Chipotle joins growing list of merchants who claim they are not responsible for their actions

Another day, another data breach, another lawsuit and another motion to dismiss it by merchants who argue that they have no legal obligation to protect the information of consumers who frequent their establishment or to pay for the foreseeable damages their negligence causes to credit unions and banks.

The latest example of this never-ending cycle comes in the form of a well drafted response by Bellwether Community Credit Union and Alcoa Community Credit Union in opposition to Chipotle Mexican Grill’s motion to dismiss a data breach lawsuit brought by the credit unions. This lawsuit stems from a March 17th hack of Chipotle’s point of sale systems that the credit unions allege affected more than 2,200 of the restaurants nationwide.

What makes this lawsuit intriguing to yours truly is that in addition to the standard arguments, the credit unions are arguing that the restaurant’s conduct violated the Defend Trade Secrets Act of 2016(15 USC 1831). This Act makes it illegal for a company to intentionally “convert a trade secret, that is related to a product or service used in or intended for use in interstate or foreign commerce, to the economic benefit of anyone other than the owner thereof, and intending or knowing that the offense will, injure any owner of that trade secret.”


continue reading »