From Casetext: Smarter Legal Research

Atwal v. NortonLifeLock, Inc.

United States District Court, Western District of New York
Feb 3, 2022
No. 20-CV-449S (W.D.N.Y. Feb. 3, 2022)

Opinion

20-CV-449S

02-03-2022

EPHRAIM ATWAL, M.D., Plaintiff, v. NORTONLIFELOCK, INC., Defendant.


DECISION AND ORDER

WILLIAM M. SKRETNY, United States District Judge.

I. Introduction

This is a removed diversity action for breach of contract. Plaintiff is a New York doctor and Defendant NortonLifeLock is a Delaware corporation with its principal place of business in Arizona (Docket No. 1, Notice of Removal ¶¶ 7.a., 7). NortonLifeLock issued Plaintiff a policy for identity loss protection (see Docket No. 1, Notice of Removal, Ex. A, Compl. ¶ 14, Ex. A). Plaintiff alleges that Defendant breached its contract by not covering his losses from his cryptocurrency account after a third-party stole his credentials to that account and looted it (see Id. ¶¶ 9-10, 12, 22-24).

Before this Court is Defendant's Motion to Dismiss (Docket No. 6). This Court concludes that Plaintiff alleges a breach of Defendant's Policy. For the reasons stated below, this Motion is granted in part (dismissing the Third Cause of Action for breach of the duty of good faith and fair dealing and Fourth Cause of Action for unjust enrichment) and denied in part (upholding the First Cause of Action for declaratory judgment and Second Cause of Action for breach of contract). Therefore, Plaintiff shall file an Amended Complaint within twenty-one (21) days of entry of this Order. Defendant shall file its Answer or Motion within fourteen (14) days of service of the Amended Complaint.

In support of its Motion, Defendant submits its attorney's Declaration with exhibits (the Complaint and Notice of Removal) and Memorandum of Law, Docket No. 6. In opposition, Plaintiff submits his Memorandum of Law, Docket No. 9. Defendant replies with its Reply Memorandum, Docket No. 10.

II. Background

A. Plaintiff's Cryptocurrency Account

From June 26, 2017, Plaintiff maintained a private EOS cryptocurrency account, operating on blockchain technology and accessible through private key credentials (Docket No. 1, Notice of Removal, Ex. A, Compl. ¶¶ 7-8). On or about August or September 2018, a third-party misappropriated his key credentials and stole all of Plaintiff's EOS funds in his cryptocurrency account (id. ¶¶ 9-10; see also Id. ¶ 12 (unauthorized use of key credentials)). Plaintiff alleges that approximately 2.09 million EOS funds (valued at approximately $12 million USD) were in his account prior to the misappropriation (id. ¶ 11). Plaintiff unsuccessfully sought to recover the account's funds from cryptocurrency exchanges where the unauthorized third-party transferred his EOS funds (id. ¶ 13).

“EOS” is an acronym for Electro-Optical System, based on blockchain technology, see https://www.investopedia/tech.what-is-eos; see also https://bitcoinist.com/what-is-eos-how-is-it-different-from-other-blockchains/; Williams v. Block.One, Nos. 20CV2809, 20CV3829, 2020 WL 4505569, at *1 (S.D.N.Y. Aug. 4, 2020) (EOS tokens are type of cryptocurrency); In re Bibox Group Holdings Ltd. Secs. Litig., 534 F.Supp.3d 326, 327 (S.D.N.Y. 2021).

B. Defendant's LifeLock Identify Theft Program

On or about July 11, 2018, Defendant issued Plaintiff a LifeLock Ultimate Plus policy for a one-year period (id. ¶ 14, Ex. A, “Certificate of Insurance Stolen Identity Event Insurance, ” hereinafter the “Policy”). Pursuant to the Policy, Defendant agreed to pay up to $1 million coverage for remediation, stolen funds reimbursement, personal expenses, and coverage for lawyers and experts for a “Stolen Identity Event” (id. ¶ 16, Ex. A, Policy at 3).

A “Stolen Identity Event” is defined in the Policy as a theft of personal information without the insured's express authorization to establish or use a deposit, credit, or other Account (id. ¶ 20, Ex. A, Policy § VI., Definitions U., “Stolen Identity Event, ” at 10). That personal information includes “personal identification, social security number, or other method of identifying you, or one or more uses of such stolen information without your express authorization to establish or use a deposit, credit or other Account, secure a loan, . . . enter into a contract or commit a crime” (Docket No. 1, Ex. A, Compl. Ex. A, Policy § VI., Definitions U., at 10 (emphasis added)).

A covered victim of a Stolen Identity Event also may obtain remediation coverage from Defendant including reimbursement of stolen funds, remediation coverages, and coverage of “direct financial loss arising from a Stolen Funds Loss incurred as a direct result of a Stolen Identity Event” (id. ¶ 17, Ex. A, Policy § I.C., at 4-5, ¶ 18, Ex. A, Policy § I.B., at 4). “Stolen Funds Loss, ” in turn, is defined in this Policy as “the principal amount, incurred by [the insured] and caused by an Unauthorized Funds Transfer” (id. ¶ 19, Ex. A, Policy § VI., Definitions T., “Stolen Funds Loss, ” at 10). “Unauthorized Funds Transfer” means “a Funds Transfer from your Account initiated by a person other than [the insured] without the actual authority to initiate the transfer and from which you and your immediate family members receive no benefit” (id., Ex. A, Policy § VI., Definitions X., “Unauthorized Funds Transfer, ” at 10).

