IN THE COURT OF APPEALS OF TENNESSEE AT KNOXVILLE April 16, 2013 Session
COPPER BASIN FEDERAL CREDIT UNION ET AL. v. FISERV SOLUTIONS, INC., d/b/a INTEGRASYS
Appeal from the Chancery Court for Polk County No. 2011-CV-26 Jerri S. Bryant, Chancellor
No. E2012-02145-COA-R3-CV - Filed July 3, 2013
This action sounding in negligence and breach of contract was dismissed by the trial court pursuant to Rule 12 of the Tennessee Rules of Civil Procedure. Plaintiffs alleged in their complaint that Defendant negligently performed professional services concerning the provision and maintenance of web defense software and that Defendant breached its contractual duty to protect the computer system of Copper Basin Federal Credit Union from computer incursion. For the reasons stated herein, we hold that the complaint alleges sufficient facts to allow the case to proceed, and, therefore, dismissal was in error. The decision below is reversed, and the case is remanded for further proceedings.
Tenn. R. App. P. 3 Appeal as of Right; Judgment of the Chancery Court Vacated; Case Remanded
T HOMAS R. F RIERSON, II, J., delivered the opinion of the Court, in which D. M ICHAEL S WINEY and J OHN W. M CC LARTY, JJ., joined.
James R. McKoon and John R. Hegeman, Chattanooga, Tennessee, for the appellants, Copper Basin Federal Credit Union and Cumis Insurance Society, Inc.
John A. Lucas, Knoxville, Tennessee, for the appellee, Fiserv Solutions, Inc., d/b/a Integrasys.
OPINION
I. Factual and Procedural Background
Plaintiffs, Copper Basin Federal Credit Union (“CBFCU”) and Cumis Insurance Society, Inc. (“Cumis”), filed a complaint asserting tort and breach of contract claims against Defendant, Fiserv Solutions, Inc., d/b/a Integrasys (“Fiserv”).1 CBFCU is a Tennessee credit union servicing individuals in Polk County. Cumis is a Wisconsin-based mutual insurance company that issued a credit union bond to CBFCU to provide coverage in the event of a computer attack on CBFCU’s systems. Fiserv, also a Wisconsin-based corporation, provides professional computer services. CBFCU stated in the complaint, inter alia, that it utilized Fiserv as its “sole technical support and web defense firm since at least 1985.” CBFCU also utilized Fiserv’s data processing services to access the National ACH Banking System.
Several facts relevant to the issues presented on appeal have been alleged by Plaintiffs in their complaint. In 2007, CBFCU entered into a renewal contract (also known as the Master Agreement) with Fiserv for the provision of data processing services. CBFCU has specifically asserted that the technical support and web defense services Fiserv agreed to provide predated this contract and were separate and apart from it. As part of the technical support and web defense services it provided to CBFCU, Fiserv required CBFCU to purchase Trend Micro Antivirus Firewall and Protection software. Although CBFCU purchased this software, Fiserv maintained exclusive access to it, providing CBFCU no passwords to and no control over same. When the Trend subscription was renewed in May 2009, CBFCU timely paid the renewal fee and informed Fiserv that it had done so.
According to the complaint, in early July 2009, CBFCU employees contacted Fiserv and complained that they were observing an unusual number of “pop-up” advertisements on their computers. Fiserv accessed CBFCU’s computers remotely twice in an attempt to remedy this problem. It then reported to CBFCU that the problem had been corrected. On July 14-15, 2009, the CBFCU system was infiltrated by unauthorized computer hackers, who introduced software to the CBFCU system that allowed the hackers to change user names and passwords in order to originate a series of transfers from CBFCU’s account with Volunteer Corporate (“VolCorp”) into a large number of privately-owned accounts distributed in banks across the United States. CBFCU discovered the funds had been stolen from its VolCorp account on July 15, 2009. CBFCU employees immediately contacted VolCorp and attempted to retrieve the illegally transferred funds. CBFCU and VolCorp successfully reclaimed some of the transferred funds but were unable to recover additional funds in the total amount of $544,789.41.
