Rider et al v. Uphold HQ Inc. et al, No. 1:2022cv01602 - Document 39 (S.D.N.Y. 2023)
Court Description: OPINION AND ORDER re: 31 MOTION to Dismiss First Amended Complaint. filed by Uphold HQ Inc., Juan Pablo Thieriot. The defendants' September 2, 2022 motion to dismiss is granted in part. The GBL § 349, breach of contra ct, breach of warranty, negligence, gross negligence, unjust enrichment, and negligent misrepresentation claims are dismissed in full. The negligence per se claim is dismissed in part. The motion to dismiss the EFTA claim is denied. (Signed by Judge Denise L. Cote on 2/22/2023) (ate)
Download PDF
<![CDATA[
Rider et al v. Uphold HQ Inc. et al Doc. 39 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 1 of 24 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK -------------------------------------- X : : THEODORE RIDER, et al., : Plaintiffs, : -v: : : UPHOLD HQ INC., et al., : Defendants. : : -------------------------------------- X 22cv1602 (DLC) OPINION AND ORDER APPEARANCES: For plaintiffs: Karl Stephen Kronenberger Katherine E. Hollist Kronenberger Burgoyne, LLP 150 Post Street San Francisco, CA 94108 For defendants: Benjamin Delalio Bianco Caitlin R. Trow Meister Seelig & Fein LLP 125 Park Avenue, 7th fl. New York, NY 10017 DENISE COTE, District Judge: Plaintiffs bring claims on behalf of a putative nationwide class against defendant Uphold HQ Inc. (“Uphold”) and its former CEO for failing correctly to implement security protections for its customers. Defendants have moved to dismiss the complaint in its entirety pursuant to Rule 12(b)(6), Fed. R. Civ. P. Defendants’ motion is granted in part. Dockets.Justia.com Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 2 of 24 Background The following facts are derived from the first amended class action complaint (“FAC”) and are assumed to be true. Uphold is a cryptocurrency exchange that enables users to transfer, purchase, trade, hold, and sell cryptocurrencies on its platform. Defendant J.P. Thierot was Uphold’s CEO from September 2018 through December 2021. When Uphold users create an account, they are required to set up two-factor authentication (“2FA”). 2FA provides an extra layer of security for online accounts beyond just a username and password. Upon log in, a 2FA transaction requires the use of an authentication server, which sends a unique code to the device the user has identified for 2FA (the “Device”). then confirm their identity from their Device. The user must Thus, a 2FA security measure works to protect a user’s account from unauthorized access in the event the user’s email and/or password have been compromised because the account can only be accessed by an individual that also has possession of the Device. The plaintiffs are a putative class of current and former customers of Uphold who had their Uphold accounts accessed by unauthorized actors. Plaintiffs allege that Uphold failed to 2 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 3 of 24 implement 2FA correctly, which allowed unauthorized users to designate new Devices using only the customer’s email address and password (and, importantly, without access to the account’s original Device). The FAC alleges that this flaw in Uphold’s 2FA system continued from at least July 2020, until June 16, 2022, when Uphold updated its platform. The update removed the feature which had allowed a redesignation of a user’s Device without additional identity verification. Plaintiffs further allege that defendants misrepresented the scope of Uphold’s security protocols and responsiveness –including that it was compliant with requirements set by the Payment Card Industry Security Standards Council (“PCI DSS”), and that it provided year-round security monitoring for customer accounts to respond immediately to any detected threat. Plaintiffs have suffered the loss of their cryptocurrency savings and personal and financial information stored in their Uphold accounts. Plaintiffs spent time handling the consequences of the data breach and report emotional distress. Plaintiffs brought this action against defendants on February 25, 2022. On July 11, plaintiffs filed their first amended complaint. This action was reassigned to this Court on 3 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 4 of 24 August 17. 2. 