corporation, a parking, transportation, maintenance, security and event logistics services provider, plaintiff Travis Rogers allegedly received an email appearing to be from SP Plus’ recruiting department that requested him to provide certain personal information in a docusign file. Mr. Rogers later received an email from SP Plus revealing that the docusign email was not legitimate and was in fact a “Spear Fishing attack.” On September 25, Mr. Rogers filed a putative class action on behalf of all Illinois residents “who applied for employment with [SP Plus] and who was subject to a Spear Fishing [sic] attack” alleging that SP Plus’s failure to prevent the spear phishing attack constituted negligence, breach of implied contract, and a violation of the Illinois consumer fraud statute. According to the complaint, Mr. Rogers and the putative class members suffered “damages including, but not limited to loss of money and costs incurred as a result of increased risk of identity theft.”