Dougherty v. Bojangles Rests., Inc.

CourtNorth Carolina Business Court
DecidedJune 29, 2026
Docket25-CVS-46572
StatusPublished
AuthorJulianna Theall Earp

This text of Dougherty v. Bojangles Rests., Inc. (Dougherty v. Bojangles Rests., Inc.) is published on Counsel Stack Legal Research, covering North Carolina Business Court primary law. Counsel Stack provides free access to over 12 million legal documents including statutes, case law, regulations, and constitutions.

Bluebook
Dougherty v. Bojangles Rests., Inc., (N.C. Super. Ct. 2026).

Opinion

Dougherty v. Bojangles Rests., Inc., 2026 NCBC 60.

STATE OF NORTH CAROLINA IN THE GENERAL COURT OF JUSTICE SUPERIOR COURT DIVISION WAKE COUNTY 25CV046572-910 ALEXIS DOUGHERTY; DENNIS CALABRESE; LILY NICOLE PORTEE; JESSIE RUIZ- JACOBS; PETER BUNGERT; CHRISTIE STARNES; KASSANDRA BLANKENSHIP; JAMES HIGGINS; and LEONARDO YON, on behalf of ORDER AND OPINION themselves and others similarly situated, ON DEFENDANT’S MOTION TO DISMISS Plaintiffs,

v.

BOJANGLES RESTAURANTS, INC.,

Bojangles.

1. This action arises from a data breach that occurred between 19 February

and 12 March 2024 at Bojangles Restaurants, Inc. (Bojangles). The data breach

allegedly included the personal identifying information and protected health

information (PII/PHI) of current and former Bojangles employees, including

information belonging to Plaintiffs. The case is before the Court on Defendant’s

Motion to Dismiss Plaintiffs’ Class Action Complaint (the Motion), (ECF No. 11).

2. The Court, having considered the Motion, the related briefing, other

relevant matters of record, and the arguments of counsel at a hearing on the Motion

held 3 June 2026, concludes for the reasons stated below that the Motion should be

GRANTED in part and DENIED in part.

Bryson Harris Suciu & DeMay, PLLC, by Scott C. Harris, for Plaintiffs Alexis Dougherty, Dennis Calabrese, Jessie Ruiz-Jacobs, Peter Bungert, Christie Starnes, Kassandra Blankenship, and James Higgins. Bryson Harris Suciu & DeMay, PLLC, by Scott C. Harris, and Milberg Coleman Bryson Phillips Grossman, PLLC, by David K. Lietz, and Strauss Borrelli PLLC, by Sarah Soleiman, for Plaintiff Lily Nicole Portee.

Bryson Harris Suciu & DeMay, PLLC, by Scott C. Harris, and Stranch, Jennings, & Garvey, PLLC, by Robert Bruce Grayson Kent Wells, for Plaintiff Leonardo Yon.

Robinson, Bradshaw & Hinson P.A., by Charles E. Johnson and Caroline Reinwald and Mullen Coughlin LLC, by Richard M. Haggerty and Kayleigh Watson, for Defendant Bojangles Restaurants, Inc.

Earp, Judge.

I. FACTUAL BACKGROUND

3. The Court does not make findings of fact when deciding a motion to dismiss

pursuant to Rule 12(b)(6) of the North Carolina Rules of Civil Procedure. It recites

below factual allegations from the complaint that are relevant to its determination of

the Motion. See, e.g., White v. White, 296 N.C. 661, 667 (1979) (the purpose of “a

motion to dismiss is to test the law of a claim, not the facts which support it” (citation

omitted)).

4. Bojangles is a fast-food chain incorporated in Delaware that maintains a

principal place of business in North Carolina. It has approximately 800 locations

across 17 states. (Compl. ¶¶ 2, 18, 20, ECF No. 3.)

5. Plaintiffs Alexis Dougherty (Dougherty), Dennis Calabrese (Calabrese),

Jessie Ruiz-Jacobs (Ruiz-Jacobs), Christie Starnes (Starnes), James Higgins

(Higgins), and Leonardo Yon (Yon) are citizens of North Carolina. (Compl. ¶¶ 9–10,

12, 14, 16–17.) Plaintiff Lily Nicole Portee (Portee) is a citizen of South Carolina. (Compl. ¶ 11.) Plaintiff Peter Bungert (Bungert) is a citizen of Texas. (Compl. ¶ 13.)

Plaintiff Kassandra Blankenship (Blankenship) is a citizen of Tennessee. (Compl. ¶

15.)

6. Plaintiffs are all former employees of Bojangles. (Compl. ¶¶ 45, 63, 75, 93,

107, 116, 134, 154, 160.)

7. As a condition of their employment, Bojangles required Plaintiffs to provide

their PII/PHI, which Bojangles used for payroll and other employment-related

purposes. (Compl. ¶¶ 48, 64, 78, 94, 119, 137, 154.)

8. Bojangles’ privacy policy states: “Bojangles has security policies and

practices in place designed to protect your Personal Information against

unauthorized access or disclosure, theft, misuse, and loss.” It promises that Bojangles

will “make commercially reasonable efforts for secure handling of this information[.]”

(Compl. ¶ 26.)

9. Plaintiffs allege that Bojangles agreed to safeguard their data in accordance

with its internal policies, state law, and federal law. (Compl. ¶ 24.) Plaintiffs

Dougherty, Calabrese, Portee, Ruiz-Jacobs, Starnes, and Blankenship specifically

allege that they provided their personal information to Bojangles trusting that the

company would use reasonable measures to protect it according to Bojangles’ internal

policies, as well as state and federal law. (Compl. ¶¶ 49, 71, 79, 101, 120, 138.)

