UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK
May 23, 2006
KEISHA JONES, PLAINTIFF,
COMMERCE BANCORP, INC., JOHN DOES 1-50, AND XYZ CORPORATION, DEFENDANTS.
The opinion of the court was delivered by: Hon. Harold Baer, Jr., District Judge *fn1
OPINION & ORDER
Plaintiff pro se Keisha Jones ("Jones") originally brought this action against defendant Commerce Bancorp, Inc.*fn2 ("Commerce") in New York Supreme Court. On February 2, 2006, the defendant removed the action to this Court. Plaintiff asserts claims against Commerce for negligence, breach of fiduciary duty, intentional and negligent infliction of emotional distress, commercial bad faith, consumer fraud, and breach of contract. Plaintiff alleges that her personal identifying information was stolen and used to, inter alia,withdraw funds from her account at Commerce. Plaintiff seeks compensatory and punitive damages from Commerce for failing to prevent this fraud. Commerce now moves to dismiss the complaint pursuant to Rule 12(b)(6). For the reasons set forth below, defendant's motion is GRANTED in part and DENIED in part.
Plaintiff opened a business checking account at a Commerce branch in Manhattan in February 2004. (Comp. ¶ 13). Plaintiff was the sole authorized signor for that account. (Id. ¶ 17). In order to open her account, plaintiff provided Commerce with certain personal identifying information, including her social security number and date of birth. (Id. ¶ 15). On May 22, 2005, when her debit card was rejected at an office supply store, plaintiff discovered that funds were missing from her Commerce account. (Id. ¶ 21). Plaintiff made inquiries and learned that Commerce had several withdrawal slips on file containing the plaintiff's forged signature. (Id. ¶¶ 25 - 28). Commerce had apparently authorized these fraudulent withdrawals. (Id.) After contacting Commerce several more times, plaintiff also learned that a separate fraudulent account had been opened in her name, and that a counterfeit State Farm insurance check had been deposited in that account. (Id. ¶¶ 39-40).
On June 9, 2005, Commerce credited the fraudulently withdrawn funds (totaling $1,860.00) back to plaintiff's legitimate account. (Affidavit of Christopher J. Tucci, dated January 3, 2006 ("Tucci Aff.") ¶ 7). Plaintiff concedes that Commerce credited the stolen funds back to her authorized account, but alleges that she did not learn that Commerce had done so until July 2005. (Comp. ¶ 49). Plaintiff also alleges that she instructed Commerce to close her account in July 2005, but her instructions "were not followed." (Id. ¶¶ 50-54). According to Commerce, the account was closed on August 10, 2005. (Affidavit of Christopher J. Tucci, dated February 24, 2006 ("Tucci Reply Aff.") ¶ 2).
Plaintiff alleges that Commerce "caused the theft" of her identifying information. (Comp. ¶ 7). Plaintiff also refers to press reports from May 2005 describing a massive theft of confidential data that resulted in the arrest of four Commerce employees. (Id. ¶¶ 8-10). Plaintiff alleges that Commerce "knew of criminal activities within its . . . branch network" and "failed to mitigate [the] fraud . . .[thereby] causing [p]laintiff's identity theft. . ." (Id. ¶ 60).
Plaintiff alleges that, as a result of the fraudulent withdrawals from her account, a monthly business insurance premium that had been debited automatically from her account was "returned unpaid" and that the "policy was subsequently canceled for non-payment." (Id. ¶¶ 42-43). Plaintiff further alleges that, as a result of Commerce's actions (or inaction) she has "lost income, substantial lines of credit, [and] her investment in [her] business[.]"*fn3 (Id. ¶ 78). Plaintiff asserts that she has spent "an unprecedented number of hours . . . screening harassing calls from creditors . . . [and attempting] to mitigate [the] fraud. . ." (Id. ¶ 77). Plaintiff also alleges that she has endured severe mental anguish as a result of this ordeal. (Id. ¶ 76).
