On December 11, 2014, the U.S. District Court for the Northern District of Illinois dismissed a proposed class action over a June 2014 data breach at P.F. Chang’s China Bistro, finding that no actual harm had been alleged. The court tossed a pair of consolidated complaints claiming that the restaurant chain failed to properly safeguard customer credit card data that was compromised during the breach.
The plaintiffs alleged several types of damages from the security breach, including overpayment for services, fraudulent charges on their accounts, and the increased risk of identity theft. In their opposition to a motion to dismiss, the plaintiffs argued, inter alia, that they had been harmed because they had overpaid for the products and services purchased from the company, which they claimed included the cost of sufficient data security that they did not receive. The court rejected those arguments in concluding that the plaintiffs had failed to allege any out-of-pocket losses or actual damages that would have allowed them to proceed with their claims.
According to the court, the plaintiffs had “not pled that P.F. Chang’s charged a higher price for goods whether a customer pays with credit, and therefore, that additional value is expected in the use of a credit card.” The court also stated that “speculation of future harm does not constitute actual injury. While plaintiffs allege that security breaches can lead to identity theft, they do not allege that it has occurred in this case.”
The plaintiffs filed an immediate notice of appeal to the Seventh Circuit.
The cases are Lewert v. P.F. Chang’s China Bistro Inc., No. 1:14-cv-04787, and Kosner v. P.F. Chang’s China Bistro Inc., No. 1:14-cv-04923, both in the U.S. District Court for the Northern District of Illinois.