As Plaintiffs further allege, CBFCU also contacted Fiserv to inform Fiserv that the system had been compromised. Because there were no Fiserv personnel on site, a CBFCU employee attempted to access the Trend Micro Antivirus Protection System. Following a
1 Because Fiserv did not file an answer before the case was dismissed, the allegations of the complaint remain undisputed at this point.
-2- few attempts at guessing the password, she was successful in gaining access to the system. Once access was accomplished, she discovered that the software had never been activated by Fiserv. When the CBFCU employee clicked the respective icon to activate the software, it immediately engaged, updated its virus definitions (which were more than 60 days old), and began protecting the CBFCU computer system.
CBFCU and Cumis filed the instant lawsuit against Fiserv on July 12, 2011, alleging claims of negligence, gross negligence, and breach of contract. Plaintiffs assert, inter alia, that the web defense and tech support services provided by Fiserv were separate services, which were not governed by the Master Agreement entered into in 2007. Therefore, Plaintiffs’ breach of contract claims were not based upon the 2007 contract, but on an earlier and separate contract, apparently oral, as no other written contract was produced. Plaintiffs alleged that Fiserv owed a duty of professional competency in providing the web defense and technical support services, but that Fiserv breached that duty by failing to activate the software and failing to protect CBFCU’s computer system. Plaintiffs sought compensatory and punitive damages. Plaintiffs claimed, in the alternative, that the terms of the Master Agreement were not negotiated and were unconscionable.
The Master Agreement, appended to the complaint, describes three types of services: “Account Processing Services,” “Virtual Branch ® Services,” and “ConfirmIT™.” The Master Agreement does not specifically reference web defense or technical support services.
Fiserv filed a motion to dismiss pursuant to Tennessee Rule of Civil Procedure 12.02(6), contending that the Master Agreement was the controlling agreement between CBFCU and Fiserv. Fiserv asserted that the Master Agreement contained (1) a contractual limitation period, requiring that all claims be filed within two years; (2) a choice-of-law provision, which stated that New York law would apply; and (3) a provision stating that Fiserv would not be held liable for “consequential or tort damages arising out of or relating to this agreement, regardless of whether such claim arises in tort or contract.” Fiserv also argued that Plaintiffs’ tort claims were barred by the economic loss rule and that Plaintiffs had failed to allege sufficient facts to support their claim of gross negligence or request for punitive damages.
The trial court heard the motion to dismiss on November 30, 2011. The court subsequently entered an order on February 27, 2012, which stated as follows:
This cause came to be heard on the 30th day of November, 2011 on Defendant’s Motion to Dismiss. Defendant moved to dismiss this case under TRCP 12.02(6) based on two grounds:
-3- 1. The parties had a contractual statute of limitations of two years after the cause of action or claim accrued.
2. Defendant claims that by contract, the parties waived consequential and tort damages arising out of any breach of contract.
Arguing that New York law applies, Defendant quotes Paragraph 10C of the Master Contract which states that arbitrators are to use New York’s substantive law.
Free access — add to your briefcase to read the full text and ask questions with AI
IN THE COURT OF APPEALS OF TENNESSEE AT KNOXVILLE April 16, 2013 Session
COPPER BASIN FEDERAL CREDIT UNION ET AL. v. FISERV SOLUTIONS, INC., d/b/a INTEGRASYS
Appeal from the Chancery Court for Polk County No. 2011-CV-26 Jerri S. Bryant, Chancellor
No. E2012-02145-COA-R3-CV - Filed July 3, 2013
This action sounding in negligence and breach of contract was dismissed by the trial court pursuant to Rule 12 of the Tennessee Rules of Civil Procedure. Plaintiffs alleged in their complaint that Defendant negligently performed professional services concerning the provision and maintenance of web defense software and that Defendant breached its contractual duty to protect the computer system of Copper Basin Federal Credit Union from computer incursion. For the reasons stated herein, we hold that the complaint alleges sufficient facts to allow the case to proceed, and, therefore, dismissal was in error. The decision below is reversed, and the case is remanded for further proceedings.
