In re Sony Gaming Networks & Customer Data Security Breach Litigation

903 F. Supp. 2d 942, 2012 WL 4849054, 2012 U.S. Dist. LEXIS 146971

• Court: District Court, S.D. California
• Decided: October 11, 2012
• Docket: MDL No. 11md2258 AJB (MDD); Civil Case Nos. 11cv2119, 11cv2120
• Status: Published

Opinion

ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS’ MOTION TO DISMISS PLAINTIFFS’ CONSOLIDATED CLASS ACTION COMPLAINT

ANTHONY J. BATTAGLIA, District Judge.

Presently before the Court are (1) Defendants’ Motion to Dismiss Plaintiffs’ Consolidated Class Action Complaint; and (2) Defendants’ Supplemental Request for Judicial Notice. [Doc. 94.] Plaintiffs filed an opposition, [Doc. No. 107], and Defendants filed a reply, [Doc. No. 114]. The Court held a hearing on the motion on Thursday, September 27, 2012.¹ For the reasons set forth below, the Court (1) GRANTS in part and DENIES in part Defendants’ motion to dismiss Plaintiffs’ Consolidated Class Action Complaint; and (2) GRANTS in part and DENIES in part Defendants’ Supplemental Request for Judicial Notice.

BACKGROUND

I. Factual Background

This action arises out of a criminal intrusion into the computer network system used to provide PlayStation Network (“PSN”) services. Plaintiffs, a putative consumer class, allege that Sony Computer Entertainment America, LLC (“SCEA”), Sony Network Entertainment International, LLC and Sony Network Entertainment America, Inc. (collectively, “SNE”), Sony Online Entertainment, LLC (“SOE”), and Sony Corporation of America (“SCA”) (collectively, “Sony” or “Defendants”) failed to follow basic industry-standard protocols to safeguard its customers personal and financial information, thereby creating foreseeable harm and injury to the Plaintiff class.

Sony develops and markets the PlayStation Portable (“PSP”) hand-held device and the PlayStation 3 (“PSP”) console (collectively, “consoles”).² [Compl. ¶¶ 24, 25.] Among their key features are their ability to let users play games, connect to the Internet, access the PlayStation Network (“PSN”), Qriocity, and Sony Online Entertainment (“SOE”) (collectively, “Sony Online Services” or “SOS”), [Id. ¶¶ 26, 27-29]. For additional fees, the PSN also allows access to various third party services such as Netflix, MLB.TV, and NHL Gamecenter LIVE (“Third Party Services”). [Id. ¶ 31.] These additional fees are paid to the source of the service rather than to Sony. Many who subscribe to these Third Party Services can only access them through their PSN account. [Id. ¶¶ 9-11, 14, 38.] As of January 25, 2011, PSN had over 69 million users worldwide, [Id ], and SOE had over 24.6 million users worldwide, [Id. ¶ 29].

When establishing accounts with PSN, Qriocity, and SOE, Plaintiffs and other Class members were required to provide personally identifying information to Sony, including their names, mailing addresses, email addresses, birth dates, credit and debit card information (card numbers, expiration dates and security codes) and log-in credentials (“Personal Information”), which Sony stores and maintains on its Network. [Id. at 35.] Sony continually monitors and records users’ PSN activities, purchases and usage, and maintains this usage data on its Network.³ [Id. ¶ 36.]

Plaintiffs allege that on April 16 or 17, 2011, hackers accessed Sony’s Network, stealing the Personal Information of millions of Sony customers, including Plaintiffs and the other Class members (the “Data Breach”). [Id. ¶ 46.] On April 17, 2011, Sony discovered that PSN and Qriocity user data had been stolen. [Id. ¶ 51.] Three days later, Sony took the PSN and Qriocity offline, stating that “[w]e’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.” [Id. ¶ 52.] As a result of the Data Breach, Sony was forced to shut down the PSN and Qriocity for almost a month while it conducted a systems audit to determine the cause of the data breach. [Id. ¶ 97.] Meanwhile, SOE remained offline for more than two weeks. During this prolonged downtime, Plaintiffs and the other Class members were unable to access PSN, Qriocity, and SOE, unable to play multiplayer online games with others, and unable to use online services available through the PSN, Qriocity or SOE. Plaintiffs and the other Class members were also unable to access and use prepaid Third Party Services. [See Id. ¶¶ 9-11, 14, 98.]

