The Text Of The Sears Lawsuit Filing
Written by Evan SchumanIN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, CHANCERY DIVISION
CHRISTINE DESANTIS, individually and ) on behalf of a class of similarly situated individuals, ) )
Plaintiff ) No.
) JURY TRIAL DEMANDED
v. )
) SEARS, ROEBUCK AND CO., ) a New York Corporation )
) Defendant )
CLASS ACTION COMPLAINT
Plaintiff Christine Desantis, on behalf of herself and a class of similarly situated
individuals, brings this action against defendant Sears, Roebuck and Co. ("Sears"). Upon
personal knowledge as to herself and her own acts and upon information and belief as to all other
matters, Desantis complains as follows:
VENUE
1. Venue is proper in Cook County because Sears resides in Cook County and
because the wrongful acts arose here.
PARTIES
2. Desantis is a resident of New Jersey.
3. Sears is an Illinois corporation with its principle place of business in Hoffman
Estates, Illinois, located in Cook County.
SEARS’S UNSECURED "MANAGEMYHOME" WEBPAGE
4. In an effort to promote its website and increase sales, Sears has established a web-based system to allow customers to view their purchase history on-line at www.managemyhome.com ("Managemyhome website").
5. Sears’s system, however, is fatally flawed and was designed in such a way as to significantly compromise the private information of its customers.
6. Sears’s system works as follows: A user goes to Managemyhome website, creates an account and logs-in. The user then need only enter in publicly-available information (such as the name, phone number and street address) of a Sears customer in order to view the customer’s history of on-line and even in-store purchases. The Managemyhome website provides detailed histories of past purchases, including model numbers, purchase dates, warranty information, and protection plans.
7. Moreover, the Managemyhome website will provide purchase history of all residents of a particular address, regardless of whether the residents are still living there. Thus, for instance, a Sears customer querying the Managemyhome website with their current address will receive not only their purchase history, but also the purchase history of prior residents at that address. Also, the Managemyhome website will provide information about third-party warranties, even where a Sears customer purchased the item only from Sears (and not the warranty).
8. The consequences of Sears’s system are staggering.
9. At the most simple level, anyone can now access Sears’s customers private purchase history, meaning that a nosy person can find out how much his neighbor spent on a new washing machine or lawnmower. More problematically, marketing companies can mine the
Managemyhome website for data about Sears customers, in order to transmit detailed
advertisements for additional products and/or warranties.
10. Most significantly, hackers can systematically access this data for much more insidious purposes. They can use the data to commit fraud by, for example, sending e-mails or making phone calls purporting to be from Sears alerting individuals to a recall of a specific product. They then can use the information they have obtained from Sears’s website to gain trust over the unsuspecting victim and obtain access to a person’s credit information, social security numbers or even a person’s house.
11. Sears has known about this problem and has, to date, done nothing to fix it.
FACTS RELATING TO THE CLASS REPRESENTATIVE
12. Plaintiff, Desantis, has been a Sears customer for years.
13. Without obtaining her consent, Sears made available her personal information on the above-described web page. That information included details about ten separate purchases she has made over the last eight years, including a refrigerator, a washing machine, and an air conditioner
14. Desantis does not know if her information has already been compromised and reasonably fears that, even if it has not been, that it will be compromised in the future.
CLASS ALLEGATIONS
15. Desantis brings this action on behalf of herself and a class of similarly situated individuals (the "Class"). The Class consists of Desantis and all other individuals whose purchase history is available to the public through the www.managemyhome.com webpage.
16. There are hundreds of thousands of members of the Class numbers in the thousands, such that joinder of all members is impracticable.
17. Common questions of law and fact exist as to all members of the Class and
predominate over questions affecting individual members of the Class. Common questions include:
(a) Does Sears’s conduct constitute a breach of contract?
(b) Does Sears’s conduct violate its fiduciary duties to the Class?
(c) Is the Class entitled to an accounting?
(d) Did Sears violate the Illinois Consumer Fraud and Deceptive Trade Practices Act?
