Optiv Security Inc. v. IHeartmedia Management Services, Inc., No. 5:2020cv01273 - Document 46 (W.D. Tex. 2021)
Court Description: ORDER GRANTING 20 Motion to Dismiss Counterclaims. Terminated party IHeartmedia Management Services, Inc. and Optiv Security Inc. IT IS FURTHER ORDERED that iHearts Counterclaims [#10] are DISMISSED. Signed by Judge Elizabeth S. Chestney. (rg)
Download PDF
<![CDATA[
Optiv Security Inc. v. IHeartmedia Management Services, Inc. Doc. 46 IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF TEXAS SAN ANTONIO DIVISION OPTIV SECURITY INC., Plaintiff, vs. IHEARTMEDIA MANAGEMENT SERVICES, INC., Defendant. § § § § § § § § § § SA-20-CV-01273-ESC ORDER GRANTING MOTION TO DISMISS Before the Court in the above-styled cause of action is Optiv Security Inc.’s Motion to Dismiss Counterclaims and Memorandum in Support [#20]. Defendant filed a response [#23], and Plaintiff filed a reply [#24], and the motion is ripe for review. The undersigned has authority to enter this Order pursuant to 28 U.S.C. § 636(c)(1), as all parties have consented to the jurisdiction of a United States Magistrate Judge [#15, #17, #18]. For the reasons that follow, the Court will GRANT the motion. I. Background This action arises out of a business dispute related to the delivery of cybersecurity products. Plaintiff Optiv Security, Inc. (“Optiv”), a company in the business of delivering such services, filed this action against one of its clients, Defendant iHeartMedia Management Services, Inc. (“iHeart”), alleging breach of the Master Agreement governing the ongoing relationship between the parties. According to Optiv’s Original Complaint, on March 25, 2019, iHeart agreed to purchase from Optiv three years of managed security services (“MSS”) provided by a third-party vendor, Symantec, at a price of $1.2 million to be billed annually, by signing a quote for these services. 1 Dockets.Justia.com Optiv alleges that, in reliance on this agreement, it paid Symantec upfront for the cost of all three years of services and provided iHeart with the benefit of a lower price associated with a multiyear purchase. Although iHeart paid Optiv for the first year of MSS, iHeart has refused to pay for the second and third years of service due to its dissatisfaction with the services. Optiv alleges that it performed all of its obligations under the parties’ Master Agreement and that iHeart’s failure to pay for the contracted-for MSS is a material breach of the governing contract. Optiv’s Complaint asserts causes of action for breach of contract, promissory estoppel, and unjust enrichment. iHeart filed an Answer and Counterclaim, alleging that Optiv failed to provide the services and products in accordance with the prevailing standard of care, which resulted in iHeart suffering a cybersecurity incident in January 2020 caused by a software attack deployed by hackers. iHeart alleges that Optiv’s failure to detect, prevent, address, and remedy potential malware or malicious attacks constituted a breach of the parties’ Master Agreement, and that it has lawfully exercised its right to terminate the parties’ agreement. iHeart asserts counterclaims for breach of contract, promissory estoppel, and unjust enrichment against Optiv. Optiv has now filed a motion to dismiss, arguing that the parties’ Master Agreement precludes iHeart from asserting any of its counterclaims, all of which are based on a theory of dissatisfaction with performance by Symantec, a third-party to the contract. According to Optiv, the Master Agreement provides that Symantec, not Optiv, is responsible for the quality of the MSS, and Optiv has fully performed under the contract. II. Legal Standard “To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’” Ashcroft v. Iqbal, 556 2 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. “Although a complaint “does not need detailed factual allegations,” the “allegations must be enough to raise a right to relief above the speculative level.” Twombly, 550 U.S. at 555. The allegations pleaded must show “more than a sheer possibility that a defendant has acted unlawfully.” Iqbal, 556 U.S. at 678. In reviewing a motion to dismiss under Federal Rule of Civil Procedure 12(b)(6), a court “accepts all well-pleaded facts as true, viewing them in the light most favorable to the plaintiff.” Martin K. Eby Const. Co. v. Dallas Area Rapid Transit, 369 F.3d 464, 467 (5th Cir. 2004) (internal quotation omitted). However, a Court need not credit conclusory allegations or allegations that merely