Lewert v. P.F. Chang’s China Bistro, Inc., No. 1:14-cv-04787 (N.D. Ill.).

As we described in July and September, P.F. Chang’s was hit with three putative class actions following its announcement of a point-of-sale data breach. On August 29, P.F. Chang’s moved for dismissal of the first two cases, now consolidated in the Northern District of Illinois. In their complaints, plaintiffs John Lewert and Lucas Kosner alleged that by failing to safeguard customer information, P.F. Chang’s breached an implied contract and violated consumer protection laws. The plaintiffs did not bring a breach of express contract claim. P.F. Chang’s argues that the plaintiffs acknowledge the existence of an express contract by alleging that “a portion of the services [they] purchased” at P.F. Chang’s was “compliance with industry-standard measures” for data security and that they were “deprived of the full monetary value of [their] transaction.” The existence of an express contract, P.F. Chang’s argues, precludes the implied contract and consumer fraud claims. In addition, P.F. Chang’s further argues that the plaintiffs failed to allege harm because, inter alia, they are not responsible for paying any fraudulent charges, purchasing credit monitoring services is “an unreasonable response to the data compromise,” and payment of menu prices is not “overpayment” since they could not have negotiated a discount.

In a response brief filed September 22, the plaintiffs deny the existence of an express contract and argue that even if one does exist, it is silent as to data security obligations and therefore does not preclude the other claims. They also maintain that they have adequately alleged actual harm through specific fraudulent charges on Mr. Kosner’s debit card, the deprivation of reward points while Mr. Kosner waited for his card to be reissued, the purchase of credit monitoring services, and the payment for meals that  the plaintiffs would not have purchased had they “known that their information would be stolen.”