Between April 21 and April 25, 2011, while the PSN and Qriocity remained offline, Plaintiffs claim Sony continued to misrepresent the circumstances of the breach. [Id. ¶¶ 54-55, 58.] It was not until April 26, 2011, that Sony finally told the public that the personal information had been taken. [Id. ¶ 59.] Shortly thereafter, Sony admitted that its failures “may have had a financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored.” [Id. ¶ 60.] Sony also conceded that “[s]ome games may require access to PSN for trophy sync, security checks or other network functionality and therefore cannot be played offline.” [Id.] On May 12, 2011, Sony announced that it would compensate SOE users in the United States by offering free identity theft protection services, certain free downloads and online services, and “will consider” helping customers who have been issued new credit cards. [Id. ¶ 66.]

Plaintiffs further allege that Sony knew, or should have known, that its security measures were inadequate and that its network was vulnerable to attack because its network had been previously compromised. In 2011, after a PS3 user successfully “jailbroke” his PS3 console and posted instructions for doing it, Sony sued him to chill others from doing the same.⁴ [Id. ¶ 69.] However, according to Plaintiffs, Sony did nothing to update its inadequate protocols or otherwise implement adequate safeguards. [Id. ¶ 75.] Moreover, in a May 1, 2011 admission, Sony Corporation Chief Information Officer Shinji Hasejima conceded that Sony’s Network was not secure at the time of the data breach and that the attack was a “known vulnerability.” [Id. ¶ 76.] According to Plaintiffs, this is further evidenced by Sony’s decision to not install and maintain appropriate firewalls on its networks, including the Payment Card Industry Data Security Standard (“PCI DSS”), which requires anyone collecting payment card information to install and maintain a firewall and is standard in the industry. [Id. ¶ 83.]

II. Procedural History

This case is before the Court pursuant to 28 U.S.C. § 1407. On August 16, 2011, the Judicial Panel on Multi-District Litigation transferred certain civil actions from multiple district courts across the country into one consolidated action. [Doc. No. 1.] On November 11, 2011, this Court appointed a Liaison Counsel and a Plaintiffs’ Steering Committee (“PSC”) to streamline the process. [Doc. No. 61.] Thereafter, Plaintiffs were informed that the PSC should file a Consolidated Complaint on behalf of all Plaintiffs, and the Defense could respond to the Consolidated Complaint. [Doc. No. 63.] Plaintiffs filed their Consolidated Class Action Complaint on January 31, 2012, [Doc. No. 78], and Defendants filed the instant motion to dismiss, [Doc. No. 94].⁵

LEGAL STANDARDS

1. Motion to Dismiss Under Rule 12(b)(1)

A Rule 12(b)(1) motion to dismiss tests whether a complaint alleges grounds for federal subject matter jurisdiction. If the plaintiff lacks standing under Article III of the U.S. Constitution, then the court lacks subject matter jurisdiction, and the case must be dismissed. See Steel Co. v. Citizens for a Better Env’t, 523 U.S. 83, 101-02, 118 S.Ct. 1003, 140 L.Ed.2d 210 (1998).

