The U.S. District Court for the Northern District of Illinois upon a Rule 12(b)(6) motion dismissed a count for violation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. §1030(a)(2)( C), because plaintiff CouponCabin did not allege damages exceeding the $5,000 statutory trigger, but did find that the complaint alleging unauthorized scraping of coupon codes from plaintiff’s website was sufficient under the CFAA. CouponCabin, Inc. v. PriceTrace, LLC, Case No. 18-C-7525 (N.D. Ill., Apr. 11, 2019) (Full Opinion Available Here).
CouponCabin, Inc. alleged that PriceTrace, LLC illegally took coupon codes available on CouponCabin’s website and provided the codes on PriceTrace’s website. CouponCabin claims that this activity violated numerous laws including: (1) the Federal Computer Fraud and Abuse Act ; and (2) the Illinois Trade Secrets Act; and constitutes (3) tortious interference with economic advantage; and (4) breach of contract. PriceTrace moved to dismiss the claims for failure to state a claim pursuant to Federal Rule of Civil Procedure 12(b)(6). R. 14. This article only address the CFAA claim and the Court’s findings.
CouponCabin receives commissions from internet retailers for providing the retailers’ coupon codes on the CouponCabin website and directing customers to the retail websites. CouponCabin alleges that PriceTrace accessed CouponCabin’s website, took the coupon codes, and provided them to PriceTrace’s website. After discovering PriceTrace’s activities, CouponCabin sent PriceTrace a letter demanding that PriceTrace stop accessing and taking data from CouponCabin’s website and
that PriceTrace remove from its website all coupon codes taken from CouponCabin’s website. CouponCabin alleged that PriceTrace thereafter continued to access and take data from CouponCabin’s website even after the letter was sent.
The Computer Fraud and Abuse Act (CFAA) prohibits a person from “intentionally access[ing] a computer without authorization or exceed[ing] authorized access, [to] thereby obtain . . . information from any protected computer.” 18 U.S.C. §1030(a)(2)(C). A “protected computer” is any computer “used in or affecting interstate or foreign commerce or communication.” Id. § (e)(2)(B). A plaintiff may bring an action for violation of the CFAA if the plaintiff “suffers damage or loss by reason of a violation.” Id. § (g). “Damage” means “any impairment to the integrity or availability of data, a program, a system, or information.” Id. § (e)(8). “Loss” means “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” Id. § (e)(11). The alleged “loss” during any one-year period must be “at least $5,000 in value.” Id. § (g) (referring to § (c)(4)(A)(i)(I)).
CouponCabin alleged that it revoked PriceTrace’s access to the CouponCabin website, and that PriceTrice continued to access the website without authorization. This is sufficient to plausibly allege violation of § 1030(a)(2)(C), which prohibits mere unauthorized access.
Nowhere in the complaint does CouponCabin allege that PriceTrace’s activities impacted the
operation of CouponCabin’s website in any way. CouponCabin has not identified “any impairment to the integrity or availability of data, a program, a system, or information” to plausibly allege “damage” under the CFAA.
CouponCabin made no allegations or argument about what actions it took in response to PriceTrace’s unauthorized access, or whether the costs of those actions exceeded $5,000. Thus, CouponCabin failed to make a plausible showing that it suffered “loss,” so its claim for a CFAA violation was dismissed at the pleading stage.