C. Plaintiff Requests Coverage

Plaintiff alleges that he sought reimbursement on May 24 and June 21, 2019 (Docket No. 1, Ex. A, Compl. ¶¶ 22, 23), but on July 18 and November 18, 2019, Defendant denied Plaintiff's claim (id. ¶ 24). As of the filing of this action, Defendant has not paid this claim (id. ¶ 25). Defendant argues that Plaintiff's claimed account is not a defined “Account” under its Policy (Docket No. 6, Def. Memo. at 3-5). Under Defendant's Policy, an “Account” “is defined as ‘a U.S. regulated and domiciled checking, savings, money market, brokerage, or credit card Account of yours held directly or indirectly by a Financial Institution and established primarily for personal, family or household purposes. ‘Account' also includes a Retirement Account held in your name, or the name of your authorized representative.” (Id. at 3; Docket No. 1, Ex. A, Compl. Ex. A, Policy § VI., Definitions B., “Account, ” at 9 (emphasis added)). This “Account” applies to aspects of the Policy (e.g., Docket No. 1, Ex. A, Policy § VI., Definitions U., X.). “Financial Institution, ” in turn, is defined as a “bank, savings, association, credit union, credit institution or company issuing credit or any other person or entity that directly or indirectly holds an Account belonging to you” (id., Ex. A, Compl. Ex. A Policy § VI., Definitions G., at 9; see Docket No. 9, Pl. Memo. at 9). The Policy limits the coverage territory to pay losses “incurred in the United States or a branch or office abroad of a United States regulated Financial Institution” (Docket No. 1, Ex. A, Compl., Ex. A, Policy § VIII. C., at 11).

D. Complaint, Removal, and Defendant's Motion to Dismiss

Plaintiff initially sued Defendant in New York State Supreme Court, Erie County (Docket No. 1, Notice of Removal, ¶ 1, Ex. A, Compl. (Index No. 803782/2020)), alleging four causes of action (Docket No. 1, Ex. A). The First Cause of Action seeks declaratory judgment that Plaintiff was entitled to coverage from Defendant under the Policy (id. ¶¶ 28-30). The Second Cause of Action alleges breach of contract for failing to cover Plaintiff's loss (id. ¶¶ 32-36). The Third Cause of Action claims breach of the implied covenant of good faith and fair dealing (id. ¶¶ 38-41) and the Fourth Cause of Action alleges Defendant's unjust enrichment (id. ¶ 43). Plaintiff claims suffering damages he valued at least $80,000 (id. ¶¶ 36, 41, 43, WHEREFORE Cl., b)). Defendant removed this action (Docket No. 1) and a month later filed the pending Motion to Dismiss (Docket No. 6). This Court deems this Motion to be submitted without oral argument.

III. Discussion

A. Applicable Standards

1. Motion to Dismiss

Defendant has moved to dismiss on the grounds that the Complaint fails to state a claim for which relief can be granted (id.). Under Rule 12(b)(6), the Court cannot dismiss a Complaint unless it appears “beyond doubt that the plaintiff can prove no set of facts in support of his claim which would entitle him to relief.” Conley v. Gibson, 355 U.S. 41, 45-46, 78 S.Ct. 99, 2 L.Ed.2d 80 (1957). As the Supreme Court held in Bell Atlantic Corp. v. Twombly, 550 U.S. 554, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007), a Complaint must be dismissed pursuant to Rule 12(b)(6) if it does not plead “enough facts to state a claim to relief that is plausible on its face, ” Id. at 570 (rejecting longstanding precedent of Conley, supra, 355 U.S. at 45-46).

To survive a motion to dismiss, the factual allegations in the Complaint “must be enough to raise a right to relief above the speculative level, ” Twombly, supra, 550 U.S. at 555; Hicks, supra, 2007 U.S. Dist. LEXIS 39163, at *5. As reaffirmed by the Court in Ashcroft v. Iqbal, 556 U.S. 662, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009),

“To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.' [Twombly, supra, 550 U.S.] at 570 . . . . A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. Id., at 556 . . . . The plausibility standard is not akin to a ‘probability requirement,' but it asks for more than a sheer possibility that a defendant has acted unlawfully. Ibid. Where a complaint pleads facts that are ‘merely consistent with' a defendant's liability, it ‘stops short of the line between possibility and plausibility of “entitlement to relief.”' Id., at 557 . . . (brackets omitted).”
Iqbal, supra, 556 U.S. at 678 (citations omitted).

A Rule 12(b)(6) motion is addressed to the face of the pleading. The pleading is deemed to include any document attached to it as an exhibit, Fed.R.Civ.P. 10(c), such as Defendant's Policy (Docket No. 1, Ex. A, Compl. Ex. A), or any document incorporated in it by reference. Goldman v. Belden, 754 F.2d 1059 (2d Cir. 1985).

In considering such a motion, the Court must accept as true all the well pleaded facts alleged in the Complaint. Bloor v. Carro, Spanbock, Londin, Rodman & Fass, 754 F.2d 57 (2d Cir. 1985). However, conclusory allegations that merely state the general legal conclusions necessary to prevail on the merits and are unsupported by factual averments will not be accepted as true. New York State Teamsters Council Health and Hosp. Fund v. Centrus Pharmacy Solutions, 235 F.Supp.2d 123 (N.D.N.Y. 2002).

2. Choice of Law

As a removed diversity action, the procedures are governed by federal law and rules, while the substantive law is governed by state law, see Erie R.R. v. Tompkins, 304 U.S. 64, 58 S.Ct. 817, 82 L.Ed. 1188 (1938); Ocean Ships, Inc. v. Stiles, 315 F.3d 111, 116 n.4 (2d Cir. 2002). A federal court sitting in diversity applies the choice of law rules from the state in which it sits. Klaxon v. Stentor Elec. Mfg. Co., 313 U.S. 487, 61 S.Ct. 1020, 85 L.Ed. 1477 (1941).

Neither party disputes that New York law governs here. Defendant's Policy declares that New York law applies to any disputes arising under the Policy (Docket No. 1, Ex. A, Compl. ¶ 21, Ex. A, Policy VIII., Common Policy Conditions E., at 12 (choice of law provision)). New York courts will enforce a contractual choice-of-law clause like the Policy here so long as the chosen law bears a reasonable relationship to the parties or the transaction. National Traffic Serv., Inc. v. Fiberwell, Inc., 829 F.Supp.2d 185, 188 (W.D.N.Y. 2011) (Skretny, C.J.), citing Aramarine Brokerage, Inc. v. OneBeacon Ins. Co., 307 Fed.Appx. 562, 564 (2d Cir. 2009). Since this Policy provides identity theft protection, choice of the law of the insured's forum is reasonable.