A jurisdictional challenge may be facial or factual. Safe Air for Everyone v. Meyer, 373 F.3d 1035, 1039 (9th Cir.2004). Where the attack is facial, the court determines whether the allegations contained in the complaint are sufficient on their face to invoke federal jurisdiction, accepting all material allegations in the complaint as true and construing them in favor of the party asserting jurisdiction. See Warth v. Seldin, 422 U.S. 490, 501, 95 S.Ct. 2197, 45 L.Ed.2d 343 (1975). Where the attack is factual, however, “the court need not presume the truthfulness of the plaintiffs allegations.” Safe Air for Everyone, 373 F.3d at 1039. In resolving a factual dispute as to the existence of subject matter jurisdiction, a court may review extrinsic evidence beyond the complaint without converting a motion to dismiss into one for summary judgment. See id.; McCarthy v. United States, 850 F.2d 558, 560 (9th Cir.1988) (holding that a court “may review any evidence, such as affidavits and testimony, to resolve factual disputes concerning the existence of jurisdiction”). Once a party has moved to dismiss for lack of subject matter jurisdiction under Rule 12(b)(1), the opposing party bears the burden of establishing the Court’s jurisdiction. See Kokkonen v. Guardian Life Ins. Co., 511 U.S. 375, 377, 114 S.Ct. 1673, 128 L.Ed.2d 391 (1994); Chandler v. State Farm Mut. Auto. Ins. Co., 598 F.3d 1115, 1122 (9th Cir.2010).

II. Motion to Dismiss Under Rule 12(b)(6) and Rule 9(b)

A complaint must contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed.R.Civ.P. 8(a) (2009). A motion to dismiss pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure tests the legal sufficiency of the claims asserted in the complaint. Fed.R.Civ.P. 12(b)(6); Navarto v. Block, 250 F.3d 729, 731 (9th Cir.2001). The court must accept all factual allegations pleaded in the complaint as true, and must construe them and draw all reasonable inferences from them in favor of the nonmoving party. Cahill v. Liberty Mutual Ins. Co., 80 F.3d 336, 337-38 (9th Cir.1996). The Court is not bound, however, to accept “legal conclusions” as true. Ashcroft v. Iqbal, 556 U.S. 662, 129 S.Ct. 1937, 1949-50, 173 L.Ed.2d 868 (2009).

To avoid a Rule 12(b)(6) dismissal, a complaint need not contain detailed factual allegations; rather, it must plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). However, “a plaintiffs obligation to provide the ‘grounds’ of his ‘entitle[ment] to relief requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do.” Id. at 555, 127 S.Ct. 1955 (citation omitted). “Factual allegations must be enough to raise a right to relief above the speculative level, on the assumption that all the allegations in the complaint are true (even if doubtful in fact).” Id. (citation omitted). In spite of the deference the court is bound to pay to the plaintiffs allegations, it is not proper for the court to assume that “the [plaintiff] can prove facts that [he or she] has not alleged or that defendants have violated the ... laws in ways that have not been alleged.” Associated Gen. Contractors of Cal., Inc. v. Cal. State Council of Carpenters, 459 U.S. 519, 526, 103 S.Ct. 897, 74 L.Ed.2d 723 (1983).

But “[w]hen there are well-pleaded factual allegations, a court should assume their veracity and then determine whether they plausibly give rise to an entitlement to relief.” Id. at 1950. A claim has “facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. at 1949 (citing Twombly, 550 U.S. at 556, 127 S.Ct. 1955). “The plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. “Where a complaint pleads facts that are ‘merely consistent with’ a defendant’s liability, it ‘stops short of the line between possibility and plausibility of entitlement to relief.’ ” Id. (quoting Twombly, 550 U.S. at 557, 127 S.Ct. 1955).

