advertisement
advertisement

The Text Of The Sears Lawsuit Filing

Written by Evan Schuman
January 6th, 2008

IN THE CIRCUIT COURT OF COOK COUNTY, ILLINOIS COUNTY DEPARTMENT, CHANCERY DIVISION
CHRISTINE DESANTIS, individually and ) on behalf of a class of similarly situated individuals, ) )
Plaintiff ) No.
) JURY TRIAL DEMANDED
v. )
) SEARS, ROEBUCK AND CO., ) a New York Corporation )
) Defendant )

CLASS ACTION COMPLAINT
Plaintiff Christine Desantis, on behalf of herself and a class of similarly situated
individuals, brings this action against defendant Sears, Roebuck and Co. ("Sears"). Upon
personal knowledge as to herself and her own acts and upon information and belief as to all other
matters, Desantis complains as follows:
VENUE
1. Venue is proper in Cook County because Sears resides in Cook County and
because the wrongful acts arose here.

PARTIES

2. Desantis is a resident of New Jersey.

3. Sears is an Illinois corporation with its principle place of business in Hoffman

Estates, Illinois, located in Cook County.

SEARS’S UNSECURED "MANAGEMYHOME" WEBPAGE

4. In an effort to promote its website and increase sales, Sears has established a web-based system to allow customers to view their purchase history on-line at www.managemyhome.com ("Managemyhome website").

5. Sears’s system, however, is fatally flawed and was designed in such a way as to significantly compromise the private information of its customers.

6. Sears’s system works as follows: A user goes to Managemyhome website, creates an account and logs-in. The user then need only enter in publicly-available information (such as the name, phone number and street address) of a Sears customer in order to view the customer’s history of on-line and even in-store purchases. The Managemyhome website provides detailed histories of past purchases, including model numbers, purchase dates, warranty information, and protection plans.

7. Moreover, the Managemyhome website will provide purchase history of all residents of a particular address, regardless of whether the residents are still living there. Thus, for instance, a Sears customer querying the Managemyhome website with their current address will receive not only their purchase history, but also the purchase history of prior residents at that address. Also, the Managemyhome website will provide information about third-party warranties, even where a Sears customer purchased the item only from Sears (and not the warranty).

8. The consequences of Sears’s system are staggering.
9. At the most simple level, anyone can now access Sears’s customers private purchase history, meaning that a nosy person can find out how much his neighbor spent on a new washing machine or lawnmower. More problematically, marketing companies can mine the
Managemyhome website for data about Sears customers, in order to transmit detailed
advertisements for additional products and/or warranties.
10. Most significantly, hackers can systematically access this data for much more insidious purposes. They can use the data to commit fraud by, for example, sending e-mails or making phone calls purporting to be from Sears alerting individuals to a recall of a specific product. They then can use the information they have obtained from Sears’s website to gain trust over the unsuspecting victim and obtain access to a person’s credit information, social security numbers or even a person’s house.
11. Sears has known about this problem and has, to date, done nothing to fix it.

FACTS RELATING TO THE CLASS REPRESENTATIVE
12. Plaintiff, Desantis, has been a Sears customer for years.

13. Without obtaining her consent, Sears made available her personal information on the above-described web page. That information included details about ten separate purchases she has made over the last eight years, including a refrigerator, a washing machine, and an air conditioner

14. Desantis does not know if her information has already been compromised and reasonably fears that, even if it has not been, that it will be compromised in the future.

CLASS ALLEGATIONS

15. Desantis brings this action on behalf of herself and a class of similarly situated individuals (the "Class"). The Class consists of Desantis and all other individuals whose purchase history is available to the public through the www.managemyhome.com webpage.

16. There are hundreds of thousands of members of the Class numbers in the thousands, such that joinder of all members is impracticable.

17. Common questions of law and fact exist as to all members of the Class and
predominate over questions affecting individual members of the Class. Common questions include:

(a) Does Sears’s conduct constitute a breach of contract?

(b) Does Sears’s conduct violate its fiduciary duties to the Class?

(c) Is the Class entitled to an accounting?