3. Cryptocurrency

Whether Plaintiff has an “Account” covered by Defendant's Policy depends upon whether Plaintiff's EOS cryptocurrency account falls under the Policy's definition of a domestic regulated “Account” (Docket No. 1, Ex. A, Compl., Ex. A, Policy § VI., Definitions B., at 9).

As Defendant observes (Docket No. 6, Def. Memo. at 4), cryptocurrency (such as EOS or Bitcoin) currently is not legal tender, Tucker v. Chase Bank USA, N.A., 399 F.Supp.3d 105, 108 (S.D.N.Y. 2019), see also Id. at 112-13 (parties' definitions of “cashlike transaction, ” arguing that “cash” meant fiat currency); Lagemann v. Sence, No. 18 Civ. 12218, 2020 WL 5754800, at *2 n.3 (S.D.N.Y. May 18, 2020); In re Mt. Gox Bitcoin Exchange Litig., 291 F.Supp.3d 1370, 1370 n.2 (J.P.M.L. 2018) (in denial of transfer to Multidistrict Litigation court, finding that Bitcoin operates without a central bank or single administrator); Wisconsin Central Ltd. v. United States, 585 U.S., 138 S.Ct. 2067, 2076, 201 L.Ed.2d 490 (2018) (Breyer, J., dissenting) (“Moreover, what we view as money has changed over time. . . . perhaps one day employees will be paid in Bitcoin or some other type of cryptocurrency, ” citations omitted). It is a medium of exchange like cash but not issued or regulated by a sovereign power, United States v. Petix, No. 15CR227, 2016 WL 7017919, at *5 (W.D.N.Y. Dec. 1, 2016) (Scott, Mag. J.) (in Report & Recommendation, explaining Bitcoin was not “money” under 18 U.S.C. § 1960). Cryptocurrency is “computer files generated through a ledger system that operates on” blockchain technology, Id. at *5 (citing Shahla Hazratjee, Bitcoin: The Trade of Digital Signatures, 41 T. Marshall L. Rev. 55, 59 (2015)); see Lagemann, supra, 2020 WL 5754800, at *2 n.3 (although certain types of cryptocurrencies may be used as currency, cryptocurrencies are fundamentally private sector technologies, computer codes, and software applications) (quoting Tucker, supra, 399 F.Supp.3d at 108) (see Docket No. 1, Notice of Removal, Ex. A, Compl. ¶ 7). As observed about Bitcoin, the whole point of cryptocurrency “is to escape any entanglement with sovereign governments, ” Petix, supra, 2016 WL 7017919, at *5. Cryptocurrencies “have value exclusively to the extent that people at any given time choose privately to assign them value. No. governmental mechanisms assist with valuation or price stabilization, ” id.

Despite Defendant's argument (cf. Docket No. Def. Reply Memo. at 4 & n.3), if not regulated by the Federal Deposit Insurance Corporation cryptocurrency may be traded as securities or commodities, U.S. Sec. & Exch. Comm'n v. Kik Interactive Inc., 492 F.Supp.3d 169, 177-82 (S.D.N.Y. 2020) (securities); Williams v. KuCoin, No. 20-CV-2806, 2021 WL 5316013, at *2 (S.D.N.Y. Oct. 21, 2021) (Lehrburger, Mag. J.) (Report & Rec.) (in 2019, Securities and Exchange Commission issued “Framework for ‘Investment Contract' Analysis of Digital Assets” stating four prongs in determining whether a digital asset was a security); see In re Bibox Group Holdings, supra, 534 F.Supp.3d at 331 (in 2019, the SEC concluded that EOS issued by Block.one was a security under the 1933 Securities Act); Commodity Futures Trading Comm'n v. McDonnell, 287 F.Supp.3d 213, 228 (E.D.N.Y. 2018) (Weinstein, J.) (commodities) (Docket No. 9, Pl. Memo. At 8, 9 & n.5). In CFTC v. McDonnell, Judge Jack Weinstein held that

“Virtual currencies can be regulated by CFTC as a commodity. Virtual currencies are ‘goods' exchanged in a market for a uniform quality and value. Mitchell Prentis, Digital Metal: Regulating Bitcoin As A Commodity, 66 Case W. Res. L. Rev. 609, 626 (2015). They fall well-within the common definition of ‘commodity' as well as the [Commodity Exchange Act's]] definition of ‘commodities' as ‘all other goods and articles ... in which contracts for future delivery are presently or in the future dealt in.' Title 7 U.S.C. § 1(a)(9).”
Id. (emphasis added).

Securities regulation arises in the cited cases from the public sale of digital assets, Kik Interactive, supra, 492 F.Supp.3d at 174, 177-82; In re Bibox Group Holdings, supra, 534 F.Supp.3d at 331; Williams, supra, 2021 WL 5316013, at *2; see also 15 U.S.C. § 77e(a) (prohibition of sales in interstate commerce or the mails of unregistered securities). In Kik Interactive, defendant Kik Interactive conducted a private initial offering of Kin tokens with advice to buyers that the instrument they purchased was a security but not registered under any nation's securities laws, Id. at 181-82. The district court held that the private pre-sale of the Kin tokens was a part of an integrated offering followed by the public sale of the tokens, 492 F.Supp.3d at 181-82. The court concluded that this private pre-sale and public offering of defendant's Kin tokens was a public sale of securities requiring a registration statement, Id. at 177-82.

This conclusion, that a public sale of cryptocurrency is the sale of securities regulated under the Securities Act, however, postdates Plaintiff's present claim and occurred during the time of Defendant's denials of coverage. There is no allegation here of any public purchase or sale of Plaintiff's EOS cryptocurrency or public registration of the cryptocurrency. Plaintiff alleges his EOS cryptocurrency is a private asset not in a government-regulated account, declaring that he “maintained a private EOS cryptocurrency account” (Docket No. 1, Ex. A, Compl. ¶ 7). Defendant's Policy insured traditional currency accounts held by recognized institutions rather than the novel and evolving area of cryptocurrencies.