restate the legal elements of a claim. Chhim v. Univ. of Tex. at Austin, 836 F.3d 467, 469 (5th Cir. 2016) (citing Iqbal, 556 U.S. at 678). In short, a claim should not be dismissed unless the court determines that it is beyond doubt that the plaintiff cannot prove a plausible set of facts that support the claim and would justify relief. See Twombly, 550 U.S. at 570. III. Scope of the Pleadings Generally, in deciding a motion to dismiss, a court may not look beyond the four corners of the plaintiff’s pleadings without converting the motion to a motion for summary judgment. Indest v. Freeman Decorating, Inc., 164 F.3d 258, 261 (5th Cir. 1999); Fed. R. Civ. P. 12(d). A court may, however, consider documents attached to the complaint and those that are central to the claims at issue and incorporated into the complaint by reference. Lone Star Fund V (U.S.), L.P. v. Barclays Bank PLC, 594 F.3d 383, 387 (5th Cir. 2010). 3 Because the Master Agreement was both attached to Optiv’s Complaint and is central to the parties’ claims, the Court may consider this contract without converting Optiv’s motion into a motion for summary judgment. For purposes of resolving Optiv’s motion, the Court has also considered the March 25, 2019 Quote signed by iHeart for Symantec MSS and the 2020 Invoice for Symantec MSS, which remains unpaid. These documents are also attached to Optiv’s pleadings and central to the parties’ claims. (2019 Quote [#1-2]; 2020 Invoice [#1-3].) Optiv asks the Court to also consider the Symantec Master Terms of Use Agreement, executed between Symantec and iHeart on March 29, 2019, which it has attached to its motion to dismiss. (Symantec Agreement [#20-1].) iHeart asks the Court to consider Optiv’s Managed Security Services Service Guide, which it has attached to its response to Optiv’s motion. (MSS Guide [#23-1]). Neither of these documents are attached to the parties’ pleadings. Although the Symantec Agreement is referenced briefly in Optiv’s Complaint (and iHeart admits to being a party to that agreement in its Answer) (Compl. [#1] at ¶ 26; Answer [#10] at ¶ 26), the Symantec Agreement is not referenced in iHeart’s Counterclaim, which is the pleading at issue in this motion to dismiss. Nor is it central to the parties’ claims of breach of the Master Agreement, which was executed between Optiv and iHeart. The Court acknowledges that the contents of the Symantec Agreement and the Service Guide may ultimately be relevant at a later stage in the proceedings. The Court finds that they are, however, not appropriate for consideration in ruling on this preliminary motion to dismiss. IV. Allegations in iHeart’s Counterclaim Having determined the scope of the record for the purposes of evaluating the merits of Optiv’s motion to dismiss, the Court accepts the following facts as true as set forth in the 4 challenged pleading (iHeart’s Counterclaim), the Master Agreement, 2019 Quote, and 2020 Invoice. Optiv and iHeart executed the Master Agreement on February 4, 2019. (Master Agreement [#1-1].) The Master Agreement consists of a one-page agreement, signed by both parties, as well as four attached exhibits and a Data Security Addendum. (Id.) Exhibit A is the “General Terms and Conditions” of the Agreement and contains the core definitions and terms of the parties’ ongoing contract. (Id. at Ex. A, 2–6.) Exhibit B is a “Consulting Services Attachment,” which governs the provision of “Services” by Optiv to iHeart but expressly “does not address terms and conditions governing Managed Security Services,” specifying that such services “will be governed by separate terms and conditions.” (Id. at Ex. B, 7–9.) Exhibit C is a “Third Party Products Attachment,” which addresses the issuance of sales quotes and “Purchase Orders” for “Products” purchased by iHeart from the “Seller” (Optiv or an affiliate).1 (Id. at Ex. C, 10.) Finally, Exhibit D is a “Managed Security Services Attachment,” governing the provision of MSS by Optiv to iHeart. (Id. at Ex. D, 11–12.) On March 25, 2019, Optiv provided iHeart with a quote for three years of Symantec MSS at a sales price of $1.2 million, plus tax, to be delivered pursuant to the Master Agreement.2 (Complaint [#1] at ¶ 7; Answer [#10] at ¶ 7; Counterclaim [#10] at ¶ 8.) iHeart signed the quote The Agreement defines “Products” as “all hardware, appliances, equipment, software, support, maintenance, services, and other products which are (i) manufactured, licensed, or provided by Vendors, and (ii) resold by Seller to Client.” (Master Agreement [#1-1] at Ex. A, ¶ 1.) “Purchase Order” is defined as “a purchase order, signed quote, or other order for Products issued by Client.” (Id.) “Vendor” means “third party manufacturers, vendors, licensors, or providers of hardware, appliances, equipment, software, support, maintenance, services, and other products.” (Id.) 2 The Master Agreement defines “Managed Services,” “Managed Security Services,” and “MSS” as “work designated by Optiv as Authorized Support, Endpoint Security, Platform Management, Co-Managed SIEM, Hosted SIEM and Vulnerability Management.” (Master Agreement [#1-1] at Ex. A, ¶ 1.) 