Complaints alleging fraud must satisfy the heightened pleading requirements of Federal Rule of Civil Procedure 9(b). Rule 9(b) requires that in all averments of fraud or mistake, the circumstances constituting fraud or mistake shall be stated with particularity. Malice, intent, knowledge, and other conditions of a person’s mind may be alleged generally. A pleading is sufficient under Rule 9(b) if it “state[s] the time, place and specific content of the false representations as well as the identities of the parties to the misrepresentation.” Misc. Serv. Workers, Drivers & Helpers v. Philco-Ford Corp., 661 F.2d 776, 782 (9th Cir.1981) (citations omitted); see also Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir.2003) (quoting Cooper v. Pickett, 137 F.3d 616, 627 (9th Cir.1997)) (“Averments of fraud must be accompanied by ‘the who, what, when, where, and how’ of the misconduct charged.”). Additionally, “the plaintiff must plead facts explaining why the statement was false when it was made.” Smith v. Allstate Ins. Co., 160 F.Supp.2d 1150, 1152 (S.D.Cal.2001) (citation omitted); see In re GlenFed, Inc. Sec. Litig., 42 F.3d 1541, 1549 (9th Cir.1994) (en banc) (superseded by statute on other grounds).

Regardless of the title given to a particular claim, allegations grounded in fraud are subject to Rule 9(b)’s pleading requirements. See Vess, 317 F.3d at 1103-04. Even where fraud is not an essential element of a consumer protection claim, Rule 9(b) applies where a complaint “relftes] entirely on [a fraudulent course of conduct] as the bases of that claim ... the claim is said to be ‘grounded in fraud’ or to ‘sound in fraud,’ and the pleading ... as a whole must satisfy the particularity requirement of Rule 9(b).” Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir.2009) (quoting Vess, 317 F.3d at 1103-04); Bros. v. Hewlett-Packard Co., No. C-06-02254 RMW, 2006 WL 3093685, at *7 (N.D.Cal. Oct. 31, 2006).

III. Leave to Amend

Under Rule 15(a) of the Federal Rules of Civil Procedure, leave to amend “shall be freely given when justice so requires,” bearing in mind “the underlying purpose of Rule 15 to facilitate decision on the merits, rather than on the pleadings or technicalities.” Lopez v. Smith, 203 F.3d 1122, 1127 (9th Cir.2000) (en banc) (internal quotation marks and alterations omitted). When dismissing a complaint for the failure to state a claim, “ ‘a district court should grant leave to amend even if no request to amend the pleading was made, unless it determines that the pleading could not possibly be cured by the allegation of other facts.’ ” Id. at 1130 (quoting Doe v. United States, 58 F.3d 494, 497 (9th Cir.1995)). Generally, leave to amend shall be denied only if allowing amendment would unduly prejudice the opposing party, cause undue delay, or be futile, or if the moving party has acted in bad faith. Leadsinger, Inc. v. BMG Music Publ’g, 512 F.3d 522, 532 (9th Cir.2008).

SUPPLEMENTAL REQUEST FOR JUDICIAL NOTICE

In support of the instant motion, Sony has requested that the Court take judicial notice of six documents: (1) the SNE PlayStation Network and Qriocity Services Terms of Service and User Agreement (“SNE User Agreement”); (2) the SNE PlayStation Network and Qriocity Services Privacy Policy (“SNE Privacy Policy”); (3) the SCEA Privacy Policy (“SCEA Privacy Policy”); (4) an announcement from SCEA and SNE regarding the PSN service outage, entitled, “Update on PlayStation Network and Qriocity” (“Announcement Update”); (5) a CNET article by author Erica Ogg, entitled, “Sony to Restore PSN Services, Compensate Customers” (“CNET Article”); and (6) a published guidance from the California Office of Privacy Protection (“Privacy Protection Guidelines”). Plaintiffs only oppose the Privacy Protection Guidelines, arguing admission of the document is inappropriate on a motion to dismiss as it admits facts outside the pleadings.

