No damage under Computer Fraud and Abuse Act for merely copying customer list

Sam’s Wines & Liquors, Inc. v. Hartig, 2008 WL 4394962 (N.D.Ill. September 24, 2008)

Hartig worked for Sam’s Wines & Liquors and had access to a password-protected customer list. Hartig left Sam’s in June 2005 and went to work for Plinio Group. Some two and a half years after leaving Sam’s, Hartig sent an email to customers appearing on Sam’s list, soliciting business for Plinio.

Sam’s claimed that Hartig used his password to access and copy the customer list prior to the time he resigned. So Sam’s sued Hartig for a number of things, including violation of the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. 1030 et seq. Hartig moved to dismiss the CFAA claim under Rule 12(b)(6) for failure to state a claim upon which relief can be granted. The court granted the motion.

Hartig put forth three arguments why the CFAA claim should be thrown out. First, he argued that Sam’s had not and could not adequately allege that Hartig accessed a protected computer without authorization, or that he exceeded his authorized access. Second, he argued that Sam’s had not and could not allege that it suffered “damage” under the CFAA from Hartig’s conduct. Finally, he argued that Sam’s had not and could not allege that it suffered “loss” under the CFAA from Hartig’s conduct.

The court held that Sam’s adequately pled unauthorized access to a protected computer (applying the agency principles Judge Posner set forth in Intl. Airport Centers v. Citrin, 440 F.3d 418 (7th Cir. 2006)). It also held that the expenses Sam’s incurred in responding to Hartig’s alleged conduct were properly pled as “loss” under the CFAA. But the claim failed on the damage element: merely accessing the information and allegedly using it while working for a competitor was not “impairment to the integrity or availability of data, a program, a system, or information.”

See Garelli Wong & Assoc., Inc. v. Nichols, 551 F.Supp.2d 704 (N.D.Ill. 2008) for a similar analysis.

Scroll to top