1 5 on March 29, 2019. (Counterclaim [#10] at ¶ 9.) The quote is attached as Exhibit B to Optiv’s Complaint. (Quote [#1-2].) The quote provides: Upon iHeartMedia returning this signed quote to Optiv, Optiv will invoice iHeartMedia for the first year of Symantec MSS. Payment of invoice will be due per the net terms of the quote. Optiv will invoice iHeartMedia for the second and third years of Symantec MSS services annually following the year 1 invoice. (Quote [#1-2] at 1.) The quote describes the product quoted as “Symantec: MSS Enterprise Wide Advanced Security Monitoring Service” for Year 1, Year 2, and Year 3 for a price of $400,000 per year, plus tax. (Id. at 1–2.) iHeart paid the invoice for the first year of Symantec MSS. (Compl. [#1] at ¶ 17; Answer [#10] at ¶ 17.) The parties’ relationship soured in early 2020, however, when iHeart suffered a cybersecurity incident. (Counterclaim [#10] at ¶ 9.) According to iHeart’s Counterclaim, iHeart was targeted with a phishing email that resulted in the compromise of a user laptop in Arizona on January 8, 2020. (Id. at ¶¶ 9–11.) Neither Optiv nor Symantec identified the phishing attack, and iHeart suffered a cybersecurity incident caused by a malicious software attack deployed by hackers on January 20, 2020. (Id.) iHeart alleges that its own security team discovered the incident on January 21, 2020, and iHeart requested Optiv and Symantec provide it with prompt monitoring, prevention, and remedial action, but they failed to do so. (Id. at ¶¶ 15–20.) iHeart also contends that as a result of Optiv’s and Symantec’s alleged failure to provide these services, iHeart retained the services of other vendors, including CrowdStrike and Microsoft to manage the cybersecurity incident. (Id. at ¶ 21.) The parties and Symantec engaged in in-person meetings, along with representatives from Microsoft and Crowdstrike, to address the cybersecurity incident and various failures associated therewith. (Id. at ¶¶ 22–23.) The Microsoft and Crowdstrike representatives were 6 able to identify the software code and logs showing the cyberattack, but Symantec’s and Optiv’s representatives could not. (Id. at ¶ 25.) Thereafter, iHeart gave both oral and written notice to Optiv and Symantec that it was terminating its order for Symantec advanced security monitoring services due to alleged non-performance of the parties’ contracts and failure to detect, prevent, address, and remedy the attack. (Id. at ¶¶ 27–28.) Optiv billed iHeart for the second year of Symantec MSS on March 30, 2020, at a rate of $400,000. (2020 Invoice [#1-3].) iHeart has not paid this invoice or any amount for the second or third year of Symantec MSS and refuses to do so based on Optiv’s alleged failure to prevent, address, and remedy the 2020 security event. (Compl. [#1] at ¶ 20; Answer [#10] at ¶¶ 20–21.) The parties disagree as to which exhibits to the Master Agreement govern their dispute and the contours of their contractual relationship with respect to the Symantec MSS. iHeart’s counterclaims are premised on the theory that Exhibit D—the “Managed Security Services Contract”—applies and that Optiv’s performance under the Master Agreement must be evaluated under the warranties contained therein, one of which is for Optiv to provide services and products “in accordance with . . . the prevailing standard of care exercised by consultants in the information security industry.” (Counterclaim [#10] at ¶ 3; Master Agreement [#1-1] at Ex. D, ¶ 13.) iHeart contends that, by providing substandard MSS services, Optiv breached the parties’ contract, thereby triggering its right to terminate the Master Agreement under the contract’s termination provisions. Optiv contends that Exhibit D does not apply here because Exhibit D only applies when Optiv is providing MSS directly, not when it is reselling third-party services from a vendor like Symantec. The parties’ dispute is ripe for review. 