"To establish a prima facie case of negligence, a plaintiff must establish the existence of a duty owed by a defendant to the plaintiff, a breach of that duty, and that such breach was the proximate cause of injury to the plaintiff." Alvino v. Lin, 300 A.D.2d 421 (N.Y. App. Div. 2nd Dep't 2002). In Daly v. Metropolitan Life Insurance Co., 782 N.Y.S.2d 530, 532 (Sup. Ct. N.Y. Cty. 2004), plaintiff alleged that defendant Metropolitan Life Insurance Company ("Met Life") failed to safeguard her personal information. Plaintiff claimed that Met Life negligently allowed a janitor to steal plaintiff's identifying information and use that information to open several fraudulent credit accounts. Id. at 532-33. The court, noting that the case "may . . . be one of first impression in New York," denied Met Life's motion for summary judgment. Id. at 534-36. The court found that, since plaintiff had been required to provide personal identifying information to Met Life in order to obtain life insurance, and since Met Life had represented that it would safeguard that information, "Met Life had a duty to protect the [plaintiff's] confidential personal information . . ." Id. at 535.
Here, plaintiff has alleged that she provided certain personal information to Commerce in order to open her account. (Comp. ¶ 15). She has also alleged that Commerce "warranted to their customers generally, and to [plaintiff] in particular, that account information would be safeguarded and limited to authorized parties." (Id. ¶ 20). These allegations are sufficient to establish a duty by Commerce to protect plaintiff's personal information.
However, Commerce argues that plaintiff has not alleged that she suffered any damages as a result of Commerce's alleged negligence. As set forth above, plaintiff concedes that Commerce replaced the funds that were fraudulently withdrawn from her account. Nonetheless, plaintiff does allege that a business insurance policy was cancelled as a result of the fraudulent withdrawals, that she lost income from her business, and that she spent an inordinate amount of her time attempting to remedy the fraud that was perpetrated upon her. (Comp. ¶¶ 42-43, 76-78).*fn4 These allegations are sufficient to satisfy the element of damages. Furthermore, in her affidavit in opposition to defendant's motion to dismiss, plaintiff alleges that her credit rating was adversely affected, that a fraudulent utility account was opened in her name, that she has received fraudulent cell phone bills, that a fraudulent loan was drawn in her name from HSBC Bank, and that a fraudulent tax return was filed on her behalf. (Affidavit of Keisha Jones, dated January 27, 2006 ("Jones Aff.") ¶¶ 23-33, Exs. 20-21).
Commerce argues that it cannot be held responsible for any losses stemming from the theft of plaintiff's identity because plaintiff has not specifically alleged that Commerce's employees or agents were responsible for the theft of her identifying information. However, plaintiff does allege that Commerce "caused the theft" of her identifying information and that Commerce "knew of criminal activities within its . . . branch network" and "failed to mitigate [the] fraud . . . causing [her] identity theft. . ." (Comp. ¶¶ 7, 60). After oral argument, Commerce submitted a supplemental affidavit stating that plaintiff's personal information was not "implicated" in the massive data theft perpetrated by certain Commerce employees. (Affidavit of Christopher J. Tucci, dated April 19, 2006 ("Supp. Tucci Aff.") ¶ 3).*fn5 However, even if this proves true, plaintiff may still be able to prove some (albeit minimal) damages stemming from Commerce's allegedly negligent failure to prevent the fraudulent withdrawals from plaintiff's legitimate account. In any case, at this stage I must accept plaintiff's allegations as true, and therefore cannot credit Commerce's factual assertions. In addition, since plaintiff is proceeding pro se, I must construe her allegations liberally. Thus, plaintiff has adequately alleged that: 1) Commerce negligently failed to prevent the theft of her identifying information and/or negligently failed to prevent the fraudulent withdrawals from her checking account; and 2) Commerce's negligence was the proximate cause of (at least some of) her injuries.