Absent allegation of government regulation generally applicable for fiat money, cryptocurrency like Plaintiff's EOS here is dependent upon the agreed upon definition of the parties. Defendant could (as it did here under the Policy) limit its coverage to domestic, regulated accounts only. By becoming a member, Dr. Atwal agreed to this limited scope of Defendant's coverage. Defendant thus could conclude that Plaintiff's EOS cryptocurrency is not from a domestic, regulated “Account” for coverage under its Policy.

B. First and Second Causes of Action-Declaratory Judgment and Breach of Contract

This Court will consider together Plaintiff's First and Second Causes of Action (cf. Docket No. 6, Def. Memo. at 3-5; Docket No. 9, Pl. Memo. at 5-12). In these claims, Plaintiff seeks declaratory judgment that Defendant breached its contract by not covering his loss of cryptocurrency and he seeks to recover damages for that breach.

1. Applicable Standard-Declaratory Judgment

Upon removal to this Court, federal procedures (including those for declaratory judgment) apply, see 28 U.S.C. § 1447(a). Under § 2201(a), where there is an actual controversy within this Court's jurisdiction, “upon the filing of an appropriate pleading, may declare the rights and other legal relations of any interested party seeking such declaration, whether or not further relief is or could be sought. Any such declaration shall have the force and effect of a final judgment or decree, ” 28 U.S.C. § 2201(a).

2. Breach of Contract under New York Law

To state a breach of contract under New York common law, Plaintiff must prove, by preponderance of evidence, the existence of a contract with Defendant, performance of his obligations under the contract, breach of the contract by Defendant, and damages to Plaintiff caused by Defendant's breach, e.g., Diesel Props S.r.l. v. Greystone Business Credit II LLC, 631 F.3d 42, 52 (2d Cir. 2011) (citing cases) (Docket No. 37, Def. Memo. at 8); Acquest Holdings, Inc. v. Travelers Cas. & Sur. Co., 217 F.Supp.3d 678, 686 (W.D.N.Y. 2016) (Wolford, J.).

3. Parties' Contentions

Defendant contends that Plaintiff merely lost from an unregulated cryptocurrency account which was not an “Account” covered under its identity theft program (Docket No. 6, Def. Memo. at 1). Plaintiff's cryptocurrency is not subject to control or oversight of any governmental agency (id. at 3-4). Thus, Plaintiff's EOS cryptocurrency account was not an “Account” under Defendant's Policy because its “Account” only consisted of legal tender (id. at 4) and not Plaintiff's private EOS cryptocurrency (id.; see Docket No. 10, Def. Reply Memo. at 2). Therefore, Defendant concludes that Plaintiff failed to state a claim under its Policy (Docket No. 6, Def. Memo. at 3-5). Even if Plaintiff's alleged his loss is covered by Defendant's policy, Defendant retorts that Plaintiff has not incurred damages that would be covered (Docket No. 6, Def. Memo. at 5). Plaintiff argues he incurred a “Stolen Identity Event” under Defendant's Policy either from the theft of Dr. Atwal's personal information or the subsequent plundering of his EOS cryptocurrency account (Docket No. 9, Pl. Memo. at 5-7; see Docket No. 1, Ex. A, Compl., Ex. A, Policy § VI., Definitions U., at 10). Furthermore, Plaintiff points out that cryptocurrency can be purchased as a commodity and that commodities are subject to regulation (Docket No. 9, Pl. Memo. at 8, 9 & n.5, citing CFTC v. McDonnell, supra, 287 F.Supp.3d at 228).

Further, Plaintiff responds that he pled entitlement to reimbursement and remediation coverage under Defendant's policy when someone misappropriated his credentials to his private EOS account (id. at 5-9). Plaintiff claims he alleged he had an “Account” as defined under Defendant's Policy or, if the language is ambiguous, it must be interpreted in his favor (id. at 6). Defendant's policy establishes two different occurrences for a “Stolen Identity Event” and Plaintiff points to the first occurrence, the theft of insured's personal information (id.; Docket No. 1, Ex. A, Compl., Ex. A, Policy § VI., Definitions U., “Stolen Identity Event, ” at 10) which did not require an “Account” as defined in the Policy (Docket No. 9, Pl. Memo. at 6). Plaintiff claims that his private credentials were his personal information covered by Defendant's policy (id. at 7). Plaintiff disputes whether his EOS account was regulated and domiciled in the United States (id. at 8). Plaintiff claims his EOS account is a brokerage account and thus under Defendant's policy (id. at 9). Plaintiff next claims he pled entitlement to Fraudulent Withdrawal Coverage under Defendant's policy for suffering a Stolen Fund Loss (id. at 10). He also claims he pled damages under Defendant's policy (id. at 10-12).

In reply, Defendant contends that the private EOS account was not covered under its Policy because Account is defined as “U.S. regulated and domiciled checking, savings, money market, brokerage, or credit card Account of yours” (Docket No. 10, Def. Reply Memo. at 2, emphasis in original). For a “Stolen Identity Event, ” Defendant replies that the EOS account must meet a definition of “Account” under the policy to be covered (id. at 3). Defendant continues to deny that Plaintiff pled damages because any loss would occur only if his account was covered (id. at 4).

4. Analysis

For his First and Second Causes of Action (for declaratory relief and compensatory damages for breach of contract, respectively), Plaintiff needs to allege the existence of a contract with Defendant, that Defendant breached it, and (for the breach of contract claim) Plaintiff suffered damages from the breach.

The Complaint incorporated the Policy (Docket No. 1, Ex. A, Compl., Ex. A, Policy). Plaintiff has plausibly pled a breach of contract claim by inclusion of the Policy and alleging how Defendant breached it. The Policy's definition of “Account” (including the “Financial Institution” and “Stolen Identity Event” definitions for the use of the information to establish or use a deposit, credit, or other Account, Docket No. 1, Ex. A, Compl., Ex. A, Policy § VI., Definitions G., U., at 10) is limited to “U.S. regulated and domiciled” accounts (id., § VI., Definitions B., at 9).

