Community Bank of Trenton v. Schnuck Markets, Inc., No. 17-2146 (7th Cir. 2018)Annotate this Case
In 2012, hackers infiltrated the computer networks at Schnuck Markets, a large Midwestern grocery store chain based in Missouri, and stole the data of about 2.4 million credit and debit cards. By the time the intrusion was detected and the data breach was announced in 2013, the financial losses from unauthorized purchases and cash withdrawals had reached the millions. Financial institutions filed a class action, having issued new cards and reimbursed customers for losses as required by 15 U.S.C. 1643(a). They asserted claims under the common law and Illinois consumer protection statutes (ICFA). The Seventh Circuit affirmed the dismissal of the suit. The financial institutions sought reimbursement for their losses above and beyond the remedies provided under the credit-debit card network contracts; neither Illinois or Missouri would recognize a tort claim in this case, where the claimed conduct and losses are subject to these networks of contracts. Claims of unjust enrichment, implied contract, and third-party beneficiary also failed because of contract law principles. The plaintiffs did not identify a deceptive guarantee about data security, as required for an ICFA claim, nor did they identify how Schnucks’ conduct might have violated the Illinois Personal Information Protection Act.