B. Breach of Fiduciary Duty
"[A] fiduciary duty arises, even in a commercial transaction, where one party reposed trust and confidence in another who exercises discretionary functions for the party's benefit or possesses superior expertise on which the party relied." Daly, 782 N.Y.S.2d at 535 (internal quotation omitted). See also Wiener v. Lazard Freres & Co., 241 A.D.2d 114, 122 (N.Y. App. Div. 1st Dep't 1998) (to find existence of fiduciary duty "a court will look to whether a party reposed confidence in another and reasonably relied on the other's superior expertise or knowledge"). However, "the usual relationship of a bank and its customer is not a fiduciary one, but rather one of creditor and debtor." Republic Nat'l Bank v. Hales, 75 F. Supp. 2d 300, 316-17 (S.D.N.Y. 1999). "As a general matter, an arms' length lender-borrower or creditor-debtor contractual relationship may not give rise to a fiduciary obligation on the part of the lender or creditor." Wiener, 241 A.D.2d at 122.
Nonetheless, in Daly the court noted that plaintiff's claim for failure to safeguard identifying information was "similar to . . . [a] cause of action for breach of [the] fiduciary duty of confidentiality" that often arises in the context of physician-patient relationships. Daly, 782 N.Y.S.2d at 535. The court noted that, while the fiduciary duty of confidentiality had not previously been applied to commercial transactions, it may be appropriate to imply such a duty in certain circumstances. Id. Here, plaintiff was required to provide certain information to Commerce to open her account, and Commerce represented that it would safeguard that information. (Comp. ¶¶ 15-16, 20; See also "Booklet with Deposit Rules, Regulations , Disclosures and Privacy Notice," Ex. "22"*fn6 to the Jones Aff., at 26 ("[t]rust, privacy and confidentiality are the guiding principles upon which Commerce's relationship with [its customers] is built . . . . [Commerce] maintains physical, electronic, and procedural safeguards . . . to protect [customers'] nonpublic information")). Under these circumstances, plaintiff was entitled to rely on Commerce's superior expertise to safeguard her personal confidential information. Thus, plaintiff has adequately alleged a breach of fiduciary duty.
C. Breach of Contract
In support of her claim for breach of contract, plaintiff relies on language from the pamphlet she refers to as the "Booklet with Deposit Rules, Regulations, Disclosures and Privacy Notice" apparently provided to her by Commerce. (Comp. ¶¶ 66-69; Ex. 22 to the Jones Aff.) Specifically, under the subsection labeled "business accounts," this document states that "[i]f the account is not owned by a natural person . . . then the Account Holder must provide evidence to our satisfaction of the authority of the individuals who sign the signature card to act on behalf of the Account Holder." (Comp. ¶ 66; Jones Aff., Ex. 22 at 9). This section also provides that, "[o]n any transactions involving the Account, [Commerce] may act on the instructions of the person(s) authorized . . . to act on behalf of the Account Holder." (Jones Aff., Ex. 22 at 9).
Plaintiff argues that, since she was the sole authorized signor for the account (see comp. ¶ 17), Commerce breached this "contract" by allowing other unidentified individuals to make fraudulent withdrawals from her account. It is unclear whether these terms were intended to prevent Commerce from processing unauthorized transactions. However, Commerce does not argue for an alternative interpretation of the "contract." Rather, Commerce asserts that, since it replaced the funds wrongfully withdrawn, plaintiff can not allege any damages flowing from this supposed breach. I disagree. Plaintiff may be able to prove some (albeit minimal) damages stemming from her inability to access her funds for several weeks prior to their restoration by Commerce. Therefore, construing plaintiff's pro se allegations liberally (as I must), plaintiff has adequately plead a claim for breach of contract.