7 V. Analysis By its motion to dismiss, Optiv asks the Court to dismiss iHeart’s counterclaims for breach of contract, promissory estoppel, and unjust enrichment, finding that the terms of the Master Agreement preclude the counterclaims. The Court agrees with Optiv that the unambiguous terms of the Master Agreement require dismissal of iHeart’s counterclaims as a matter of law. The Court will therefore grant the motion to dismiss. A. Breach of Contract Counterclaim This case involves competing claims for breach of contract and competing interpretations of the Master Agreement governing the parties’ ongoing business relationship. Because contract construction is generally decided as a matter of law, interpretation of a contract is generally suitable for disposition on a motion to dismiss for failure to state a claim upon which relief can be granted. Cruz v. CitiMortgage, Inc., No. 3:11-cv-2871-L, 2012 WL 1836095, at *2 (N.D. Tex. May 21, 2012) (citations omitted). As this case arises under the Court’s diversity jurisdiction, Texas law governs this action. See Hermann Holdings Ltd. v. Lucent Techs., Inc., 302 F.3d 552, 558 (5th Cir. 2002). Texas law also governs the construction of the parties’ Master Agreement. (Master Agreement [#1-1] at Ex. A, ¶ 9.i.) Texas law requires proof of the following elements for a breach of contract claim: (1) existence of a valid contract between the parties; (2) performance by the plaintiff as required by the contract; (3) defendant’s breach of the contract; and (4) damages suffered by the plaintiff as a result of defendant’s breach. Pathfinder Oil & Gas, Inc. v. Great Western Drilling, Ltd., 574 S.W.3d 882, 890 (Tex. 2019). Optiv’s motion to dismiss primarily focuses on the third element, arguing that the terms of the Master Agreement foreclose iHeart’s theory of breach. 8 iHeart’s theory of breach of contract is that Exhibit D of the Master Agreement required Optiv to deliver MSS services consistent with the prevailing standard of care exercised by consultants in the information security industry and that Optiv failed to do so. iHeart alleges that Optiv materially breached the parties’ Master Agreement when Optiv failed to identify, prevent, and remedy the malware activity directed at iHeart. Due to this material breach, iHeart argues it was contractually permitted to terminate its order for MSS services for cause. (See Master Agreement [#1-1] at Ex. D, ¶ 7.)3 By its termination of the MSS order, iHeart believes it is not required to complete its performance under the contract—paying for the second and third years of Symantec MSS services. At the heart of the parties’ dispute is whether or not Exhibit D governs the parties’ contractual relationship vis-à-vis the purchased Symantec MSS services. Exhibit D is the only part of the Master Agreement that contains a warranty in which Optiv covenants that “it and its employees will provide the MSS in accordance with . . . the prevailing standard of care exercised by consultants in the information security industry . . . .” (Id. at Ex. D, ¶ 13.) According to Optiv, without this warranty as part of the parties’ agreement, there could be no material breach of the Master Agreement by Optiv, and therefore, iHeart has no basis for terminating the contract. Exhibit D contains a “Termination for Cause” provision that provides “[e]ither party shall have the right to terminate the Order for cause” upon notification within 30 days of a party’s material breach and failure to cure the breach within 30 days after written notice. (Master Agreement [#1-1] at Ex. D, ¶ 7.) “If Client terminates the Order for cause for Optiv’s failure to cure, Optiv shall refund to Client the portion of any prepaid MSS fees, rounded down to the next whole month, corresponding to MSS not yet performed.” (Id.) “Termination of the Order does not release either party from any liability which, at the time of termination, has already accrued to the party.” (Id.) 3 9 Optiv maintains that the unambiguous terms of the Master Agreement and the 2019 Quote compel a finding that Exhibit D does not govern the purchase and provision of Symantec MSS services. The Court agrees. This Court’s task in construing any contract is “to ascertain the true intentions of the parties as expressed in the instrument.” J.M. Davidson, Inc v. Webster, 128 S.W.3d 223, 229 (Tex. 2003) (citation omitted). To do so, the Court “must examine and consider the entire writing in an effort to harmonize and give effect to all the provisions of the