Tenn. R. App. P. 3 Appeal as of Right; Judgment of the Chancery Court Vacated; Case Remanded
T HOMAS R. F RIERSON, II, J., delivered the opinion of the Court, in which D. M ICHAEL S WINEY and J OHN W. M CC LARTY, JJ., joined.
James R. McKoon and John R. Hegeman, Chattanooga, Tennessee, for the appellants, Copper Basin Federal Credit Union and Cumis Insurance Society, Inc.
John A. Lucas, Knoxville, Tennessee, for the appellee, Fiserv Solutions, Inc., d/b/a Integrasys.
OPINION
I. Factual and Procedural Background
Plaintiffs, Copper Basin Federal Credit Union (“CBFCU”) and Cumis Insurance Society, Inc. (“Cumis”), filed a complaint asserting tort and breach of contract claims against Defendant, Fiserv Solutions, Inc., d/b/a Integrasys (“Fiserv”).1 CBFCU is a Tennessee credit union servicing individuals in Polk County. Cumis is a Wisconsin-based mutual insurance company that issued a credit union bond to CBFCU to provide coverage in the event of a computer attack on CBFCU’s systems. Fiserv, also a Wisconsin-based corporation, provides professional computer services. CBFCU stated in the complaint, inter alia, that it utilized Fiserv as its “sole technical support and web defense firm since at least 1985.” CBFCU also utilized Fiserv’s data processing services to access the National ACH Banking System.
Several facts relevant to the issues presented on appeal have been alleged by Plaintiffs in their complaint. In 2007, CBFCU entered into a renewal contract (also known as the Master Agreement) with Fiserv for the provision of data processing services. CBFCU has specifically asserted that the technical support and web defense services Fiserv agreed to provide predated this contract and were separate and apart from it. As part of the technical support and web defense services it provided to CBFCU, Fiserv required CBFCU to purchase Trend Micro Antivirus Firewall and Protection software. Although CBFCU purchased this software, Fiserv maintained exclusive access to it, providing CBFCU no passwords to and no control over same. When the Trend subscription was renewed in May 2009, CBFCU timely paid the renewal fee and informed Fiserv that it had done so.
According to the complaint, in early July 2009, CBFCU employees contacted Fiserv and complained that they were observing an unusual number of “pop-up” advertisements on their computers. Fiserv accessed CBFCU’s computers remotely twice in an attempt to remedy this problem. It then reported to CBFCU that the problem had been corrected. On July 14-15, 2009, the CBFCU system was infiltrated by unauthorized computer hackers, who introduced software to the CBFCU system that allowed the hackers to change user names and passwords in order to originate a series of transfers from CBFCU’s account with Volunteer Corporate (“VolCorp”) into a large number of privately-owned accounts distributed in banks across the United States. CBFCU discovered the funds had been stolen from its VolCorp account on July 15, 2009. CBFCU employees immediately contacted VolCorp and attempted to retrieve the illegally transferred funds. CBFCU and VolCorp successfully reclaimed some of the transferred funds but were unable to recover additional funds in the total amount of $544,789.41.
As Plaintiffs further allege, CBFCU also contacted Fiserv to inform Fiserv that the system had been compromised. Because there were no Fiserv personnel on site, a CBFCU employee attempted to access the Trend Micro Antivirus Protection System. Following a
1 Because Fiserv did not file an answer before the case was dismissed, the allegations of the complaint remain undisputed at this point.
-2- few attempts at guessing the password, she was successful in gaining access to the system. Once access was accomplished, she discovered that the software had never been activated by Fiserv. When the CBFCU employee clicked the respective icon to activate the software, it immediately engaged, updated its virus definitions (which were more than 60 days old), and began protecting the CBFCU computer system.
CBFCU and Cumis filed the instant lawsuit against Fiserv on July 12, 2011, alleging claims of negligence, gross negligence, and breach of contract. Plaintiffs assert, inter alia, that the web defense and tech support services provided by Fiserv were separate services, which were not governed by the Master Agreement entered into in 2007. Therefore, Plaintiffs’ breach of contract claims were not based upon the 2007 contract, but on an earlier and separate contract, apparently oral, as no other written contract was produced. Plaintiffs alleged that Fiserv owed a duty of professional competency in providing the web defense and technical support services, but that Fiserv breached that duty by failing to activate the software and failing to protect CBFCU’s computer system. Plaintiffs sought compensatory and punitive damages. Plaintiffs claimed, in the alternative, that the terms of the Master Agreement were not negotiated and were unconscionable.
