Designer Skin LLC v. S & L Vitamins, Inc., et al.
Civic Center Motors Ltd., d/b/a White Plains Honda, et al. v. Mason Street Import Cars, Ltd. d/b/a Greenwich Honda, et al.
387 F.Supp.2d 378, 04 Civ. 8875 (SCR) (S.D.N.Y. Sept. 6, 2005)
Damages Arising Out Of Unauthorized Use Of Improperly Obtained Data Not Recoverable Under Computer Fraud And Abuse Act
Court holds that damages arising out of the use of data obtained via unauthorized access to another's computer system are not recoverable under the Computer Fraud and Abuse Act, 18 U.S.C. §1030 et seq. ("CFAA"), when the data remains available to plaintiffs after such access. As a result, the Court dismisses CFAA claims advanced by plaintiffs arising out of the alleged use of information obtained by unauthorized access to plaintiffs' confidential database by former employees to aid their new employer, one of plaintiffs' competitors.
Former Employees Improperly Access Plaintiffs' Database
Plaintiffs operate Honda auto dealerships. In an effort to increase their sales, plaintiffs created a web site which allowed prospective customers to obtain information as to both the price of plaintiffs' automobiles, and financing available for their purchase. Information concerning the prospect and his inquiry, including contact information and the price supplied, were maintained by plaintiffs in a confidential database known as Buzz Track.
Defendants Wolpo and Cruz were individuals who left plaintiffs' employ and started working for one of plaintiffs' competitors, defendant Mason Street Import Cars ("Mason Street"). Like plaintiffs, defendant Mason Street also operated a Honda auto dealership, known as Greenwich Honda.
After she left plaintiffs' employ, defendant Cruz accessed plaintiffs' Buzz Track database. Information concerning at least one prospect obtained therefrom was used by defendant Wolpo in an attempt to sell that prospect an auto from Wolpo's new employer.
Plaintiffs commenced this lawsuit, alleging that defendants' conduct violated the CFAA. Plaintiffs also asserted that this conduct constituted misappropriation of trade secrets, false advertising, tortuous interference and a deceptive business practice in violation of New York State law.
Losses Arising Out Of Defendants' Use Of Improperly Obtained Data Still Available To Plaintiffs Not Recoverable Under Computer Fraud and Abuse Act
Defendants moved to dismiss, arguing that plaintiffs had not alleged that they had sustained damages sufficient to pursue a claim under the CFAA. The Court agreed, and dismissed plaintiffs' CFAA claim.
To pursue a claim under § 1030(a)(5)(B)(i), plaintiff must have losses amounting to at least $5,000 in value during any one year period.
"Loss" is defined in Section 1030(e)(11) of the CFAA as:
Plaintiffs argued that they had sustained the requisite loss both as a result of the profits they lost as a result of defendants' improper use of the information in their database, and the damage to the value of their investment in this database arising from the disclosure of the information contained therein to a competitor.
The Court rejected this argument, noting that these were not the type of damages protected by the statute. The CFAA only protects against losses sustained as a result of computer impairment or damage. As the data, and indeed, the database, were fully operational and available to plaintiffs after defendants' unauthorized access, losses arising out of defendants' use of the data were not recoverable under the CFAA. Said the Court:
The Federal District Court accordingly dismissed plaintiffs' CFAA claim. The Court declined to exercise supplemental jurisdiction over plaintiffs' remaining state law claims, and dismissed them as well without prejudice to their assertion in a subsequent action commenced in the State courts.