contract so that none will be rendered meaningless.” Id. (citation omitted). “No single provision taken alone will be given controlling effect; rather, all the provisions must be considered with reference to the whole instrument.” Id. (citation omitted). “If the contract is subject to two or more reasonable interpretations after applying the pertinent rules of construction, the contract is ambiguous, creating a fact issue on the parties’ intent.” Id. (citation omitted). “A contract is unambiguous if it can be given a definite or certain legal meaning.” Id. (citation omitted). “A contract is not ambiguous merely because the parties have a disagreement on the correct interpretation.” REO Indus., Inc. v. Nat’l Gas Pipeline Co. of Am., 932 F.2d 447, 453 (5th Cir. 1991) (applying Texas law). As previously noted, Exhibit D is a “Managed Security Services Attachment” to the Master Agreement. (Master Agreement [#1-1] at Ex. D, 11–12.) Optiv argues that Exhibit D, by its own terms, addresses situations where Optiv itself provides MSS to iHeart, not situations where a third party, like Symantec, provides MSS to iHeart and Optiv is acting merely as a reseller of third-party products and services. In support of this argument, Optiv directs the Court to the first two paragraphs of Exhibit D, both of which reference a separate contract—an “MSS Order”—that would be executed in the event that Optiv was the party providing the client 10 (iHeart) with MSS services. Paragraph one provides that “[t]he Managed Security Services to be performed by Optiv (“MSS”) are set forth in the MSS Order (the “Order”).” (Id. at Ex. D, ¶ 1.) Paragraph two is a specific paragraph describing “the Order”: ORDER. Optiv shall provide MSS to Client as set forth in the Order. . . . Each Order shall describe the specific MSS to be performed, service level agreements, fees, and expenses, and such other specifications as the parties mutually agree. Each Order, when fully executed, shall be deemed to incorporate all the terms and conditions herein (unless any provisions of these terms and conditions are specifically excluded or modified in the Order). (Id. at Ex. D, ¶ 2.) iHeart’s pleading does not allege that there was ever a separate contract between Optiv and iHeart for the direct provision of MSS services executed here or any document that could be construed as the MSS Order described in Exhibit D. iHeart’s counterclaims merely advance the general allegation that both Optiv and Symantec “agreed to provide MSS . . . services” to iHeart. (Counterclaim [#10] at ¶ 6.) iHeart’s pleading does not contain any supporting factual allegations regarding the circumstances of this purported agreement, and the parties’ Master Agreement and the signed 2019 Quote directly contradict the implied allegation that Optiv was engaged in the direct provision of MSS either separately or jointly with Symantec here. This Court need not credit allegations that are contradicted by documents incorporated into a party’s pleading. See Nishimatsu Const. Co. v. Houston Nat’l Bank, 515 F.2d 1200, 1206–07 (5th Cir. 1975); Residents Against Flooding v. Reinvestment Zone Number Seventeen, City of Houston, Tex., 260 F. Supp.3d 738, 757 (S.D. Tex. 2017). The Court agrees with Optiv that there is no plausible way to read the Master Agreement as an agreement between the parties for Optiv to provide MSS services to iHeart directly, such as would trigger the application of Exhibit D. Nor do any of the documents incorporated into the 11 Complaint by reference—the 2019 Quote or 2020 Invoice—pertain to MSS performed by Optiv itself. This Court finds no basis for construing the signed 2019 Quote as a purchase order for Optiv MSS, rather than a purchase order for MSS to be provided by Symantec. The Court agrees with Optiv that by its terms the 2019 Quote is for the resale of a third-party product (Symantec MSS services). The 2019 Quote specifies the product sold as “Symantec Managed Services Years 1, 2, and 3” and describes the product as “Symantec: MSS Enterprise Wide Advanced Security Monitoring Service.” (2019 Quote [#1-2] at 1–2.) The Quote further states that “[u]pon iHeartMedia returning this signed quote to Optiv, Optiv will invoice iHeartMedia for the first year of Symantec MSS.” (Id.) Nowhere in the quote is any required performance by Optiv described, other than the act of invoicing iHeart for the resold Symantec services. Similarly, the 2020 Invoice describes the product billed as “Symantec: MSS Enterprise Wide Advanced Security