The Master Agreement, appended to the complaint, describes three types of services: “Account Processing Services,” “Virtual Branch ® Services,” and “ConfirmIT™.” The Master Agreement does not specifically reference web defense or technical support services.
Fiserv filed a motion to dismiss pursuant to Tennessee Rule of Civil Procedure 12.02(6), contending that the Master Agreement was the controlling agreement between CBFCU and Fiserv. Fiserv asserted that the Master Agreement contained (1) a contractual limitation period, requiring that all claims be filed within two years; (2) a choice-of-law provision, which stated that New York law would apply; and (3) a provision stating that Fiserv would not be held liable for “consequential or tort damages arising out of or relating to this agreement, regardless of whether such claim arises in tort or contract.” Fiserv also argued that Plaintiffs’ tort claims were barred by the economic loss rule and that Plaintiffs had failed to allege sufficient facts to support their claim of gross negligence or request for punitive damages.
The trial court heard the motion to dismiss on November 30, 2011. The court subsequently entered an order on February 27, 2012, which stated as follows:
This cause came to be heard on the 30th day of November, 2011 on Defendant’s Motion to Dismiss. Defendant moved to dismiss this case under TRCP 12.02(6) based on two grounds:
-3- 1. The parties had a contractual statute of limitations of two years after the cause of action or claim accrued.
2. Defendant claims that by contract, the parties waived consequential and tort damages arising out of any breach of contract.
Arguing that New York law applies, Defendant quotes Paragraph 10C of the Master Contract which states that arbitrators are to use New York’s substantive law. There does not appear to be a like provision for the court and therefore the court will look at the circumstances alleged in the Complaint and Motion to decide where and when the cause of action accrued. The court in using Tennessee law finds that the breach of contract cause of action accrued at the time the loss was sustained by Plaintiffs and therefore overrules the Motion to Dismiss on that basis.
With regard to Defendant’s second prong of its Motion to Dismiss, the court finds that the damages complained of by the Plaintiffs are direct rather than consequential damages and have been adequately [pled] at this point to survive the Motion to Dismiss. However, all actions sounding in tort are dismissed.
(Emphasis in original.)
Fiserv thereafter filed a motion pursuant to Tennessee Rule of Civil Procedure 60.01, asserting that there was a typographical error contained in its motion to dismiss, such that the trial court was not properly advised that paragraph 13(d) of the Master Agreement provided that New York law would govern the entire agreement. As a second motion hearing was held on August 14, 2012, the trial court entered an order stating as follows:
This matter came on for hearing on August 14, 2012, on the Motion by Fiserv Solutions, Inc., d/b/a Integrasys (“Fiserv”) pursuant to Rule 60.01, Tenn. R. Civ. P., to correct a mistake or error in the Court’s Order entered on February 23, 2012. Upon consideration of that Motion, in that the court was cited to and relied upon an incorrect or incomplete review of the contract, the court is of the opinion that the Motion should be and hereby is GRANTED. Accordingly, the Court finds and holds that the
-4- alleged contract between the parties is governed by New York law. While Tennessee seems to have significant contacts with the transaction, New York law was chosen for consistency in Defendant’s multistate operation. Pursuant to New York law, a cause of action accrues at the time of the alleged breach, irrespective of when damages begin to accrue. See Welwart v. Dataware Elecs. Corp., 277 A.D.2d 372 (N.Y. App. Div. 2000). Plaintiff’s cause of action for breach of contract therefore accrued under New York law in May 2009. Because Plaintiffs’ Complaint was not filed until July 12, 2011, Plaintiffs’ claim for breach of contract is barred by the two-year limitation provision in paragraph 8 of the Master Agreement between the parties that is attached as Exhibit A to Plaintiffs’ Complaint. Accordingly, the Court’s February 23, 2012 Order is hereby modified to provide that Fiserv’s Motion to Dismiss is GRANTED. Plaintiffs’ Complaint is therefore DISMISSED, with prejudice. Fiserv’s Motion for an extension of time in which to file its answer to the Complaint is DENIED as moot.