1 The defendants moved to dismiss the FAC on September The motion became fully submitted on October 14. Discussion The FAC asserts one federal cause of action and eight state law claims. The federal claim is brought under the Electronic Fund Transfer Act (“EFTA”). The state law claims are for negligence, gross negligence, negligence per se, and negligent misrepresentation as against both named defendants, and violation of New York General Business Law (“GBL”) § 349, breach of contract, breach of warranty, and unjust enrichment as against defendant Uphold. The defendants have moved to dismiss for failure to state a claim pursuant to Fed. R. Civ. P. 12(b)(6). In order to state a claim and survive a motion to dismiss, “[t]he complaint must plead ‘enough facts to state a claim to relief that is plausible on its face.’” Green v. Dep't of Educ. of N.Y., 16 F.4th 1070, 1076–77 (2d Cir. 2021) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). “A claim has facial plausibility when the plaintiff pleads factual content 1 In response to the motion, the plaintiffs were given a chance to amend the FAC and warned that another opportunity to amend was unlikely. The plaintiffs chose not to amend the FAC. 4 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 5 of 24 that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. 662, 678 (2009). Ashcroft v. “In determining if a claim is sufficiently plausible to withstand dismissal,” a court “accept[s] all factual allegations as true” and “draw[s] all reasonable inferences in favor of the plaintiffs.” Melendez v. City of New York, 16 F.4th 992, 1010 (2d Cir. 2021) (citation omitted). I. Electronic Fund Transfer Act Uphold moves to dismiss the claim for violation of the EFTA on the ground that the EFTA applies by its terms to transfers of “funds” and cryptocurrency does not constitute funds. The defendants’ argument fails. The EFTA “provide[s] a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund transfer systems.” 15 U.S.C. § 1693(b). The EFTA conferred upon the Federal Reserve Board (the “Board”), and now the Consumer Financial Protection Bureau (the “CFPB”), the authority and responsibility to “prescribe regulations to carry out the purposes” of the Act. 15 U.S.C. § 1693b(a). The Board and the CFPB have promulgated administrative regulations, codified at 12 C.F.R. § 205 (“Regulation E”). 5 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 6 of 24 Regulation E states, in relevant part, (b) Content of disclosures. A financial institution shall provide the following disclosures, as applicable: (1) Liability of consumer. A summary of the consumer's liability, under § 1005.6 or under state or other applicable law or agreement, for unauthorized electronic fund transfers. (2) Telephone number and address. The telephone number and address of the person or office to be notified when the consumer believes that an unauthorized electronic fund transfer has been or may be made. 12 C.F.R. § 1005.7(b). These regulations “appl[y] to any electronic fund transfer that authorizes a financial institution to debit or credit a consumer's account.” 12 C.F.R. § 1005.3. The EFTA contains several definitions relevant to these provisions. The term “electronic fund transfer” means: [A]ny transfer of funds, other than a transaction originated by check, draft, or similar paper instrument, which is initiated through an electronic terminal, telephonic instrument, or computer or magnetic tape so as to order, instruct, or authorize a financial institution to debit or credit an account. 15 U.S.C. § 1693a(7) (emphasis added). Further, “financial institution,” is defined as “a State or National bank, a State or Federal savings and loan association, a mutual savings bank, a State or Federal credit union, or any other person who, directly or indirectly, holds an account belonging to a consumer.” 15 U.S.C. § 1693a(9) (emphasis added). 6 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 7 of 24 “Statutory interpretation always begins with the plain language of the statute, which [a court] consider[s] in the specific context in which that language is used, and the broader context of the statute as a whole.” In re Ames Dept. Stores, Inc., 582 F.3d 422, 427 (2d Cir. 2009) (citation omitted). “Where the statute’s language is plain, the sole function of the courts is to enforce it according to its terms.” United States v. Hasan, 586 F.3d 161, 167 (2d Cir. 2009) (citation omitted). The statutory language at issue here is clear. Uphold is a financial institution, as defined by the EFTA, because it “holds an account belonging to a consumer.” 