Plaintiffs Calabrese and Ruiz-Jacobs state that they would not have provided their

PII to Bojangles had they known that Bojangles “would not utilize standard measures

to reasonably secure” it. (Compl. ¶¶ 68, 98.) 10. Plaintiffs allege that they “reasonably understood that a portion of the

funds derived from their labor would be used to pay for adequate cybersecurity

measures.” (Compl. ¶¶ 50, 80, 121, 139, 249.)

11. From 19 February 2024 to 12 March 2024, the security of Bojangles’

computer systems was breached (the Data Breach). (Compl. ¶ 27.)

12. Plaintiffs contend that over one hundred current or former employees’

names, addresses, Social Security numbers, driver’s license numbers, government-

issued ID numbers, passport numbers, state ID numbers, financial information,

financial account numbers, credit card numbers, debit card numbers, health

insurance information, and medical information were compromised in the Data

Breach. (Compl. ¶¶ 29–30.)

13. Plaintiffs allege that the Data Breach appears to have been the work of

Hunters International (Hunters), an “infamous Russian Ransomware-as-a-Service”

entity. (Compl. ¶¶ 38–39.) On 15 March 2024, Bojangles was listed on Hunters’

dedicated “leak site” on the dark web. (Compl. ¶ 40.) Hunters posted that it had

exfiltrated 294.8 GB of data from Bojangles. (Compl. ¶ 41.) Plaintiffs allege that the

data included their PII/ PHI. (Compl. ¶¶ 42, 52, 82, 109, 123, 141, 153, 163.)

14. Plaintiffs allege that Hunters’ modus operandi includes giving its affiliates

access to its storage server containing stolen files, which can then be downloaded and

stored by the affiliate. Because the stolen data is often stored on the affiliate’s

infrastructure and there are hundreds of affiliates who contract with Hunters, it is

often difficult to track stolen data and to prove whether it has been deleted. (Compl. ¶ 39.) Consequently, Plaintiffs claim that the Data Breach made Plaintiffs’ and the

purported class members’ PII/PHI “available for other cybercriminals to download

and use at their discretion.” (Compl. ¶ 4.)

15. Plaintiffs also complain that Bojangles “kept [them] in the dark” until 19

November 2024, when it began notifying them of the Data Breach. (Compl. ¶¶ 31–

32, 51, 65, 81, 95, 108, 122, 140, 152, 160.)

16. In the Notice Bojangles sent Plaintiffs, it recognized that Plaintiffs were at

a “present, continuing, and significant risk” of identity theft and recommended that

Plaintiffs “remain vigilant against incidents of identity theft by reviewing account

statements and credit reports for unusual activity and to detect errors.” (Compl.

¶ 33a.) Bojangles recommended that “[c]onsumers . . . further educate themselves

regarding identity theft, fraud alerts, credit freezes, and the steps consumers can take

to protect personal information by contacting the consumer reporting bureaus, the

Federal Trade Commission [FTC], or their state attorney general.” (Compl. ¶ 33c.)

17. Plaintiffs allege that Bojangles was negligent as evidenced by its failure to

Free access — add to your briefcase to read the full text and ask questions with AI

Related

Poor v. Hill
530 S.E.2d 838 (Court of Appeals of North Carolina, 2000)
White v. White
252 S.E.2d 698 (Supreme Court of North Carolina, 1979)
Hall v. Post
372 S.E.2d 711 (Supreme Court of North Carolina, 1988)
Hall v. Rose Post
355 S.E.2d 819 (Court of Appeals of North Carolina, 1987)
Good Hope Hospital, Inc. v. North Carolina Department of Health & Human Services
620 S.E.2d 873 (Court of Appeals of North Carolina, 2005)
Atlantic Coast Line Railroad v. State Highway Commission
150 S.E.2d 70 (Supreme Court of North Carolina, 1966)
Sutton v. Duke
176 S.E.2d 161 (Supreme Court of North Carolina, 1970)
Broughton v. McClatchy Newspapers, Inc.
588 S.E.2d 20 (Court of Appeals of North Carolina, 2003)
Snyder v. Freeman
266 S.E.2d 593 (Supreme Court of North Carolina, 1980)
Acosta v. Byrum
638 S.E.2d 246 (Court of Appeals of North Carolina, 2006)
Johnson v. Colonial Life & Accident Insurance
618 S.E.2d 867 (Court of Appeals of North Carolina, 2005)
Ken-Mar Finance v. Harvey
368 S.E.2d 646 (Court of Appeals of North Carolina, 1988)
Wood v. Guilford County
558 S.E.2d 490 (Supreme Court of North Carolina, 2002)
Toomer v. Garrett
574 S.E.2d 76 (Court of Appeals of North Carolina, 2002)
Branch Banking and Trust Co. v. Thompson
418 S.E.2d 694 (Court of Appeals of North Carolina, 1992)
Council v. Dickerson's, Inc.
64 S.E.2d 551 (Supreme Court of North Carolina, 1951)
Brown v. Lumbermens Mutual Casualty Co.
390 S.E.2d 150 (Supreme Court of North Carolina, 1990)
Iadanza v. Harper
611 S.E.2d 217 (Court of Appeals of North Carolina, 2005)
Creech v. Melnik
495 S.E.2d 907 (Supreme Court of North Carolina, 1998)
Schlieper v. Johnson
672 S.E.2d 548 (Court of Appeals of North Carolina, 2009)

Cite This Page — Counsel Stack

Bluebook (online)
Dougherty v. Bojangles Rests., Inc., Counsel Stack Legal Research, https://law.counselstack.com/opinion/dougherty-v-bojangles-rests-inc-ncbizct-2026.