The “Stolen Identity Event” is defined in Defendant's Policy as alternatives, either theft of personal information or use of the stolen information to access the member's “Account” (id., § VI., Definitions U., at 10).

a. Existence of Contract-Alleged Theft of Personal Information

The Policy defined a “Stolen Identity Event” as the theft of personal information (id.). Plaintiff states a claim for that theft and use of that personal information to commit a crime, here theft of the key credentials to Plaintiff's EOS cryptocurrency account and the looting of its contents (Docket No. 1, Ex. A, Compl. ¶¶ 8-9). These key credentials are another “method of identifying” Dr. Atwal (id., Ex. A, Policy § VI., Definitions U., at 10). Defendant has not argued that these credentials were not personal information or denied that they were used to commit a crime, the looting of Dr. Atwal's cryptocurrency account. Plaintiff thus has alleged the existence of a contract in Defendant offering to provide coverage for the loss of Dr. Atwal's personal information.

b. Existence of Contract-Access to “Account”

Examining the second alternative for Stolen Identity Event, Plaintiff has not alleged a breach from Defendant not covering the access to the EOS account because he has not claimed that account is from a domestic, regulated brokerage account to constitute an “Account” under the policy. Plaintiff has not alleged that a regulated, domestic brokerage firm held his EOS cryptocurrency account was or even identified the brokerage firm.

He has not alleged, for example, exchanges of his cryptocurrency as a security, cf. In re Bibox Group Holdings, supra, 534 F.Supp.3d 326, or a commodity, cf. CFTC v. McDonnell, supra, 287 F.Supp.3d at 228. While arguing that cryptocurrency may be purchased as a commodity subject to regulation, Dr. Atwal has not alleged that his EOS cryptocurrency was purchased as a commodity or regulated by the Commodity Futures Trading Commission (Docket No. 9, Pl. Memo. at 8, 9 & n.5, cf. CFTC v. McDonnell, 287 F.Supp.3d at 228). He has not alleged how he acquired the cryptocurrency. Had Plaintiff's acquisition of EOS cryptocurrency as a regulated security been alleged in the Complaint, the losses Dr. Atwal incurred from its theft would be covered under Defendant's Policy as from an “Account” from a U.S. regulated and domiciled brokerage. Plaintiff also fails to allege entitlement to Fraudulent Withdrawal Coverage for suffering a Stolen Fund Loss under the Policy because Plaintiff's EOS loss had to be from a recognized, regulated “Account.”

Instead, he attempts to shift the burden to Defendant to prove that the EOS account was not a regulated, domiciled institution (cf. Docket No. 9, Pl. Memo. at 7-8). This burden shifting is incorrect; Plaintiff has the burden of alleging facts that state a claim to relief that are plausible on its face, Twombly, supra, 550 U.S. at 570; it is not Defendant's burden to establish the opposite to support its Motion to Dismiss. Plaintiff needed to allege that the cryptocurrency account fell under the terms of Defendant's Policy.

The Complaint here does not allege the nature of the EOS cryptocurrency account except that it was a private account which contained over 2 million EOS funds before their theft (Docket No. 1, Ex. A, Compl. ¶¶ 7, 11). The Complaint also does not claim the accounts were regulated by a public institution. The indicia of domestic, public regulation that would make the account subject to the Policy are not alleged here. As alleged, these crypto assets are from private transactions that do not meet the Policy definition of an “Account” for coverage. Plaintiff has not alleged access to a member's “Account” and, therefore, has not alleged Defendant's Policy has been breached.

c. Defendant's Breach

Plaintiff, however, alleges breach of Defendant's Policy by Defendant not covering his loss of his personal information after the third-party stole his key credentials (Docket No. 1, Ex. A, Compl. ¶¶ 22-25). Defendant merely argues that Plaintiff's EOS cryptocurrency is not covered by the Policy and does not address the loss of Plaintiff's personal information.

d. Allegation of Damages

Finally, Plaintiff alleges damages from expending costs attempting to recover his cryptocurrency (id. ¶ 26), alleging at least $80,000 in damages (id. ¶ 36). “At the pleading stage, general factual allegations of injury resulting from the defendant's conduct may suffice, for on a motion to dismiss we ‘presum[e] that general allegations embrace those specific facts that are necessary to support the claim.' [Lujan v.] National Wildlife Federation, supra, 497 U.S. [871, 110 S.Ct. 3177, 111 L.Ed.2d 995 (1990)], at 889, 110 S.Ct., at 3189, ” Lujan v. Defenders of Wilderness, 504 U.S. 555, 561, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992). Plaintiff has made sufficient allegation of damages to preclude dismissal. Defendant's argument returns to its contention that Plaintiff's loss was not covered under the Policy, thus denying that Plaintiff incurred any damage (see Docket No. 6, Def. Memo. at 5; Docket No. 10, Def. Reply Memo. at 4). Given the finding above that Plaintiff alleged his loss for the theft of his key credentials and that he alleges damages therefrom, he has stated a claim for damages.

e. Conclusion

Plaintiff has alleged that Defendant's Policy covered the loss of his key credentials to his cryptocurrency as theft of Plaintiff's personal information. And thus, Defendant breached its Policy. Finally, he alleged damages from Defendant's failure to cover Plaintiff's claims. Defendant's Motion to Dismiss (Docket No. 6) the First and Second Causes of Action therefore is denied.

C. Third Cause of Action-Duty of Good Faith and Fair Dealing under New York Law

1. Applicable Standards

Generally, the implied covenant of good faith and fair dealing “embraces a pledge that ‘neither party shall do anything which will have the effect of destroying or injuring the right of the other party to receive the fruits of the covenant, '” Dalton v. Educational Testing Serv., 87 N.Y.2d 384, 389, 639 N.Y.S.2d 977, 979 (1995) (quoting Kirke La Shelle Co. v. Armstrong Co., 263 N.Y. 79, 87, 188 N.E. 163, 167 (1933)).