15 U.S.C. § 1693a(9). As alleged in the FAC, Uphold directly maintains consumer accounts which enable its users “to transfer, purchase, trade, hold, and sell various cryptocurrencies on its platform.” Uphold also engages in “electronic fund transfers,” as that term is defined in the EFTA. Because Uphold’s electronic transfers of cryptocurrencies “debit or credit a [user’s] account,” 15 U.S.C. § 1693a(7), the crux of this analysis hinges on whether cryptocurrencies constitute “funds” under the EFTA. The EFTA does not define the term “funds.” “When a term goes undefined in a statute,” courts give the term “its ordinary meaning.” Taniguchi v. Kan Pac. Saipan, Ltd., 566 U.S. 560, 566 7 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 8 of 24 (2012). Black’s Law Dictionary defines “funds” as “[a] sum of money or other liquid assets established for a specific purpose.” Black’s Law Dictionary (11th ed. 2019). “Cryptocurrency” is defined in the dictionary as “[a] digital or virtual currency that is not issued by any central authority, is designed to function as a medium of exchange, and uses encryption technology to regulate the generation of units of currency, to verify fund transfers, and to prevent counterfeiting.” Black's Law Dictionary (11th ed. 2019). Under its ordinary meaning, the term “cryptocurrency” means a digital form of liquid, monetary assets that constitute “funds” under the EFTA. See, e.g., United States v. Iossifov, 45 F.4th 899, 913-14 (6th Cir. 2022) (noting that, under a federal money laundering statute, “the term ‘funds’ encompasses any currency that can be used to pay for things. . . . Bitcoin is often used pay for things, and it may sometimes be used as a medium of exchange that is subsequently converted to currency to pay for things.”); see also United States v. Day, 700 F.3d 713, 725 (4th Cir. 2012) (“Turning to the ordinary meaning of ‘funds,’ we think the term refers to assets of monetary value that are susceptible to ready financial use.”). 8 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 9 of 24 Defendants’ argument that cryptocurrency is not “funds” under the EFTA relies on a statement the CFPB released with a 2016 Rule. But, in that release, the CFPB expressly stated that it was taking no position with respect to the application of existing statutes, like the EFTA, to virtual currencies and services. See Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth In Lending Act (Regulation Z), 81 Fed. Reg. 83934, 83978-79 (Nov. 22, 2016). It advised that, “as part of its broader administration and enforcement of the enumerated consumer financial protection statutes . . . [it] continues to analyze the nature of products or services tied to virtual currencies.” Id. In any event, ordinarily legislative history should be used only to resolve ambiguity, see United States v. Dauray, 215 F.3d 257, 264 (2d Cir. 2000), a problem not presented here. Accordingly, plaintiffs’ EFTA claim may proceed. II. New York General Business Law Section 349 Uphold moves to dismiss plaintiffs’ claims under GBL § 349 on the grounds that plaintiffs have not plausibly alleged materially deceptive or misleading conduct. New York law prohibits “deceptive acts or practices in the conduct of any business, trade, or commerce in the furnishing of any service in 9 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 10 of 24 this state.” N.Y. Gen. Bus. Law § 349(a). A plaintiff bringing a claim under this statute must allege “(1) that the defendant’s deceptive acts were directed at consumers, (2) the acts are misleading in a material way, and (3) the plaintiff has been injured as a result.” Chufen Chen v. Dunkin’ Brands, Inc., 954 F.3d 492, 500 (2d Cir. 2020) (citation omitted). Deceptive acts and practices, whether representations or omissions, are “defined objectively as acts likely to mislead a reasonable consumer acting reasonably under the circumstances.” Spagnola v. Chubb Corp., 574 F.3d 64, 74 (2d Cir. 2009) (citation omitted). Plaintiff has failed to identify any specific deceptive statement Uphold made, or the additional disclosures Uphold should have made. Plaintiff asserts that Uphold violated GBL § 349 by “misrepresenting, both by affirmative representation and by omission, the safety of its systems and services,” by “fail[ing] to give timely warnings and notices,” and by “failing to implement reasonable and appropriate security measures.” But, beyond these broad conclusory allegations, plaintiffs never specify what misrepresentations defendants made. Plaintiffs have failed to “give the defendant[s] fair notice of what the claim is and the grounds upon which it rests.” 