Plaintiffs timely appealed.
II. Issues Presented
The parties present four issues for review, which we have restated as follows:
1. Whether the Master Agreement dated December 1, 2007, is controlling regarding Plaintiffs’ claims in this case.
2. Whether the economic loss rule bars the Plaintiffs’ claims sounding in tort.
3. Whether the facts pled by Plaintiffs are sufficient to support a cause of action for gross negligence.
4. Whether the facts pled by Plaintiffs are sufficient to support a claim for punitive damages.
III. Standard of Review
The trial court dismissed Plaintiffs’ claims pursuant to Tennessee Rule of Civil
-5- Procedure 12.02. It is well settled that a motion to dismiss pursuant to Rule 12.02
tests only the legal sufficiency of the complaint, not the strength of a plaintiff’s proof. Such a motion admits the truth of all relevant and material averments contained in the complaint, but asserts that such facts do not constitute a cause of action. In considering a motion to dismiss, courts should construe the complaint liberally in favor of the plaintiff, taking all allegations of fact as true, and deny the motion unless it appears that the plaintiff can prove no set of facts in support of her claim that would entitle her to relief. In considering this appeal from the trial court’s grant of the defendant’s motion to dismiss, we take all allegations of fact in the plaintiff’s complaint as true, and review the lower courts’ legal conclusions de novo with no presumption of correctness.
Stein v. Davidson Hotel Co., 945 S.W.2d 714, 716 (Tenn. 1997) (internal citations omitted).
IV. Application of Master Agreement
The trial court dismissed Plaintiffs’ claims based solely on provisions contained in the Master Agreement executed by the parties in 2007, thereby finding that the Master Agreement was controlling in this situation. Plaintiffs argue, however, that the Master Agreement does not control, because (1) the web defense and technical support duties were governed by a previous separate and distinct contract, and (2) this separate contract was in existence at the time the Master Agreement was executed and was therefore unaffected by its terms. Utilizing the proper standard of review applicable to the grant of a motion to dismiss, we agree with Plaintiffs’ assertions.
This Court must take all allegations of fact in the Plaintiffs’ complaint as true and review the trial court’s legal conclusions de novo with no presumption of correctness. See Stein, 945 S.W.2d at 716. In their complaint, Plaintiffs alleged that CBFCU had a contract with and relied upon Fiserv or its predecessors to provide web defense and technical support services since at least 1985. Plaintiffs propound that CBFCU entered into the Master Agreement in 2007 for the provision of data processing services, but assert that the web defense and technical support services were not a part of this agreement and were “separate and apart” from it. Plaintiffs allege that Fiserv owed a duty of professional competency to CBFCU in providing the separate services of web defense and technical support that “were not governed by the Master Agreement.” According to the complaint, Fiserv grossly breached its duty, causing Plaintiffs to incur a loss of $544,789.41. Plaintiffs also claim that Fiserv breached its contract with CBFCU to provide professional web defense and technical support services.
-6- Taking all of these allegations as true, as this Court must, we conclude that the trial court erred in granting Fiserv’s motion to dismiss. Plaintiffs alleged that there was a separate contract governing Fiserv’s provision of web defense and technical support services, and that this contract predated the 2007 Master Agreement. Plaintiffs alleged that the web defense and technical support services provided by Fiserv were not governed by the Master Agreement, as it only covered Fiserv’s provision of data processing services. A review of the Master Agreement does not disprove this assertion.2 Therefore, the trial court erred in relying on the provisions of the Master Agreement in dismissing Plaintiffs’ tort and breach of contract claims against Fiserv. The trial court failed to accept Plaintiffs’ allegations in the complaint as true, as it must when ruling on a motion to dismiss made pursuant to Tennessee Rule of Civil Procedure 12.02.