Rule 201 of the Federal Rules of Evidence allows courts to take judicial notice of matters that are “capable of accurate and ready determination by resort to sources whose accuracy cannot reasonably be questioned.” Fed.R.Evid. 201(b). The Court may take judicial notice on a motion to dismiss under Rule 12(b)(6). Lee v. City of Los Angeles, 250 F.3d 668, 688-89 (9th Cir.2001); In re Silicon Graphics Inc. Sec. Litig., 183 F.3d 970, 986 (9th Cir.1999). Moreover, “a court may consider a writing referenced in a complaint but not explicitly incorporated therein, if the complaint relies on the document and its authenticity is unquestioned.” Id. (quoting Parrino v. FHP, Inc., 146 F.3d 699, 706 (9th Cir.1998), superseded by statute on other grounds as stated in Abrego v. Dow Chem. Co., 443 F.3d 676 (9th Cir.2006)). According, the SNE User Agreement, SNE Privacy Policy, SCEA Privacy Policy, Announcement Update, and CNET Article are all appropriate for judicial notice as Plaintiffs rely on and quote from each of the documents in the Consolidated Complaint, and do not question their authenticity.

Although the Privacy Protections Guidelines are also subject to judicial notice because they can be downloaded from a public agency’s website, the document cannot be used as proof of the matters asserted therein. See Cachil Dehe Band of Wintun Indians of the Colusa Indian Comm’ty v. Cal., 547 F.3d 962, 968-69 n. 4 (9th Cir.2008) (taking judicial notice of gaming compacts located on official California Gambling Control Commission website); Santa Monica Food Not Bombs v. City of Santa Monica, 450 F.3d 1022, 1025 n. 2 (9th Cir.2006) (taking judicial notice of “public records” that “can be accessed at Santa Monica’s official website”). “This means that factual information asserted in the document cannot be used to create or resolve disputed issues of material fact.” Coalition for a Sustainable Delta v. McCamman, 725 F.Supp.2d 1162, 1183-84 (E.D.Cal.2010) (emphasis added). Accordingly, the Court takes judicial notice of all requested documents, but only takes judicial notice of the Privacy Protections Guidelines to the extent that they exist, and not for the content cited therein.

DISCUSSION

Sony moves to dismiss Plaintiffs’ Consolidated Complaint on the following grounds: (1) Plaintiffs lack standing to assert causes of action against SOE and SCA; (2) Plaintiffs lack Article III standing as to all Defendants; (3) Plaintiffs fail to state a claim for negligence because they have not alleged any cognizable injury; (4) Plaintiffs fail to state a claim under the UCL, FAL, or CLRA, as to both non-resident class members and resident class members; (5) Plaintiffs’ UCL and FAL claims fail for lack of any basis to award restitution or injunctive relief; (6) Plaintiffs’ CLRA claim independently fails because it is inapplicable to the transaction at issue; (7) Plaintiffs’ claim under the Database Breach Act fails both as to the non-resident class members and to resident class members as a matter of law; (8) Plaintiffs fail to state a claim for Unjust Enrichment because there is no such independent cause of action in California; and (9) Plaintiffs fail to state a claim for bailment because the relationship and transaction necessary to support a claim does not exist in this case. The Court addresses each ground for dismissal in turn.

I. Article III Standing

Sony challenges Plaintiffs’ Article III standing to bring the present action. Presumably, Sony does so under Fed.R.Civ.P. 12(b)(1), which allows dismissal of an action for lack of subject matter jurisdiction. Chandler v. State Farm Mut. Auto. Ins. Co., 598 F.3d 1115, 1122 (9th Cir.2010) (“Because standing and ripeness pertain to federal courts’ subject matter jurisdiction, they are properly raised in a Rule 12(b)(1) motion to dismiss.”).