(d) Did Sears violate the Illinois Consumer Fraud and Deceptive Trade Practices Act?
(b) Is the Class entitled to injunctive relief?

18. Desantis will fairly and adequately protect the interests of the class, her claims are typical of the claims of the class, and she has retained counsel competent and experienced in class action litigation.

19. A class action is superior to other available methods for fairly and efficiently adjudicating this controversy because, among other things, (a) joinder of all members of the Class is impracticable, and (b) many members of the class cannot vindicate their rights by individual suits because their damages are small relative to the burden and expense of litigating individual actions.

DAMAGES
20. Desantis and the members of her class were damaged by Sears’s misconduct, inter alia, because the value of the products and services they purchased from Sears was diminished because Sears made publicly available their personal information connected to those purchases. Put simply, a dishwasher costing $1,000 is worth less than an identical dishwasher where the first purchaser’s private purchase information is made public. Nevertheless, the
aggregate amount at issue is under $5,000,000 collectively, even when factoring in the cost of
the injunctive relief and the request for attorneys’ fees. Further, no individual in the class is seeking more than $75,000 for him or herself, all types of relief included.

COUNT I (Breach of Contract)
21. Desantis incorporates by reference and realleges the foregoing allegations.
22. Implicit in Sears’s contracts is a good faith and fair dealing provision, requiring Sears to disclose whether and to what extent it makes publicly available customers’ personal information and to take reasonable steps to insure that the private information of the Class is not easily accessible by the public.
22. Not only does Sears fail to make such disclosures, it makes contrary disclosures on its website, listing the specific circumstances – none of which are germane to the instant case — under which Sears does share customer information with others. And, as detailed above, it failed to take reasonable steps to ensure that the Class’s private information was secure.
23. As a result the Class was damaged.

COUNT II (Breach of Fiduciary Duty)
24. Desantis incorporates by reference and realleges the foregoing allegations.
25. Sears’s customers place their trust and confidence in Sears by providing it with their personal information and Sears thereby gained an influence and superiority over them.
26. Sears’s breached that duty as described above, thereby damaging the class.
(Violation of the Consumer Fraud Act)

27. Desantis incorporates by reference and realleges the foregoing allegations.
28. The Consumer Fraud Act prohibits "unfair or deceptive acts or practices,"
including the "misrepresentation or the concealment, suppression or omission of any material fact, with intent that others rely upon the concealment, suppression or omission of such material fact." 815 ILCS 505/2.
29. The Act further provides that "Unfair methods of competition and unfair or deceptive acts or practices . . . are hereby declared unlawful whether any person has in fact been misled, deceived or damaged thereby. In construing this section consideration shall be given to the interpretations of the Federal Trade Commission and the federal courts relating to Section 5
(a) of the Federal Trade Commission Act. " 815 ILCS 505/2

30. On numerous occasions the Federal Trade Commission has interpreted Section 5(a) of the Federal Trade Commission Act to include the failure to disclose the potential for security breaches through a company’s website.

31. Sears’s failure to protect against and alert the Class to the possibility of security breaches was deceptive in a material way in violation of the Consumer Fraud Act.

32. Sears intended that the members of the Plaintiff Class would rely upon its deceptive conduct.

33. A reasonable person would be misled by Sears’s deceptive conduct.
34. Sears’s conduct involves trade practices directed to the market generally and otherwise implicates consumer protection concerns.
35. As a result of Sears’s misconduct, the Class was damaged.
WHEREFORE, Plaintiff prays for the following relief:

An order certifying the class as defined above;
An award of the aggregated actual damages of the members of the Class,
An injunction requiring Defendant to secure the private information it has obtained from the Class and to notify the Class of the possibility of security breaches;
An accounting to determine whether any security breaches occurred;
Reasonable Attorney’s fees and costs; and
Such further and other relief the Court deems appropriate.

JURY DEMAND
Plaintiff requests trial by jury of all claims that can be so tried Dated: January 4, 2008 CHRISTINE DESANTIS, individually and on behalf of a class of similarly situated individuals


advertisement

Comments are closed.

Newsletters

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
advertisement

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.