Shook, Hardy & Bacon Partner Al Saikali discusses the recent Illinois federal court decision in Community Bank of Trenton et al. v. Schnuck Markets Inc. in a September 29 Law360 article, “Banks Held to Higher Standard in Schnucks Breach Ruling.”
In Community Bank of Trenton et al. v. Schnuck Markets Inc., Community Bank of Trenton, University of Illinois Employees Credit Union and two other payment card issuers filed a 13-count complaint against grocer merchant Schnucks over a breach that compromised millions of shoppers’ data. The complaint alleged various racketeering, negligence, contract and fraud claims. Chief Judge Michael J. Reagan of the Southern District of Illinois ruled in favor of Schnucks, emphasizing that a “critical distinction” needs to be made between a merchant’s relationship with financial institutions verses a merchant’s relationship with consumers. As financial institutions are deemed to be more sophisticated than consumers, their claims are held to a higher standard, requiring financial institutions to bring and prove more specific and detailed allegations.
Banks have been more successful than consumers in demonstrating harm in data breach lawsuits. "While demonstrating harm in consumer class actions arising from payment card breaches is difficult because consumers are refunded for any fraudulent charges to their card, demonstrating harm in lawsuits brought by financial institutions left 'holding the bag' for refunding consumers for fraudulent charges should theoretically be easier,” Saikali explains. "There is a more concrete harm financial institutions can allege."
Though the Judge ruled for Schnucks, he left the option available for banks to appeal all but two of their claims. "If [it goes up on appeal], it will be interesting to see what the Seventh Circuit does, given the low bar for standing in consumer data breach cases established in the Neiman Marcus case," Saikali notes.