As observed in M/A-COM Sec. Corp. v. Galesi, 904 F.2d 134, 136 (2d Cir. 1990) (Docket No. 9, Pl. Memo. at 13), “where a party's acts subsequent to performance on the contract so directly destroy the value of the contract for another party that the acts may be presumed to be contrary to the intention of the parties, the implied covenant of good faith may be implicated. See Roli-Blue, Inc. v. 69/70th Street Assocs., 119 A.D.2d 173, 506 N.Y.S.2d 159 (1st Dep't 1986).”

A plaintiff alleges a claim for breach of implied covenant of good faith and fair dealing if he can “‘establish[] a legal duty separate and apart from contractual duties, '” Schonfeld v. Wells Fargo Bank, N.A., as Trustee for Aegis Asset Back Secs. Trust Mortgage Pass-Through Certs., No. 1:15-cv-01425, 2017 WL 4326057, at *5 (N.D.N.Y. Sept. 27, 2017) (quoting Washington v. Kellwood Co., No. 05 Civ. 10034, 2009 WL 855652, at *6 (S.D.N.Y. Mar. 24, 2009) (there dismissing breach of duty claim as subsumed in breach of contract claim)). A claim for good faith and fair dealing based upon the breach of the terms of the agreement “is necessarily duplicative of a breach of contract claim, ” Washington, supra, 2009 WL 855652, at *6.

“Generally, a claim for breach of an implied covenant of good faith and fair dealing does not provide a cause of action separate from a breach of contract claim. ‘[P]arties to an express contract are bound by an implied duty of good faith, but breach of that duty is merely a breach of the underlying contract.' Harris v. Provident Life & Accident Ins. Co., 310 F.3d 73, 80 (2d Cir. 2002), ”
Dorset Indus., Inc. v. Unified Grocers, Inc., 893 F.Supp.2d 395, 405 (E.D.N.Y. 2012) (citations omitted).

“To establish a claim for breach of the implied covenant of good faith and fair dealing, a plaintiff must establish the following: ‘(1) defendant must owe plaintiff a duty to act in good faith and conduct fair dealing; (2) defendant must breach that duty; and (3) the breach of duty must proximately cause plaintiff's damages, '” Schonfeld, supra, 2017 WL 4326057, at *5 (quoting Washington, supra, 2009 WL 855652, at *6).

New York law, however, does not recognize a distinct tort for breach of the duty of good faith and fair dealing, New York Univ. v. Continental Ins. Co., 87 N.Y.2d 308, 639 N.Y.S.2d 283 (1995). Instead, breach of this duty is a source for consequential damages beyond the terms of an insurance policy, Certain Underwriters at Lloyd's v. BioEnergy Dev. Group LLC, 178 A.D.3d 463, 464, 115 N.Y.S.3d 240 240-41 (1st Dep't 2019). As consequential damages, these are “caused by a carrier's injurious conduct-in this case, the insurer's failure to timely investigate, adjust and pay the claim, ” Bi-Economy Market, Inc. v. Harleysville Insurance Co., 10 N.Y.3d 187, 196, 856 N.Y.S.2d 505, 510 (2008).

2. Parties' Contentions

Defendant asserts Plaintiff has not alleged any facts to support his breach of the implied covenant of good faith and fair dealing (Docket No. 6, Def. Memo. at 7). Plaintiff counters that Defendant breached the implied covenant of good faith and fair dealing by disregarding its obligations under its Policy and denying Plaintiff's claim (Docket No. 9, Pl. Memo. at 13).

3. Analysis

Implicit in the arrangement between these parties is a duty Defendant assumed of good faith and fair dealing in providing identity theft protection. This duty of good faith, however, cannot duplicate a breach of contract claim, Washington, supra, 2009 WL 855652, at *6.

While Plaintiff may allege alternatively breach of contract and violation of the duty of good faith, see Fed.R.Civ.P. 8(d)(2), he needs to allege a duty distinct from performance of the Policy to allow for alternative pleading, see Dorset Indus., supra, 893 F.Supp.2d at 405. In Dorset Industries, plaintiff Dorset Industries contacted with Unified Grocers to provide marketing and merchandising services to Unified Grocers' member groceries with confidentiality and non-disclosure provisions in their contract, id. at 399, 400, 405. Plaintiff alleged (among other claims) breach of contract and breach of the covenant of good faith in misusing confidences and in appropriating proprietary information for Unified Grocers' own program, id. at 401-02. The Eastern District of New York held that so much of Dorset's breach of the duty of good faith duplicated its breach of contact claim for violations of the confidentiality and non-disclosure provisions, id. at 405. The court concluded, “thus, to the extent that the Plaintiff's claim for breach of the implied duty of good faith and fair dealing is premised on the Defendant's alleged use of the Plaintiff's confidential information to create a competing checkout program, that claim is dismissed, ” id. (citing Washington, supra, 2009 WL 855652, at *6 n.3). The court then held that Dorset had alleged a breach of this duty of good faith where Dorset alleged that its agreements with Unified Grocers implied that Unified Grocers would not create a competing program and plausibly alleged that Dorset had the reasonable expectation that Unified Grocers would use its efforts to enroll members in Dorset's program rather than for Unified Grocers' competing scheme, id. at 407-08.

See also The Dweck Law Firm, L.L.P. v. Mann, 340 F.Supp.2d 353, 358 (S.D.N.Y. 2004) (cf. Docket No. 9, Pl. Memo. at 12-13), where plaintiff law firm initially alleged a breach of contract claim for its retainer agreement with client Cynthia Mann, but the court dismissed that claim because the firm failed to allege that it completed performance under the retainer, id. at 355-56, 358. The firm filed a new action alleging breach of the duty of good faith and fair dealing, stating “slightly different facts” that it rendered legal services to Mann, but Mann frustrated the firm's effort to complete its performance depriving compensation to the firm, id. at 356, 358, 359.

Contrast this with Dr. Atwal's allegations before this Court. Plaintiff has not alleged in his Third Cause of Action a distinct duty from Defendant's failure to perform under its identity theft protection Policy. He alleges that Defendant breached the duty of good faith and fair dealing by disregarding its obligations under the Policy (Docket No. 1, Ex. A, Compl. ¶¶ 39-40). This is identical to breach of that Policy.