Monitoring Service, Initial Subscription, Year 2.” (2020 Invoice [#1-3] at 1.) The 2020 Invoice also does not contain any reference to any performance of MSS by Optiv. iHeart’s allegation that Optiv and Symantec “both agreed to provide MSS enterprise wide advanced security monitoring services” is not supported by any contractual language or any other document incorporated into the pleadings. (See Counterclaim [#10] at ¶ 6.) Per the Master Agreement, the resale of third-party products is governed by Exhibit C, the “Third Party Products Attachment,” which provides that Optiv “shall provide sales quotes for Products.” (Master Agreement [#1-1] at Ex. C, ¶ 2.) iHeart admits in its Answer that Ace Horan, an employee of iHeart, signed the 2019 Quote that Optiv provided, and the Quote in the record reflects his signature. (Answer [#10] at ¶ 9; 2019 Quote [#1-2].) Per the Master Agreement, a signed quote constitutes a “Purchase Order,” which is irrevocable once issued. 12 (See Master Agreement [#1-1] at Ex. A, ¶ 1 (defining “Purchase Order” as a “purchase order, signed quote, or other order for Products issued by Client”); id. at Ex. C, ¶ 2 (“All Purchase Orders are binding and irrevocable once issued by Client.”).) Exhibit A of the Master Agreement also contains provisions clearly stating that “[a]ll Purchase Orders for Products are non-cancellable.” (Id. at Ex. A, ¶ 2.d. (“[T]ermination of this Agreement will not affect any orders for managed or hosted services or similar services. All such orders are non- cancellable.”).) Furthermore, Exhibit C does not contain any warranty similar to that found in Exhibit D regarding the provision of MSS in accordance with the prevailing standard of care; instead, Exhibit C specifically disclaims any warranty on Optiv’s behalf, stating that “the only representations, warranties, indemnities, and other terms relating to the Products are those offered by the applicable Vendor, and Seller will have no responsibility in connection therewith . . . .” (Id. at Ex. C, ¶ 4.) The warranties provision of Exhibit C also states in all capital letters that “ALL EXPRESS AND IMPLIED WARRANTIES ARE HEREBY DISCLAIMED, INCLUDING . . . ANY OTHER OBLIGATION ON THE PART OF SELLER, WITH RESPECT TO THE PRODUCTS.” (Id.) Pursuant to the unambiguous terms of Exhibit C, iHeart’s remedy for substandard Symantec MSS services, if any, is with Symantec pursuant to the terms of a separate end-user agreement that is not at issue here.4 None of iHeart’s arguments persuade the Court to embrace a contrary interpretation or to reach the conclusion that the Master Agreement is ambiguous as to its terms. iHeart’s primary argument for why Exhibit D governs is a structural one—that the Signature Page expressly states 4 iHeart previously sought leave to amend the governing Scheduling Order to file a thirdparty complaint against Symantec in this action. The Court denied the motion on April 14, 2021, due to iHeart’s delay in seeking to bring Symantec into this action. (Order [#35].) 13 that all of the exhibits attached to the Agreement comprise the parties’ contract. Indeed, the onepage Signature Page of the Master Agreement provides: [T]he parties agree to enter into this Agreement which is composed of the following documents, all of which are made a part of this Agreement: • • • • • • This Signature Page EXHIBIT A – GENERAL TERMS AND CONDITIONS EXHIBIT B – CONSULTING SERVICES ATTACHMENT EXHIBIT C – THIRD PARTY PRODUCTS ATTACHMENT EXHIBIT D – MANAGED SECURITY SERVICES ATTACHMENT DATA SECURITY ADDENDUM (Id. at 1.) According to iHeart, because Exhibit D was attached to the Master Agreement and referenced on the parties’ Signature Page, it applies and governs the provision of MSS here. This argument proves too much. The Master Agreement plainly governs the parties’ ongoing business relationship. The fact that the Master Agreement’s Signature Page provides that all Exhibits comprise the parties’ contract does not suggest that every exhibit is relevant to every transaction between the parties, irrespective of whether Optiv is acting in its capacity as a reseller or a direct provider of services in a given instance. The recitals of the Master Agreement make this clear, stating that Optiv “provides consulting services, and also resells third party hardware, software, and other products,” and that iHeart (as Optiv’s “Client”) desires Optiv “to provide one or more of the same . . . , subject to the terms and conditions of this Agreement.” (Id. at Ex. A, ¶ 1 (emphasis added).) Nothing