To establish Article III standing, Plaintiffs must demonstrate that they satisfy three requirements: (1) they have suffered an “injury in fact,” i.e., “an invasion of a legally protected interest which is (a) concrete and particularized, and (b) actual or imminent, not conjectural or hypothetical;” (2) the injury is “fairly traceable to the challenged action of the defendant;” and (3) it is “likely, as opposed to merely speculative, that the injury will be redressed by a favorable decision.” Lujan v. Defenders of Wildlife, 504 U.S. 555, 560-61, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992) (internal citations, quotation marks, and alterations omitted); accord Friends of the Earth, Inc. v. Laidlaw Envtl. Servs. (TOC), Inc., 528 U.S. 167, 180-81, 120 S.Ct. 693, 145 L.Ed.2d 610 (2000). When a plaintiff seeks prospective relief, in order to establish standing, he or she must show that there is “a likelihood of future injury.” See White v. Lee, 227 F.3d 1214, 1242 (9th Cir.2000); Gest v. Bradbury, 443 F.3d 1177, 1181 (9th Cir.2006) (plaintiff must show that he or she is “realistically threatened by repetition of the violation”). “Past exposure to illegal conduct does not itself show a present case or controversy regarding injunctive relief if unaccompanied by any continuing, present adverse effects.” Lujan, 504 U.S. at 564, 112 S.Ct. 2130 (internal quotations omitted).

Plaintiffs bear the burden of establishing standing. Lujan, 504 U.S. at 561, 112 S.Ct. 2130. In a class action context, named plaintiffs representing a class “must allege and show that they personally have been injured, not that injury has been suffered by other, unidentified members of the class to which they belong and which they purport to represent.” Gratz v. Bollinger, 539 U.S. 244, 289, 123 S.Ct. 2411, 156 L.Ed.2d 257 (2003) (internal quotation marks and citations omitted). “[I]f none of the named plaintiffs purporting to represent a class establishes the requisite of a case or controversy with the defendants, none may seek relief on behalf of himself or any other member of the class.” O’Shea v. Littleton, 414 U.S. 488, 494, 94 S.Ct. 669, 38 L.Ed.2d 674 (1974); accord Lierboe v. State Farm Mut. Auto. Ins. Co., 350 F.3d 1018, 1022 (9th Cir.2003). Thus, to survive Sony’s motion, Plaintiffs must allege facts that, if proven, would confer standing upon them. See Warren v. Fox Family Worldwide, Inc., 328 F.3d 1136, 1140 (9th Cir.2003); see also Lujan, 504 U.S. at 561, 112 S.Ct. 2130 (noting that at pleadings stage, “general factual allegations of injury resulting from the defendant’s conduct may suffice” to demonstrate standing).

Here, Sony’s standing argument is twofold. First, Sony contends the named plaintiffs fail to allege any basis for standing against SOE and SCA; and second, Plaintiffs fail to allege an “injury in fact” or establish there is a “casual connection” between the alleged misconduct and a “legally protected interest.”

1. Standing to Assert Claims Against SOE and SCA

Sony first argues that the named Plaintiffs lack standing and fail to state any claim as to two of the Sony Defendants— SOE and SCA — and that the Consolidated Complaint should be dismissed in its entirety as to them. Specifically, Sony contends that none of the named Plaintiffs alleges that he/she was a registered user with the SOE Network, provided any information to SOE, or had any subscriptions with SOE. Likewise, the Consolidated Complaint references SCA only in Paragraph 19, and alleges nothing more than that the other defendants are SCA’s subsidiaries. Plaintiffs respond, stating that because “Defendants acted together by contributing to Sony’s failure to secure its Network,” all Defendants are equally liable for the Data Breach. [Doc. No. 107, 9.] Plaintiffs further attempted to bolster this allegation at the motion hearing by stating that all the Defendants work together to provide a specific product, and that SCA was the entity responsible for selling Sony devices in the United States. Finally, Plaintiffs also acknowledged at the hearing that although no current Class representatives subscribe to SOE, such defect could be remedied by adding an additional named Class representative.

