Commentary Addressing Risks and Opportunities Through the Lifecycle of Data, Technology, Advertising and Innovation

Data Counsel

Home | Data Counsel

U.S. Bank&nbsp;removed a putative class action complaint filed by an online merchant named Paintball Punks to U.S. District Court in Minneapolis on December 6.&nbsp;&nbsp;The complaint (<a href="http://dataprivacymonitor.bakerhostetlerblogs.com/wp-content/uploads/sites/5/2010/12/Paintball-v-USBank.pdf">Paintball v USBank.pdf</a>)&nbsp;alleges that&nbsp;Paintball Punks suffered chargeback losses of&nbsp;$11,259.91 from nine transactions that were fraudulently billed to U.S. Bank-issued credit cards as&nbsp;a result of U.S. Bank's failure to "remedy known data breaches in its own system."&nbsp; Indeed, Paintball Punks claims&nbsp;that U.S. Bank must have suffered a data breach (an allegation supported by alleged acknowledgements to Paintball Punks from two U.S. Bank employees that&nbsp;the bank knew for some time that it had a data breach), but that U.S. Bank did not immediately notify all affected cardholders and it did not cancel the at-risk cards.&nbsp; Instead, the complaint claims that U.S. Bank&nbsp;concealed the breach and&nbsp;only cancelled cards on a case-by-case basis after it received complaints about fraudulent transactions on a specific card. The putative class is all merchants in the United States that received chargeback claims from U.S. Bank "with regard to cards that were the subject of a data breach at U.S. Bank or its affiliates."&nbsp; The complaint contains three claims: (1) Aiding and Abetting Fraudulent Transactions; (2) Intentional Interference with Contractual Relations with Merchant Bank; and (3) Violation of Minnesota's Consumer Protection Statutes.&nbsp; It is worth noting that, although Paintball Punks' complaint faults U.S. Bank for not giving notice of a purported data breach, Paintball Punks does not allege where such a notice obligation arises from.&nbsp; Indeed,&nbsp;Paintball Punks does not allege&nbsp;privity of contract with U.S. Bank, nor does&nbsp;it claim that U.S. Bank failed to comply with any state or federal notice obligation.&nbsp;&nbsp;&nbsp;&nbsp;

If There is Credit Card Fraud, There Must Have Been a Breach