10 Browe v. CTC Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 11 of 24 Corp., 15 F.4th 175, 202 (2d Cir. 2021) (citation omitted). Accordingly, plaintiffs’ claim for violations under the GBL are dismissed. In their opposition, plaintiffs argue that they “have identified multiple misrepresentations and omissions with specificity.” Plaintiffs point to (1) the nine separate statements referenced in paragraph 69 of the FAC; (2) Uphold’s promise to implement phone-based support for users whose accounts had become compromised; (3) Uphold’s representation to consumers that it was PCI DSS compliant; and (4) Uphold’s general representations regarding the strength of its security protocols. But plaintiffs have failed to allege how Uphold’s statements were “deceptive” in any material way or to provide any facts to suggest that Uphold’s website misled them. For instance, none of the statements to which the plaintiffs point describe the process by which customers will identify the Device to be used in 2FA, much less do so inaccurately. As such, plaintiffs’ GBL § 349 claim is insufficiently particular. Plaintiffs also argue that Uphold violated GBL § 349 based on Uphold’s alleged violations of 23 NYCRR § 200, 23 NYCRR § 500, and § 5 of the Federal Tort Claims Act (“FTCA”). The parties agree, however, that none of these statutes contains a 11 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 12 of 24 private right of action. As a result, they may not serve as predicates for § 349 claims. A plaintiff “cannot circumvent the lack of a private right of action for violation of a New York state law by pleading his claim under GBL § 349.” Broder v. Cablevision Sys. Corp., 418 F.3d 187, 199 (2d Cir. 2005) (citing Conboy v. AT & T Corp., 241 F.3d 242, 258 (2d Cir. 2001)). In Broder, the court further considered whether GBL § 349 may be used to assert a private right of action for violation of a federal law otherwise lacking one. Id. At issue was whether the New York legislature intended “to thwart Congress's intentions on a significant scale.” Id. Nevertheless, “[w]ithout deciding whether Conboy's bar on circumvention applies to all federal statutes lacking a private right of action,” the Court of Appeals held that the bar did apply to 47 U.S.C. § 543(d) because that statute did not inherently address deceptive or misleading conduct. Id. As the court later summarized, [A] GBL claim is viable where the plaintiff makes a free-standing claim of deceptiveness under GBL § 349 that happens to overlap with a possible claim under another statute that is not independently actionable, but fails where the violation of the other statute by conduct that is not inherently deceptive is claimed to constitute a deceptive practice that serves as the basis for the GBL § 349 claim. 12 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 13 of 24 Nick's Garage, Inc. v. Progressive Cas. Ins. Co., 875 F.3d 107, 127 (2d Cir. 2017) (citation omitted). Plaintiffs’ first argument, that their GBL § 349 claim can be supported by violations of 23 NYCRR § 200 and 23 NYCRR § 500, is foreclosed by Conboy. Plaintiffs next assert that defendants “violated Section 5 of the FTCA in their failure to implement reasonable security measures and in [Uphold’s] abandonment of industry standards regarding the protection of its users’ private information.” This is almost verbatim the assertion in support of plaintiffs’ GBL § 349 claim. As discussed above, such conclusory pleadings are insufficient to support a claim under GBL § 349. As such, plaintiffs have failed to plead a free-standing claim of deceptiveness based on a FTCA violation. Plaintiffs’ GBL § 349 claim is dismissed. III. Breach of Contract Uphold moves to dismiss the contract claim on the ground that plaintiffs failed to specify any contractual provision that Uphold allegedly breached. To state a claim for breach of contract under New York law, 2 a plaintiff must allege “(i) the formation of a contract between the parties; (ii) performance by the plaintiff; (iii) failure of defendant to perform; and (iv) 2 The Uphold contract’s Terms and Conditions provide that New York law governs this dispute. 