Plaintiff does not allege an implied duty other than arising from the Policy. He sought coverage for his cryptocurrency and that coverage obligation arises entirely from the Policy. Unlike the cases cited by Plaintiff (cf. Docket No. 9, Pl. Memo. at 12-13), he has not alleged any implied promise interwoven with the Policy, cf. M/A-COM Sec. Corp., supra, 904 F.2d at 136, that Defendant breached by its nonperformance.

Dr. Atwal also has not alleged that NortonLifeLock hindered his performance. Instead, Plaintiff alleges his complete performance, and that Defendant breached its duty by not providing coverage when Plaintiff proffered his claim.

Plaintiff cites Bi-Economy Market, supra, 10 N.Y.3d at 194, 856 N.Y.S.2d at 509, arguing that Defendant breached the implicit obligation to pay Plaintiff's covered claim (id. at 13). Plaintiff's presented claims for consequential damages (the costs he incurred due to the EOS account being fraudulently accessed, see Docket No. 1, Ex. A, Compl. ¶¶ 26, 41), that he submitted this claim and its rejection (id. ¶¶ 22-24). Unlike Bi-Economy Market, see id. at 195, 856 N.Y.S.2d at 510, however, Plaintiff does not claim Defendant's subsequent acts destroyed the value of the Policy such that it was presumed to be contrary to the intention of the parties to the identity protection Policy.

The insurer in Bi-Economy Market delayed in payment of its replacement cost coverage and business interruption policy for the market's fire loss and paid less than the total loss incurred, id. at 191, 856 N.Y.S.2d at 507. The Court of Appeals held that damages there also included consequential damages for the insurer's delay in evaluating the claim and prompt payment, see id. at 195, 856 N.Y.S.2d at 510. The insurer's delay in adjusting that claim led to Bi-Economy Market losing its business, suffering additional, consequential damages from that delay, id. at 195, 856 N.Y.S.2d at 510.

The dispute here, however, is whether Dr. Atwal's loss was covered under the Policy. Defendant argues that Plaintiff's EOS cryptocurrency account was outside of the Policy's coverage. There is no issue of the delay in Defendant's adjustment of this claim and the damages Plaintiff incurred. Plaintiff's alleged breach of duty of good faith and fair dealing remains identical to his breach of contract.

His Third Cause of Action for breach of the duty of good faith is duplicative of his Second Cause of Action for breach of contract. Thus, the Third Cause of Action fails to state a distinct claim and Defendant's Motion to Dismiss (Docket No. 6) this claim is granted.

D. Fourth Cause of Action-Unjust Enrichment

1. Applicable Standard

Plaintiff states a claim for unjust enrichment under New York law when he alleges that Defendant was enriched at Plaintiff's expense and equity and good conscience do not permit Defendant to retain what is sought to be recovered, Mandarin Trading Ltd. v. Wilderstein, 16 N.Y.3d 173, 182, 919 N.Y.S.2d 465, 471 (2011) (citations omitted) (Docket No. 6, Def. Memo. at 8; Docket No. 9, Pl. Memo. at 14); Paramount Film Distrib. Corp. v. State of N.Y., 30 N.Y.2d 415, 421, 334 N.Y.S.2d 388, 393 (1972), cert. denied, 414 U.S. 829, 94 S.Ct. 57, 38 L.Ed.2d 64 (1973).

The theory of unjust enrichment under New York law is a quasi contract, recognizing “an obligation the law creates in the absence of any agreement, ” Goldman v. Metropolitan Life Ins. Co., 5 N.Y.3d 561, 587, 807 N.Y.S.2d 583, 587 (2005). An unjust enrichment claim is not available to duplicate or replace a contract claim, Corsello v. Verizon N.Y., Inc., 18 N.Y.3d 777, 790, 944 N.Y.S.2d 732, 740 (2012). Under New York law, the existence of a valid and enforceable written contract precludes recovery under an unjust enrichment theory, Clark-Fitzpatrick, Inc. v. Long Is. R.R., 70 N.Y.2d 382, 389, 521 N.Y.S.2d 653, 656-57 (1987); Sergeants Benevolent Ass'n Annuity Fund v. Renck, 19 A.D.3d 107, 112, 796 N.Y.S.2d 77, 81 (1st Dep't 2005) (Docket No. 6, Def. Memo. at 8); Goldman, supra, 5 N.Y.3d at 572, 807 N.Y.S.2d at 587; see Nieves v. Just Energy N.Y. Corp., No. 17CV561, 2020 WL 6803056, at *7 (W.D.N.Y. Nov. 19, 2020) (Skretny, J.).

A breach of contract and unjust enrichment claim also may be pled in the alternative in this Court, see Fed.R.Civ.P. 8(d)(2) (Docket No. 9, Pl. Memo. at 14-15); GlaxoSmithKline LLC v. Beede, No. 13CV1, 2014 WL 896724, at *7 (N.D.N.Y. Mar. 6, 2014), until a contract is found, see Kapsis v. American Home Mort. Servicing Inc., 923 F.Supp.2d 430, 454 (E.D.N.Y. 2013). Alternative pleading is permitted where the parties dispute the existence of a contract or that the contract applies to the subject matter of the lawsuit, see, e.g., ExamWorks, Inc. v. Soltys, No. 17CV80, 2017 WL 4712206, at *5 (W.D.N.Y. Aug. 10, 2017) (Vilardo, J.) (citing cases); Bristol Village, Inc. v. Louisiana-Pacific Corp., 916 F.Supp.2d 357, 367 (W.D.N.Y. 2013) (Skretny, C.J.).

Unjust enrichment, however, “is not a catchall cause of action to be used when others fail, ” Corsello, supra, 18 N.Y.3d at 790, 944 N.Y.S.2d at 740. Under New York law, unjust enrichment is “available only in unusual situations when, though the defendant has not breached a contract or committed a recognized tort, circumstances create an equitable obligation running from the defendant to the plaintiff, ” id. at 790, 944 N.Y.S.2d at 740; Spinnato v. Unity of Omaha Life Ins. Co., 322 F.Supp.3d 377, 404 (E.D.N.Y. 2018). For example, an unjust enrichment claim arises if “the defendant, though guilty of no wrongdoing, has received money to which he or she is not entitled, ” Corsello, supra, 18 N.Y.3d at 790, 944 N.Y.S.2d at 740.

