The opinion of the court was delivered by: Linares, District Judge.
This matter comes before the Court on Defendant's motion to dismiss Plaintiffs' complaint pursuant to Federal Rules of Civil Procedure 12(b)(1), (b)(6), and 9(b). The Court has considered the submissions made in support of and in opposition to the motion and decides this matter without oral argument pursuant to Rule 78 of the Federal Rules of Civil Procedure. For the reasons set for below, Defendant's motion to dismiss is granted.
Ceridien Corporation ("Ceridien") is a payroll processing firm with its principal place of business in Bloomington, MN. Complaint ("Compl.") ¶¶ 3, 7. To provide services to its customers, which are employers, Ceridien comes into possession of information necessary for it to process the employers' payroll. This information may include, among other information, the names of employees and their addresses, social security numbers, dates of birth, and in some instances, bank account information. Compl. ¶¶ 7-8. Plaintiffs Kathy Reilly and Patricia Pluemacher ("Plaintiffs") bring suit on behalf of themselves and the proposed Class Members*fn1 .
Plaintiffs allege they were employees of Brach Eichler until September 2003. Ceridien entered into a contract with their employer (and the employers of the proposed Class Members) to provide payroll processing services. Compl. ¶¶ 12, 49.
On or about December 22, and 23, 2009, Defendant suffered a security breach of its system whereby an unknown hacker accessed Ceridien's Powerpay system and potentially gained access to certain confidential personal and financial information of Plaintiffs and approximately 27,000 other employees working at 1,900 companies nationwide. Compl. ¶¶ 11, 14 (emphasis added).
On or about January 29, 2010, Ceridien sent letters to employees of certain employer-customers for which Ceridien provides or provided payroll processing services informing them that "some of your personal information may have been illegally accessed by an unauthorized hacker." Compl., Ex. A. Ceridien further notified them "that the information accessed included your first name, last name, social security number and, in several cases, birth date and/or bank account that is used for direct deposit." Compl., Ex. A.
As a result of the breach, Ceridien arranged to provide the affected individuals, free of charge, one year of credit monitoring and identity theft protection through Equifax Credit Watch Silver. Compl., Ex. A. The employees had until April 30, 2010 to enroll in the free program, and Ceridien included in its letter instructions regarding how to enroll. Plaintiffs do not indicate whether they enrolled in the free credit monitoring and identity theft protection program offered by Ceridien through Equifax. They allege that the program offered by Ceridien was "inadequate." Compl. ¶ 19.
Plaintiffs further allege that Ceridien unnecessarily kept Plaintiffs' and the proposed Class Members' personal and financial information for years after they were employed by the subject employers. Plaintiffs in this case both had last worked for the subject employer Brach Eichler in September 2003. Plaintiffs also allege the Ceridien suffered a security breach in 2007. Compl. ¶¶ 12-13.
Plaintiffs filed a Complaint on October 7, 2010 alleging negligence, breach of contract, breach of the covenants of good faith and fair dealing, consumer fraud, and violation of the New Jersey Theft Prevention Act ("TPA"), N.J.S.A. 56:11-44, et seq. and New Jersey Consumer Fraud Act ("CFA"), N.J.S.A. 56:8-19 et seq. by Defendant. Plaintiffs seek, inter alia, compensatory, consequential, and punitive damages, treble damages and attorney's fees pursuant to all applicable statutes including but not limited to the CFA. In addition to the aforementioned requests for relief and others, Plaintiffs also seek: (1) the provision on credit monitoring and/or credit card monitoring services for the proposed Class for at least ten years; (2) the provision of bank monitoring and/or bank monitoring services for the proposed Class for at least ten years; (3) the provision of credit restoration services for the proposed Class for at least ten years; and (4) the provision of identity theft insurance for the proposed Class for at least ten years.
Defendant filed the instant motion to dismiss on December 15, 2010 pursuant to Federal Rules of Civil Procedure 12(b)(1), 12(b)(6), and 9(b).
Under Fed. R. Civ. P. 12(b)(1), a court must grant a motion to dismiss if it lacks subject- matter jurisdiction to hear a claim.Standing is a jurisdictional matter and thus "a motion to dismiss for want of standing is also properly brought pursuant to Rule 12(b)(1)." Ballentine v. United States, 486 F.3d 806, 810 (3d Cir. 2007). A 12(b)(1) motion to dismiss may be treated as either a "facial or factual challenge to the court's subject matter jurisdiction." Gould Electronics Inc. v. U.S., 220 F.3d 169, 176 (3d Cir. 2000). Under a facial attack, the movant challenges the legal sufficiency of the claim and the Court considers only "the allegations of the complaint and documents referenced therein and attached thereto in the light most favorable to the plaintiff." Id. In reviewing a factual attack, however, the challenge is to the actual alleged jurisdictional facts. Thus, a court is free in that instance to ...