in the structure of the contract supports iHeart’s construction. iHeart’s other arguments are equally unpersuasive. iHeart attempts to manufacture a contractual ambiguity by arguing that the Master Agreement does not address which exhibits would apply where multiple services and products were provided and could overlap, such as the sale of Symantec MSS with the provision of support or platform management for this product by 14 Optiv. To be sure, this is iHeart’s theory, which is advanced in its Counterclaim—that Optiv and Symantec both agreed to provide MSS services and that Optiv and Symantec both represented that they “would deploy preventative and remedial actions within hours [when] a cyber-security threat was identified in order to protect iHeart’s brand and business.” (Counterclaim [#10] at ¶¶ 6–7.) Again, the problem with this theory is that it finds no support in the language of the contract or the other documents properly considered by the Court. This Court is “not constrained to accept the allegations of the complaint” when construing a contract, particularly where the contract itself contradicts those allegations. Geske v. Wells Fargo Bank, Nat’l Ass’n, No. 3:11CV-3337-L, 2012 WL 1231835, at *5 (N.D. Tex. Apr. 12, 2012) (internal quotation and citation omitted). Finally, iHeart’s remaining arguments direct the Court to documents beyond the pleadings. iHeart argues that its allegation that Optiv and Symantec were acting as co-providers of MSS is supported by statements contained in Optiv’s MSS Service Guide. But the Court has already determined this document falls outside the scope of the agreements that are proper for the Court’s consideration in resolving Optiv’s motion to dismiss. And this extracontractual document, which is best described as a promotional material, cannot alter the terms of the agreement between the parties given the Master Agreement’s integration clause and the fact that the Master Agreement does not incorporate or reference the guide as part of the contract’s terms. (See Master Agreement [#1-1] at Ex. A, ¶ 9.n (providing that the Master Agreement “contains the entire understanding between the parties with respect to the subject matter hereof and may not be changed except by a separate writing signed by both parties”).) Similarly, iHeart’s argument that the 2019 Quote casts ambiguity on the language of the Master Agreement is unavailing. iHeart contends that the Master Agreement is ambiguous 15 because the Quote states that it is subject to and governed by Optiv’s “Sales Quote Terms and Conditions” and “Data Processing Terms and Conditions,” both of which are available at http://www.optiv.com/agreements and differ in material ways from the terms of Exhibits C and D. (2019 Quote [#1-2] at 2.) iHeart does not explain what these material differences are, and these contracts are separate documents not before the Court and will not be considered here. However, even if the Court were to consider these extrinsic documents, a brief review of the “Sales Quote Terms and Conditions” indicates that the documents contain the same disclaimer of warranties as contained in Exhibit C, emphasizing that Optiv has “no responsibility in connection” with the Products at issue, which are subject to the third-party Vendor’s “end user license agreement, service level agreement, terms of use or service, or other end user agreements or documents.” (See Terms and Conditions, available at http://www.optiv.com/agreements (last visited May 24, 2021).) Exhibit C similarly provides that “Client’s use of the Products is subject to the applicable Vendor’s end user license agreement, service level agreement, terms of use or service, or other end use agreements or documents.” (Master Agreement [#1-1] at Ex. C, ¶ 4.) In summary, iHeart’s Counterclaims contain general allegations that Optiv promised to provide MSS services alongside Symantec, but the terms of the Master Agreement and the 2019 Quote unambiguously establish otherwise. The Court finds that Exhibit D of the Master Agreement does not govern the provision of Symantec MSS services, which were sold to iHeart through a transaction in which Optiv was acting as a re-seller of third-party product. The parties’ relationship in such circumstances is plainly governed by Exhibit C. This Third-Party Products Attachment disclaims all warranties by Optiv, provides that all Purchase Orders are noncancellable, and provides that the only warranties relating to the Products are those offered by 16 the third-party