The opinion of the court was delivered by: Hon. Harold Baer, Jr., District Judge *fn1
Plaintiff pro se Keisha Jones ("Jones") originally brought this action against defendant Commerce Bancorp, Inc.*fn2 ("Commerce") in New York Supreme Court. On February 2, 2006, the defendant removed the action to this Court. Plaintiff asserts claims against Commerce for negligence, breach of fiduciary duty, intentional and negligent infliction of emotional distress, commercial bad faith, consumer fraud, and breach of contract. Plaintiff alleges that her personal identifying information was stolen and used to, inter alia,withdraw funds from her account at Commerce. Plaintiff seeks compensatory and punitive damages from Commerce for failing to prevent this fraud. Commerce now moves to dismiss the complaint pursuant to Rule 12(b)(6). For the reasons set forth below, defendant's motion is GRANTED in part and DENIED in part.
Plaintiff opened a business checking account at a Commerce branch in Manhattan in February 2004. (Comp. ¶ 13). Plaintiff was the sole authorized signor for that account. (Id. ¶ 17). In order to open her account, plaintiff provided Commerce with certain personal identifying information, including her social security number and date of birth. (Id. ¶ 15). On May 22, 2005, when her debit card was rejected at an office supply store, plaintiff discovered that funds were missing from her Commerce account. (Id. ¶ 21). Plaintiff made inquiries and learned that Commerce had several withdrawal slips on file containing the plaintiff's forged signature. (Id. ¶¶ 25 - 28). Commerce had apparently authorized these fraudulent withdrawals. (Id.) After contacting Commerce several more times, plaintiff also learned that a separate fraudulent account had been opened in her name, and that a counterfeit State Farm insurance check had been deposited in that account. (Id. ¶¶ 39-40).
On June 9, 2005, Commerce credited the fraudulently withdrawn funds (totaling $1,860.00) back to plaintiff's legitimate account. (Affidavit of Christopher J. Tucci, dated January 3, 2006 ("Tucci Aff.") ¶ 7). Plaintiff concedes that Commerce credited the stolen funds back to her authorized account, but alleges that she did not learn that Commerce had done so until July 2005. (Comp. ¶ 49). Plaintiff also alleges that she instructed Commerce to close her account in July 2005, but her instructions "were not followed." (Id. ¶¶ 50-54). According to Commerce, the account was closed on August 10, 2005. (Affidavit of Christopher J. Tucci, dated February 24, 2006 ("Tucci Reply Aff.") ¶ 2).
Plaintiff alleges that Commerce "caused the theft" of her identifying information. (Comp. ¶ 7). Plaintiff also refers to press reports from May 2005 describing a massive theft of confidential data that resulted in the arrest of four Commerce employees. (Id. ¶¶ 8-10). Plaintiff alleges that Commerce "knew of criminal activities within its . . . branch network" and "failed to mitigate [the] fraud . . .[thereby] causing [p]laintiff's identity theft. . ." (Id. ¶ 60).
Plaintiff alleges that, as a result of the fraudulent withdrawals from her account, a monthly business insurance premium that had been debited automatically from her account was "returned unpaid" and that the "policy was subsequently canceled for non-payment." (Id. ¶¶ 42-43). Plaintiff further alleges that, as a result of Commerce's actions (or inaction) she has "lost income, substantial lines of credit, [and] her investment in [her] business[.]"*fn3 (Id. ¶ 78). Plaintiff asserts that she has spent "an unprecedented number of hours . . . screening harassing calls from creditors . . . [and attempting] to mitigate [the] fraud. . ." (Id. ¶ 77). Plaintiff also alleges that she has endured severe mental anguish as a result of this ordeal. (Id. ¶ 76).
"To establish a prima facie case of negligence, a plaintiff must establish the existence of a duty owed by a defendant to the plaintiff, a breach of that duty, and that such breach was the proximate cause of injury to the plaintiff." Alvino v. Lin, 300 A.D.2d 421 (N.Y. App. Div. 2nd Dep't 2002). In Daly v. Metropolitan Life Insurance Co., 782 N.Y.S.2d 530, 532 (Sup. Ct. N.Y. Cty. 2004), plaintiff alleged that defendant Metropolitan Life Insurance Company ("Met Life") failed to safeguard her personal information. Plaintiff claimed that Met Life negligently allowed a janitor to steal plaintiff's identifying information and use that information to open several fraudulent credit accounts. Id. at 532-33. The court, noting that the case "may . . . be one of first impression in New York," denied Met Life's motion for summary judgment. Id. at 534-36. The court found that, since plaintiff had been required to provide personal identifying information to Met Life in order to obtain life insurance, and since Met Life had represented that it would safeguard that information, "Met Life had a duty to protect the [plaintiff's] confidential personal information . . ." Id. at 535.
Here, plaintiff has alleged that she provided certain personal information to Commerce in order to open her account. (Comp. ¶ 15). She has also alleged that Commerce "warranted to their customers generally, and to [plaintiff] in particular, that account information would be safeguarded and limited to authorized parties." (Id. ¶ 20). These allegations are sufficient to establish a duty by Commerce to protect plaintiff's personal information.
However, Commerce argues that plaintiff has not alleged that she suffered any damages as a result of Commerce's alleged negligence. As set forth above, plaintiff concedes that Commerce replaced the funds that were fraudulently withdrawn from her account. Nonetheless, plaintiff does allege that a business insurance policy was cancelled as a result of the fraudulent withdrawals, that she lost income from her business, and that she spent an inordinate amount of her time attempting to remedy the fraud that was perpetrated upon her. (Comp. ¶¶ 42-43, 76-78).*fn4 These allegations are sufficient to satisfy the element of damages. Furthermore, in her affidavit in opposition to defendant's motion to dismiss, plaintiff alleges that her credit rating was adversely affected, that a fraudulent utility account was opened in her name, that she has received fraudulent cell phone bills, that a fraudulent loan was drawn in her name from HSBC Bank, and that a fraudulent tax return was filed on her behalf. (Affidavit of Keisha Jones, dated January 27, 2006 ("Jones Aff.") ¶¶ 23-33, Exs. 20-21).
Commerce argues that it cannot be held responsible for any losses stemming from the theft of plaintiff's identity because plaintiff has not specifically alleged that Commerce's employees or agents were responsible for the theft of her identifying information. However, plaintiff does allege that Commerce "caused the theft" of her identifying information and that Commerce "knew of criminal activities within its . . . branch network" and "failed to mitigate [the] fraud . . . causing [her] identity theft. . ." (Comp. ¶¶ 7, 60). After oral argument, Commerce submitted a supplemental affidavit stating that plaintiff's personal information was not "implicated" in the massive data theft perpetrated by certain Commerce employees. (Affidavit of Christopher J. Tucci, dated April 19, 2006 ("Supp. Tucci Aff.") ¶ 3).*fn5 However, even if this proves true, plaintiff may still be able to prove some (albeit minimal) damages stemming from Commerce's allegedly negligent failure to prevent the fraudulent withdrawals from plaintiff's legitimate account. In any case, at this stage I must accept plaintiff's allegations as true, and therefore cannot credit Commerce's factual assertions. In addition, since plaintiff is proceeding pro se, I must construe her ...