13 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 14 of 24 damages.” Edwards v. Sequoia Fund, Inc., 938 F.3d 8, 12 (2d Cir. 2019) (citation omitted); see also Palmetto Partners, L.P. v. AJW Qualified Partners, LLC, 921 N.Y.S.2d 260, 264 (N.Y. App. Div. 2d Dep’t 2011). The FAC fails to specify which provision of which contract was violated. Plaintiffs only argue, in a conclusory manner, that Uphold’s “failure to properly secure their accounts” amounts to a breach of the Terms of Service and the Privacy Policy. Vague and conclusory allegations of this kind are insufficient to make out a claim for breach of contract that can survive a motion to dismiss. See Iqbal, 556 U.S. at 662. In support of their claim, plaintiffs argue “Uphold promised to consumers on its website, mobile application, promotional materials, and in its blog articles, that it was an industry leader in ensuring account security, that it was PCI DSS compliant, and that it employed numerous safeguards to protect against unauthorized account access.” And they argue that Uphold “promised that it monitored user accounts for suspicious activity and immediately suspended accounts once suspicious activity occurred, and that it would take immediate action if consumers notified it that their accounts had been breached.” These arguments do not salvage the breach of 14 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 15 of 24 contract claim. Many of the identified statements by Uphold are vague or inactionable puffery. claims at issue. Some are irrelevant to the For instance, as defendants indicate, the PCI DSS are applicable only to Uphold’s debit card offering, an offering not at issue here. Similarly, as for the last Uphold “promise,” there is no allegation that Uphold failed to respond promptly to notifications by consumers. Most significantly, plaintiffs have not identified any language in an Uphold contract representing that any security measure relevant to the claim here was in place, and thus have failed to sufficiently allege a breach. Accordingly, the claim for breach of contract must be dismissed. IV. Breach of Express and Implied Warranty Defendants move to dismiss the breach of warranty claim. In New York, express and implied warranties apply only to the sale of goods; there is no cause of action for breach of warranty in the performance of a service. See Stafford v. Int'l Harvester Co., 668 F.2d 142, 146 (2d Cir. 1981). Although “a hybrid service-sale transaction can give rise to a cause of action for breach of warranty,” it may only do so “if the sales aspect of the transaction predominates and the service aspect is merely incidental.” Id. (citation omitted). 15 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 16 of 24 Plaintiffs’ breach of warranty claim is dismissed because it is predicated on the provision of services. The FAC indicates that the transaction at issue primarily involves the provision of services, noting, for example: “Defendants’ uniform obligations relating to its cryptocurrency exchange services,” “Plaintiffs and the Class Members utilized Uphold’s service and paid Uphold’s fees,” and “the Class Members would not have used Uphold’s services.” The Terms of Service agreement itself refers only to the provision of services, and does not mention the sale of any goods. Plaintiffs do not dispute that a service contract is not subject to a breach of warranty claim. Instead, they argue that Uphold “was a seller of the goods it provided to consumers via its platform, in that it was a direct market participant engaged in selling/buying cryptocurrency to and from its own users.” The plaintiffs do not assert that they bought cryptocurrency from or sold cryptocurrency to Uphold. Regardless, it is the service aspect of the transaction that predominates in the claims brought here and in Uphold’s business more generally. Those services are not “merely incidental.” Accordingly, plaintiffs’ breach of warranty claim is dismissed. 