V. Economic Loss Rule
Fiserv posits that even if the Master Agreement does not control, Plaintiffs’ tort claims were properly dismissed because they violate the Economic Loss Rule. Regarding this doctrine, our Supreme Court has explained:
The economic loss doctrine is implicated in products liability cases when a defective product damages itself without causing personal injury or damage to other property. In this context, “economic loss” is defined generally as “the diminution in the value of the product because it is inferior in quality and does not work for the general purposes for which it was manufactured and sold.”
Lincoln Gen. Ins. Co. v. Detroit Diesel Corp., 293 S.W.3d 487, 489 (Tenn. 2009) (internal citations omitted). This Court has further explained application of the doctrine as follows:
The economic loss rule is a judicially created principle that requires parties to live by their contracts rather than to pursue tort actions for purely economic losses arising out of the contract. The rule comes into play when the purchaser of a product sustains economic loss without personal injury or damage to property other than the product itself. In that circumstance, the purchaser must seek a remedy in contract, not in tort. Ritter v. Custom Chemicides, Inc., 912 S.W.2d 128, 133 (Tenn. 1995); Trinity Indus., Inc. v. McKinnon Bridge Co., 77 S.W.3d 159, 171 (Tenn. Ct. App. 2001).
2 It would be improper for this Court to engage in an in-depth review of Fiserv’s arguments regarding the provisions contained within the Master Agreement at this juncture, because Plaintiffs have alleged that it is not the controlling contract, and we must view Plaintiffs’ allegations as true.
-7- McLean v. Bourget’s Bike Works, Inc., M2003-01944-COA-R3-CV, 2005 WL 2493479 at *5 (Tenn. Ct. App. Oct. 7, 2005).
As this language demonstrates, the Economic Loss Rule has been applied predominantly3 in the context of products liability cases involving the sale of a defective product, wherein the product causes injury only to itself. See Lincoln, 293 S.W.3d at 489. This rule would appear to have no applicability to the case at bar inasmuch as (a) the software product was recommended but not sold by Fiserv; (b) the software product was not alleged to be defective; rather, Fiserv allegedly failed to activate it; and (c) the injury alleged was not merely to the product itself. This Court cannot fully analyze this issue even though it was raised at the trial court level, as the trial court never considered nor ruled upon it. See Dorrier v. Dark, 537 S.W.2d 888, 890 (Tenn. 1976) (“This is a court of appeals and errors, and we are limited in authority to the adjudication of issues that are presented and decided in the trial courts . . . .”); see also Heatherly v. Merrimack Mut. Fire Ins. Co., 43 S.W.3d 911, 916 (Tenn. Ct. App. 2000) (“As a general matter, appellate courts will decline to consider issues . . . that were not raised and considered in the trial court.”); Hayes v. Gentry, 03A01-9303-CH-00120, 1993 WL 191999 at *2 (Tenn. Ct. App. June 8, 1993) (“[S]ince this issue was not adjudicated in the trial court, we cannot consider it on appeal.”). This issue is more properly addressed to the trial court upon remand.
VI. Sufficient Facts - Gross Negligence and Punitive Damages
Fiserv also argues that Plaintiffs’ complaint fails to allege facts sufficient to support a claim for gross negligence or punitive damages. Again, these issues were not considered or ruled upon by the trial court, although they were raised in Fiserv’s motion to dismiss. As stated above, this Court should only address those issues on appeal that were actually decided by the trial court in the first instance. These issues should also be addressed by the trial court on remand.
VII. Conclusion
The trial court’s order dismissing Plaintiffs’ claims against Fiserv is vacated, and the case is remanded for further action consistent with this opinion. Costs on appeal are assessed to the Appellee, Fiserv Solutions, Inc., d/b/a Integrasys.
3 The economic loss rule has also been applied in construction lawsuits, which are equally distinguishable from the case at bar. See, e.g., John Martin Co., Inc. v. Morse/Diesel, Inc., 819 S.W.2d 428, 430 (Tenn. 1991).
-8- _________________________________ THOMAS R. FRIERSON, II, JUDGE
-9-