On consideration of the parties moving papers and oral arguments advanced at the hearing, the Court finds that Plaintiffs have failed to currently allege any basis for standing against SOE or SCA. See, e.g., Easter v. Am. West Fin., 381 F.3d 948, 961-62 (9th Cir.2004) (dismissing claims for lack of standing where plaintiffs failed to trace the alleged injury-in-fact to the conduct of certain defendants); Cattie v. Wal-Mart Stores, Inc., 504 F.Supp.2d 939, 944-46 (S.D.Cal.2007) (plaintiffs lacked standing against one Wal-Mart entity where they relied solely on allegations that it acted jointly with other Wal-Mart entities); Simon v. E. Ky. Welfare Rights Org., 426 U.S. 26, 40 n. 20, 96 S.Ct. 1917, 48 L.Ed.2d 450 (1976) (findings that even in a putative class action, each named plaintiff must personally allege a cognizable and traceable injury). Specifically, Plaintiffs have failed to show that any of the named Class representatives subscribe to SOE, or sufficiently allege a definitive relationship between SCA and the other Sony Defendants. Accordingly, the Court DISMISSES Plaintiffs’ claims against SOE and SCA with leave to amend.

2. Injury in Fact and Causal Connection as to All Defendants

Second, Sony claims the named Class representations lack standing with respect to all Defendants for failure to allege any injury-in-fact or causal connection between the alleged misconduct and a legally protected interest. With respect to injury-in-fact, Sony argues that exposure of personal information alone does not constitute Article III standing because Plaintiffs have not alleged that the Data Breach resulted in the theft of their identities or unauthorized use of their Personal Information. Moreover, the only two named Class members who have alleged a cognizable loss-Mr. Johnson and Mr. Howe — fail to show that they were either required to pay out-of-pocket for the fraudulent charges or why standing can be generated merely by spending money on perceived preventive measures. Specifically, Sony states that Johnson does not allege that the unauthorized charges resulted from the Data Breach, or that he was required to pay out-of-pocket for the charges, and that Howe fails to allege “actual” misuse of his data, or what it means that his account was “compromised.”⁶

Conversely, Plaintiffs argue that the mere exposure of their Personal Information is enough to satisfy the injury-in-fact requirement because such exposure has subjected them to an increased risk of identity theft and fraud. Additionally, Plaintiffs contend that Class members have suffered more than just an “exposure of their personal information,” as alleged by Sony, because they were injured as a result of Sony’s month-long SOS shutdown, the loss of use of their hardware (thereby diminishing its value), the loss of use of the PSN, and the loss of use of prepaid Third Party Services.⁷

On the issue of Article III standing, both Sony and Plaintiffs point to Krottner v. Starbucks Corp., 628 F.3d 1139, 1143 (9th Cir.2010), in which the Ninth Circuit recognized that exposure of personal information constitutes injury-in-fact only where the plaintiffs face “a credible threat of real and immediate harm,” as opposed to harm that is simply “conjectural or hypothetical.” According to Sony, because Plaintiffs do not allege that any unauthorized use actually occurred, in the form of opened accounts, the harm is conjectural and hypothetical, rather than imminent. Sony claims numerous other courts have recognized that where, as here, the facts do not show anything more than alleged exposure of Plaintiffs’ information, Article Ill’s injury requirement is not satisfied.⁸ Plaintiffs respond that the situation is analogous to Krottner, wherein the Ninth Circuit held that when personal information has been stolen but not yet misused, plaintiffs have suffered an injury sufficient to confer standing under Article III.