(b) Is the Class entitled to injunctive relief?
18. Desantis will fairly and adequately protect the interests of the class, her claims are typical of the claims of the class, and she has retained counsel competent and experienced in class action litigation.
19. A class action is superior to other available methods for fairly and efficiently adjudicating this controversy because, among other things, (a) joinder of all members of the Class is impracticable, and (b) many members of the class cannot vindicate their rights by individual suits because their damages are small relative to the burden and expense of litigating individual actions.
DAMAGES
20. Desantis and the members of her class were damaged by Sears’s misconduct, inter alia, because the value of the products and services they purchased from Sears was diminished because Sears made publicly available their personal information connected to those purchases. Put simply, a dishwasher costing $1,000 is worth less than an identical dishwasher where the first purchaser’s private purchase information is made public. Nevertheless, the
aggregate amount at issue is under $5,000,000 collectively, even when factoring in the cost of
the injunctive relief and the request for attorneys’ fees. Further, no individual in the class is seeking more than $75,000 for him or herself, all types of relief included.
COUNT I (Breach of Contract)
21. Desantis incorporates by reference and realleges the foregoing allegations.
22. Implicit in Sears’s contracts is a good faith and fair dealing provision, requiring Sears to disclose whether and to what extent it makes publicly available customers’ personal information and to take reasonable steps to insure that the private information of the Class is not easily accessible by the public.
22. Not only does Sears fail to make such disclosures, it makes contrary disclosures on its website, listing the specific circumstances – none of which are germane to the instant case — under which Sears does share customer information with others. And, as detailed above, it failed to take reasonable steps to ensure that the Class’s private information was secure.
23. As a result the Class was damaged.
COUNT II (Breach of Fiduciary Duty)
24. Desantis incorporates by reference and realleges the foregoing allegations.
25. Sears’s customers place their trust and confidence in Sears by providing it with their personal information and Sears thereby gained an influence and superiority over them.
26. Sears’s breached that duty as described above, thereby damaging the class.
(Violation of the Consumer Fraud Act)
27. Desantis incorporates by reference and realleges the foregoing allegations.
28. The Consumer Fraud Act prohibits "unfair or deceptive acts or practices,"
including the "misrepresentation or the concealment, suppression or omission of any material fact, with intent that others rely upon the concealment, suppression or omission of such material fact." 815 ILCS 505/2.
29. The Act further provides that "Unfair methods of competition and unfair or deceptive acts or practices . . . are hereby declared unlawful whether any person has in fact been misled, deceived or damaged thereby. In construing this section consideration shall be given to the interpretations of the Federal Trade Commission and the federal courts relating to Section 5
(a) of the Federal Trade Commission Act. " 815 ILCS 505/2
30. On numerous occasions the Federal Trade Commission has interpreted Section 5(a) of the Federal Trade Commission Act to include the failure to disclose the potential for security breaches through a company’s website.
31. Sears’s failure to protect against and alert the Class to the possibility of security breaches was deceptive in a material way in violation of the Consumer Fraud Act.
32. Sears intended that the members of the Plaintiff Class would rely upon its deceptive conduct.
33. A reasonable person would be misled by Sears’s deceptive conduct.
34. Sears’s conduct involves trade practices directed to the market generally and otherwise implicates consumer protection concerns.
35. As a result of Sears’s misconduct, the Class was damaged.
WHEREFORE, Plaintiff prays for the following relief:
An order certifying the class as defined above;
An award of the aggregated actual damages of the members of the Class,
An injunction requiring Defendant to secure the private information it has obtained from the Class and to notify the Class of the possibility of security breaches;
An accounting to determine whether any security breaches occurred;
Reasonable Attorney’s fees and costs; and
Such further and other relief the Court deems appropriate.
JURY DEMAND
Plaintiff requests trial by jury of all claims that can be so tried Dated: January 4, 2008 CHRISTINE DESANTIS, individually and on behalf of a class of similarly situated individuals
Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code.
-Marc