D. Negligent and Intentional Infliction of Emotional Distress
"[R]ecovery for purely emotional damages is extremely limited." Ornstein v. New York City Health & Hospitals Corp., 806 N.Y.S.2d 566, 568 (App. Div. 1st Dep't 2006). With limited exceptions, such claims "generally must be premised upon the breach of a duty owed to [the] plaintiff which either unreasonably endangers the plaintiff's physical safety, or causes the plaintiff to fear for his or her own safety." Sheila C. v. Povich, 11 A.D.3d 120, 130 (N.Y. App. Div. 1st Dep't 2004). In any case, "a cause of action for either intentional or negligent infliction of emotional distress must be supported by allegations of conduct by the defendants 'so outrageous in character, and so extreme in degree, as to go beyond all possible bounds of decency, and to be regarded as atrocious, and utterly intolerable in a civilized community.'" Id. at 130-31 (quoting Murphy v. American Home Products Corp., 58 N.Y.2d 293, 303 (Ct. App. 1983)). Even accepting plaintiff's allegations as true, plaintiff has alleged no outrageous conduct on the part of Commerce. At most, Commerce negligently failed to prevent the theft of plaintiff's identifying information, and/or failed to prevent certain individuals from making unauthorized withdrawals from plaintiff's account. While plaintiff also alleges that Commerce was not adequately responsive to her inquiries after the incident, this behavior does not constitute the extreme conduct necessary to plead a tort predicated on emotional harm. Therefore, plaintiff's claims for intentional and negligent infliction of emotional distress must be dismissed.
E. Commercial Bad Faith
A claim for commercial bad faith lies "[w]here a depositary bank acts dishonestly--where it has actual knowledge of facts and circumstances that amount to bad faith, thus itself becoming a participant in a fraudulent scheme. . ." Prudential-Bache Securities, Inc. v. Citibank, N.A., 73 N.Y.2d 263, 275 (Ct. App. 1989). However, "an employer may not be held accountable . . . for the conduct of employees who, while ostensibly acting for their employer, in fact totally abandon the employer's interests and act entirely for their own or others' purposes." Id. at 276. While plaintiff has alleged that Commerce was negligent, plaintiff has not alleged that Commerce became a participant in any scheme to defraud. Therefore, plaintiff's claim for commercial bad faith must be dismissed.
F. Consumer Fraud
Plaintiff appears to assert a claim for "consumer fraud" and/or deceptive business practices. (Comp. ¶ 72; Jones Aff. ¶ 12). A claim for deceptive business practices requires an allegation that a particular practice was materially deceptive or misleading and that the plaintiff relied on that practice to her detriment. See N.Y. Gen. Bus. Law § 349; Stutman v. Chemical Bank, 260 A.D.2d 272, 273 (N.Y. App. Div. 1st Dept. 1999). Plaintiff has not alleged a deceptive practice by Commerce, rather plaintiff has alleged that Commerce was negligent and failed to adequately enforce its own privacy policies. Indeed, plaintiff has failed to allege any fraud by Commerce. Therefore, this claim must be dismissed.*fn7
G. Substitution of Named Defendant
Defendant requests that Commerce Bank, N.A., a subsidiary of Commerce Bancorp, Inc. be substituted as the named defendant in this action since Commerce Bank, N.A. "owns and operates the branch banks at which the alleged transactions" occurred. (Tucci Reply Aff. ¶ 3). In response, plaintiff requests that she be permitted to add Commerce Bank, N.A. as an additional defendant, based on her assertion that "Commerce Bancorp, Inc. controls and/or is privy to information from Commerce Bank, N.A." (Jones Aff. ¶ 1). Because it appears that Commerce Bank, N.A. is in fact the proper party to this action, and since plaintiff will suffer no apparent prejudice as a result of the substitution, I will grant the defendant's request and substitute Commerce Bank, N.A. as named defendant. If, at a later date, it appears that Commerce Bancorp, Inc. may in fact be liable for any harm suffered by the plaintiff, plaintiff will be permitted to amend her complaint to add Commerce Bancorp., Inc. as an additional defendant.
For the reasons set forth above, defendant's motion to dismiss is GRANTED with respect to plaintiff's claims for negligent and intentional infliction of emotional distress, commercial bad faith, and consumer fraud. Defendant's motion to dismiss is DENIED with respect to plaintiff's claims for negligence, breach of fiduciary duty and breach of contract. The Clerk of the Court is directed to remove "Commerce Bancorp, Inc." from the caption and add "Commerce Bank, N.A." as the sole named defendant. The parties shall continue to engage in discovery and the deadlines set forth in the Pretrial Scheduling Order dated April 7, 2006 remain in effect. This case will be tried in October 2006. The Clerk of the Court is directed to close this motion and remove it from my docket.