Vendor as set forth in the Vendor’s separate agreements, which are not at issue here. Because no similar warranty appears in Exhibit C with respect to third-party MSS, Optiv owed no duty to iHeart as to the quality of Symantec’s services and iHeart had no contractual right to terminate its agreement with Optiv based on alleged substandard MSS provided by Symantec. iHeart has therefore failed to allege a plausible breach by Optiv of the parties’ agreement based on Optiv’s failure to identify, prevent, and remedy the malware incident in January 2020. iHeart’s counterclaim for breach of contract fails as a matter of law. B. Equitable Counterclaims iHeart’s equitable counterclaims for promissory estoppel and unjust enrichment allege that Optiv promised and represented to iHeart that it would, by itself or through a vendor, detect, prevent, address, and remedy potential malware or malicious attacks on iHeart, and that iHeart relied on these promises to its detriment. (Counterclaim [#10] at ¶¶ 37–42.) iHeart further alleges that Optiv has been unjustly enriched by obtaining money and other consideration from iHeart for services that were promised but not performed. (Id. at ¶¶ 43–46.) These claims also fail as a matter of law. “A party can plead legal and equitable claims in the alternative, but only when one party disputes the existence of a contract governing the dispute.” Johnson v. Wells Fargo Bank, N.A., 999 F. Supp. 2d 919, 929 (N.D. Tex. 2014). “Generally, when a valid, express contract covers the subject matter of the parties’ dispute, there can be no recovery under a quasi-contract theory.” Fortune Prod. Co. v. Conoco, Inc., 52 S.W.3d 671, 684 (Tex. 2000). “That is because parties should be bound by their express agreements. When a valid agreement already addresses the matter, recovery under an equitable theory is generally inconsistent with the express 17 agreement.” Id.; see also Subaru of Am., Inc. v. David McDavid Nissan, Inc., 84 S.W.3d 212, 226 (Tex. 2002) (“the promissory-estoppel doctrine presumes no contract exists”). iHeart contends that its equitable claims are related to misrepresentations made by Optiv outside of the parties’ contract and these claims seek redress for conduct or omissions not covered by the Master Agreement or any of its provisions and were pleaded as an alternative basis for relief. Yet, there is a contract that governs the sale of third-party products—the Master Agreement and the terms of Exhibit C. Importantly, the Third-Party Products Attachment (Exhibit C) disclaims all warranties by Optiv. Moreover, as previously noted, Exhibit A of the Master Agreement itself contains an integration clause, providing that the Agreement “contains the entire understanding between the parties with respect to the subject matter hereof and may not be changed except by a separate writing signed by both parties.” (Master Agreement [#1-1] at Ex. A, ¶ 9.n.) Insofar as iHeart is attempting to allege that it was induced to enter into the contract by oral misrepresentations by Optiv as to the extent of its involvement in third-party MSS services, the Court declines to entertain this theory. “[A] party to a written contract cannot justifiably rely on oral misrepresentations regarding [a] contract’s unambiguous terms.” Barrow-Shaver Resources Co. v. Carrizo Oil & Gas, Inc., 590 S.W.3d 471, 498 (Tex. 2019). This rule is particularly appropriate where the parties negotiated a contract at arm’s length and were sophisticated business entities. See Forest Oil Corp. v. McAllen, 268 S.W.3d 51, 60–61 (Tex. 2008); Schlumberger Tech. Corp. v. Swanson, 959 S.W.2d 171, 179–81 (Tex. 1997). See also Prime Income Asset Mgmt. Inc. v. One Dallas Ctr. Assocs. LP, 358 Fed. App’x 569, 572 (5th Cir. 2009). 18 In summary, because the Master Agreement and Exhibit C govern the sale of Symantec MSS by Optiv to iHeart, a contract governs the parties’ dispute, and iHeart cannot rely on an equitable theory or alleged oral representations to avoid the contract’s unambiguous terms. Having considered Optiv’s motion, the response and reply thereto, the documents incorporated by reference into the pleadings, and the governing law, IT IS HEREBY ORDERED that Optiv Security Inc.’s Motion to Dismiss Counterclaims and Memorandum in Support [#20] is GRANTED. IT IS FURTHER ORDERED that iHeart’s Counterclaims [#10] are DISMISSED. SIGNED this 27th day of May, 2021. ELIZABETH S. ("BETSY") CHESTNEY UNITED STATES MAGISTRATE JUDGE 19
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