16 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 17 of 24 V. Negligence Defendants argue that plaintiffs’ negligence claim should be dismissed because it is duplicative of their contract claim. Under New York law, “a breach of contract will not give rise to a tort claim unless a legal duty independent of the contract itself has been violated.” Bayerische Landesbank, N.Y. Branch v. Aladdin Cap. Mgmt. LLC, 692 F.3d 42, 58 (2d Cir. 2012). “Such a legal duty must spring from circumstances extraneous to, and not constituting elements of, the contract, although it may be connected with and dependent on the contract.” omitted). Id. (citation A claim for negligence that is merely a restatement “of the ‘implied’ contractual obligations asserted in the cause of action for breach of contract” must be dismissed as duplicative. Clark-Fitzpatrick, Inc. v. Long Island R. Co., 70 N.Y.2d 382, 390 (1987). Plaintiffs’ negligence claim must be dismissed as duplicative of their contract claim. The plaintiffs have identified no legal duty independent of the parties’ contractual relationship. In opposition, plaintiffs assert that their negligence claim is not duplicative because defendants also owed plaintiffs (i) “a duty to exercise care not to hand over highly 17 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 18 of 24 confidential information (including [p]laintiffs’ unique 2FA access tokens) to unauthorized users,” and (ii) “a special duty as fiduciaries.” With respect to the former, plaintiffs do not identify a source of duty that is distinct from their contract. As to the latter, the allegations in the FAC do not adequately plead the existence of a fiduciary relationship. “When parties deal at arms length in a commercial transaction, no relation of confidence or trust sufficient to find the existence of a fiduciary relationship will arise absent extraordinary circumstances.” Mid–Island Hosp., Inc. v. Empire Blue Cross & Blue Shield, 276 F.3d 123, 130 (2d Cir. 2002) (citation omitted). Accordingly, plaintiffs’ claim for negligence is dismissed as duplicative of the contract claim. VI. Gross Negligence The defendants move to dismiss the claim of gross negligence. As discussed above, a plaintiff may maintain both tort claims and contractual claims only where “an independent tort duty is present.” Bayerische Landesbank, 692 F.3d at 58. Here, the gross negligence claim arises from the same facts and seeks the same damages as the alleged breach of contract claim. Plaintiffs have alleged no duty independent of the contractual 18 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 19 of 24 duty to maintain adequate security measures. be dismissed as duplicative. As such, it must See id. VII. Unjust Enrichment Uphold moves to dismiss the claim for unjust enrichment. To sustain a claim for unjust enrichment under New York law, a plaintiff must plausibly allege “(1) that the defendant benefitted; (2) at the plaintiff’s expense; and (3) that equity and good conscience require restitution.” Myun-Uk Choi v. Tower Research Capital LLC, 890 F.3d 60, 69 (2d Cir. 2018) (citation omitted). “[U]njust enrichment is not a catchall cause of action to be used when others fail.” Inc., 18 N.Y.3d 777, 790 (2012). Corsello v. Verizon N.Y., It “is not available where it simply duplicates, or replaces, a conventional contract or tort claim.” Id. (citation omitted). A typical unjust enrichment claim is one “in which the defendant, though guilty of no wrongdoing, has received money to which he or she is not entitled.” Id. The plaintiffs do not explain how their unjust enrichment claim is distinct from their contract claim. The plaintiffs argue that Uphold profited from plaintiffs’ transaction fees, and that it would be inequitable to let Uphold keep the profit it saved by maintaining allegedly inadequate data protection 19 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 20 of 24 measures. But ultimately, the plaintiffs’ unjust enrichment claim simply repackages the same theories of harm alleged in its contract action. Accordingly, the unjust enrichment claim must be dismissed as duplicative. VIII. Negligence per se Plaintiffs base their negligence per se claim on violations of the following statutes: § 5 of the FTCA, the Bank Secrecy Act (“BSA”), the Graham-Leach-Bliley Act (“GLBA”), and the EFTA. Uphold argues that plaintiffs have failed to state a claim for negligence per se because the statutes upon which their claim is premised do not provide for a private right of action (as to the FTCA, BSA, and GLBA) 3 or are inapplicable (as to the EFTA). “In New York, the ‘unexcused omission’ or violation of a duty imposed by statute for the benefit of a particular class ‘is negligence itself.’” Chen v. United States, 854 F.2d 622, 627 (2d Cir. 1988) (quoting Martin v. Herzog, 228 N.Y. 164, 168 (1920)). The Second Circuit has not addressed whether a statute with no private right of action can support a negligence per se claim under New York law. But a decision to allow such a claim would effectively afford a private right of action that the statute does not recognize –- contravening the legislative 3 The parties agree that the FTCA, BSA, and GLBA contain no private right of action. 