2. Parties' Contentions

Defendant argues Plaintiff failed to allege facts in support of claim for unjust enrichment (Docket No. 6, Def. Memo. at 8). Defendant concludes Plaintiff cannot simultaneously recover for breach of contract and unjust enrichment (id.). Plaintiff replies that he alleged his breach of contract and unjust enrichment in the alternative and that he alleged unjust enrichment claim (Docket No. 9, Pl. Memo. at 14-15).

3. Analysis

Plaintiff under Federal Rules of Civil Procedure may plead claims in the alternative, Fed.R.Civ.P. 8(d)(2), provided (as previously observed) both claims are fully alleged and differ from each other, see Kapsis, supra, 923 F.Supp.2d at 454 (plaintiff sufficiently pled a plausible unjust enrichment claim with alternative contract clam, motion to dismiss unjust enrichment claim denied); Weisblum v. Prophase Labs, Inc., 88 F.Supp.3d 283, 296-97 (S.D.N.Y. 2015) (plaintiff failed to show his unjust enrichment claim differed from contract and tort claims, court dismissed the unjust enrichment claim). Even though he cannot recover for breach of contract and unjust enrichment under that contract, he can allege both claims in the alternative until a breach of contract claim is found, Kapsis, supra, 923 F.Supp.2d at 454.

The parties dispute whether the Policy applies to Plaintiff's stolen EOS cryptocurrency. At this pleading stage, Plaintiff alleged the existence of the contract, and it remains in dispute to allow alternative pleading of unjust enrichment.

The next issue is whether Plaintiff in fact has alleged an unjust enrichment claim under New York law. Plaintiff alleges that Defendant's enrichment was from Dr. Atwal paying premiums for coverage that Defendant later denied (Docket No. 1, Ex. A, Compl. ¶ 15). Equity and good conscience, however, permits Defendant to retain the premium while not covering Plaintiff's EOS losses. Plaintiff's lack of coverage resulting in unjust enrichment duplicates the breach of contract claim, Dama v. Prudential Ins. Co. of Am., No. 18-cv-3104, 2018 WL 670614, at *6 (E.D.N.Y. Dec. 20, 2018); see Spinnato, supra, 322 F.Supp.3d at 404 (unjust enrichment claim found to duplicate other claims, dismissing the unjust enrichment claim).

This is not the “unusual” circumstance for an unjust enrichment claim, see Spinnato, supra, 322 F.Supp.3d at 404; Corsello, supra, 18 N.Y.3d at 790, 944 N.Y.S.2d at 740. Every insurance coverage dispute would have alternative breach of contract and unjust enrichment claims for the insurer collecting premium but failing to provide coverage, see Katz v. American Mayflower Life Ins. Co. of N.Y., 14 A.D.3d 195, 198, 202, 788 N.Y.S.2d 15, 17, 19-20 (1st Dep't 2004) (plaintiff alleged existence valid, enforceable contract addressing coverage, unjust enrichment claim cannot survive). Since the matter of coverage is governed by the Policy, there is no unjust enrichment, Goldman, supra, 5 N.Y.3d at 587-88, 807 N.Y.S.2d at 587-88; see Clark-Fitzpatrick, supra, 70 N.Y.2d at 388, 521 N.Y.S.2d 653, 656 (“[t]he existence of a valid and enforceable written contract governing a particular subject matter ordinarily precludes recovery in quasi contract for events arising out of the same subject matter”). Absent alleged unusual circumstances, Plaintiff lacks a basis to allege the unjust enrichment claim (even in the alternative).

Defendant's Motion to Dismiss (Docket No. 6) the Fourth Cause of Action is granted.

IV. Conclusion

Plaintiff states a breach of contract occurred when Defendant failed to cover the theft of Plaintiff's personal information (the key credentials for his cryptocurrency account). Thus, Defendant's Motion to Dismiss (Docket No. 6) the First and Second Causes of Action is denied (at least in part).

Since he alleged a breach of contract, Plaintiff cannot allege in the alternative quasi contract claims of breach of the duty of good faith or unjust enrichment. The Complaint fails to allege a distinct claim for breach of the duty of good faith apart from the Policy. Defendant's Motion (id.) to Dismiss the Third Cause of Action is granted.

As for the Fourth Cause of Action for unjust enrichment, while Plaintiff may alternatively allege that claim, he has not alleged unusual circumstances to state a distinct claim for unjust enrichment. Defendant's Motion to Dismiss (id.) that claim is granted.

With portions of First and Second Causes of Action surviving, Plaintiff is ordered to file an Amended Complaint stating these claims absent the allegations rejected in this Decision and Order. Plaintiff shall file and serve this Amended Complaint twenty-one (21) days from entry of this Order. Defendant then shall answer or move within fourteen (14) days of service of the Amended Complaint. After this pleading, this case will be referred to a Magistrate Judge for further pretrial proceedings.

V. Orders

IT HEREBY IS ORDERED, that Defendant NortonLifeLock, Inc.'s, Motion to Dismiss (Docket No. 6) is GRANTED IN PART and DENIED IN PART.

Plaintiff shall file an Amended Complaint stating the surviving claims (as identified in this Decision and Order) within twenty-one (21) days of entry of this Decision and Order. Defendant then shall answer or move to dismiss the amended pleading within fourteen (14) days of service of the amended pleading.

SO ORDERED.


Summaries of

Atwal v. NortonLifeLock, Inc.

United States District Court, Western District of New York
Feb 3, 2022
No. 20-CV-449S (W.D.N.Y. Feb. 3, 2022)
Case details for

Atwal v. NortonLifeLock, Inc.

Case Details

Full title:EPHRAIM ATWAL, M.D., Plaintiff, v. NORTONLIFELOCK, INC., Defendant.

Court:United States District Court, Western District of New York

Date published: Feb 3, 2022

Citations

No. 20-CV-449S (W.D.N.Y. Feb. 3, 2022)