20 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 21 of 24 scheme. See, e.g., Toretto v. Donnelley Fin. Sols., Inc., 583 F. Supp. 3d 570, 598 (S.D.N.Y. 2022) (alleged violation of the FTCA). Accordingly, plaintiffs’ negligence per se claim for violations of the FTCA, the BSA, and the GLBA is dismissed. Plaintiffs raise for the first time in their opposition that their negligence per se claim is also based “on Defendants’ failure to obtain the required New York license for the Uphold cryptocurrency exchange.” The FAC contains no such allegation. To the extent that plaintiffs’ opposition is an attempt to amend their complaint, that effort must be denied. Lastly, defendants argue that plaintiffs’ negligence per se claim based on a violation of the EFTA may not proceed because the EFTA “does not apply to the virtual currency transactions at issue in this case.” As discussed supra, the defendants’ motion to dismiss the EFTA claim has been denied and the defendants have not challenged any other aspect of this claim. Thus, plaintiffs’ negligence per se claim based on a violation of the EFTA may proceed. IX. Negligent Misrepresentation Defendants move to dismiss the negligent misrepresentation claims. A claim for negligent misrepresentation requires the plaintiff to plead that: 21 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 22 of 24 (1) the defendant had a duty, as a result of a special relationship, to give correct information; (2) the defendant made a false representation that he or she should have known was incorrect; (3) the information supplied in the representation was known by the defendant to be desired by the plaintiff for a serious purpose; (4) the plaintiff intended to rely and act upon it; and (5) the plaintiff reasonably relied on it to his or her detriment. Hydro Invs., Inc. v. Trafalgar Power Inc., 227 F.3d 8, 20 (2d Cir. 2000). “[N]egligent misrepresentation can be maintained only when the plaintiff himself or herself relies on statements made by the defendant.” King v. Crossland Sav. Bank, 111 F.3d 251, 258 (2d Cir. 1997). As discussed in connection with the GBL § 349 claim, the FAC fails to identify any misrepresentation by Uphold. Plaintiffs have not alleged facts sufficient to support their claim for negligent misrepresentation against defendant Thieriot either. Plaintiffs have failed to identify any false representation he made that he should have known was incorrect. Plaintiffs’ vague allegations that “Thieriot adopted [Uphold’s] statements [about its security measures] and, on multiple occasions, made statements of his own on his own personal Twitter and/or YouTube accounts,” in addition to “author[ing] and/or approv[ing] of numerous articles, blog posts, and representations which appeared on the Uphold.com website,” do not identify Thieriot’s alleged misrepresentations. 22 Rather, Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 23 of 24 they constitute only vague allegations that fail to meet the pleading standard. See Tannerite Sports, LLC v. NBCUniversal News Grp., 864 F.3d 236, 251 (2d Cir. 2017). Second, plaintiffs failed to plausibly allege the requisite element of reliance. The FAC contains only conclusory allegations that plaintiffs relied on defendants’ statements, noting, for example: “[p]laintiffs and the putative class relied on Defendants’ special knowledge,” and “[j]ustifiably relying on Uphold’s misrepresentations . . . .” The FAC pleads no facts regarding whether any class member actually relied upon any specific representation, nor does it contain any allegations regarding how or when plaintiffs received, reviewed and processed the numerous statements. See Olson v. Major League Baseball, 29 F.4th 59, 76 (2d Cir. 2022) (dismissing fraud and negligent misrepresentation claims where “the FAC contained no allegation that plaintiffs saw, read, or otherwise noticed any of the actionable misrepresentations.” (citation omitted)). The plaintiffs argue in their opposition that that they are entitled to a presumption of reliance under Affiliated Ute Citizens of Utah v. United States, 406 U.S. 128 (1972). In that case, the court held that when plaintiffs allege fraud “involving primarily a failure to disclose, positive proof of 23 Case 1:22-cv-01602-DLC Document 39 Filed 02/22/23 Page 24 of 24
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