In Krottner, Plaintiffs were Starbucks employees whose personal information, including names, addresses, and social security numbers were compromised as the result of the theft of a company laptop. Krottner, 628 F.3d at 1140. Class members brought an action against Starbucks, alleging negligence and breach of contract. Id. at 1139. The Ninth Circuit held that the plaintiffs satisfied the injury-in-fact requirement through their allegations of increased risk of future identify theft because they had “alleged a credible threat of real and immediate harm stemming from the theft of a laptop containing their unencrypted personal data.” Id. at 1143. In reaching its decision, the Ninth Circuit relied on analogous reasoning in environmental claims, wherein a plaintiff may allege a future injury in order to comply with the injury-in-fact requirement. Id. at 1142 (quoting Cent. Delta Water Agency v. United States, 306 F.3d 938, 948-50 (9th Cir.2002)). Thus, where sensitive personal data, such as names, addresses, social security numbers and credit card numbers are improperly disclosed or disseminated into the public, increasing the risk of future harm, injury-in-fact has been recognized. Id. at 1139; Doe 1 v. AOL, 719 F.Supp.2d 1102, 1109-11 (N.D.Cal.2010).

Here, the Court finds Plaintiffs have articulated sufficient particularized and concrete harm to sustain a finding of injury-in-fact at this stage in the pleadings. Similar to the plaintiffs in Krottner, Plaintiffs allege that their sensitive Personal Information was wrongfully disseminated, thereby increasing the risk of future harm. Thus, even though Sony alleges no harm has yet occurred, in certain circumstances, as the Court finds pertinent here, future harm may be regarded as a cognizable loss sufficient to satisfy Article Ill’s injury-in-fact requirement. See Krottner, 628 F.3d at 1142 (“A plaintiff may allege a future injury in order to comply with [the injury-in-fact] requirement, but only if he or she ‘is immediately in danger of sustaining some direct injury as the result of the challenged ... conduct and the injury or threat of injury is both real and immediate, not conjectural or hypothetical.’ ”) (quoting City of Los Angeles v. Lyons, 461 U.S. 95, 102, 103 S.Ct. 1660, 75 L.Ed.2d 675 (1983)).

With respect to the “causal connection” requirement under Article III, Sony contends Plaintiffs do not allege that they relied upon any promise by Sony of uninterrupted service or any warranty against intrusion. Sony argues that in order for Plaintiffs to allege they received or relied on Sony’s representations they had to have purchased rather than acquired their consoles.⁹ Moreover, Sony contends that even if Plaintiffs could show a causal connection, the “Terms of Service and Privacy Policy for the PSN disclaim both.” [Doc. No. 94, 10:7-16.] Plaintiffs counter, stating that they have plainly plead not only that it was Sony’s inadequate network security that enabled the Data Breach, but also that Sony knew its security was inadequate, experienced other Network breaches, and failed to implement fixes. Moreover, Plaintiffs assert it makes no difference whether they “paid good money” for their devices or whether the devices were acquired by gift, as every Plaintiff was injured by the nearly month-long intentional disruption of service and loss of use of the SOS and other dependent services.¹⁰

Here, as stated above, Plaintiffs’ Consolidated Class Action Complaint is sufficient to support the causal connection element of Article III at this early stage in the proceedings. As the Supreme Court has noted, the evidence required to support or oppose Article III standing will necessarily increase as the litigation progresses. See Lujan, 504 U.S. at 561, 112 S.Ct. 2130 (1992) (“Since they are not mere pleading requirements but rather an indispensable part of the plaintiffs case, each [constitutional standing] element must be supported in the same way as any other matter on which the plaintiff bears the burden of proof, i.e., with the manner and degree of evidence required at the successive stages of the litigation.”) Therefore, the Court finds Plaintiffs have sufficiently plead injury-in-fact and a causal connection between the alleged misconduct and a legally protected interest. Accordingly, the Court DENIES Sony’s motion to dismiss the Consolidated Complaint on the basis of lack of Article III standing.¹¹

II. Motion to Dismiss

The Court next addresses the sufficiency of each of Plaintiffs’ seven claims below, largely in the order they were raised in Sony’s motion to dismiss, beginning first with Plaintiffs’ negligence claim. Moreover, because Plaintiffs allege three causes of action that arise under various California consumer protection statutes, with similar pleading requirements — the UCL, FAL, and CLRA — the Court will address issues common to those three claims, and will next discuss issues specific to each individual claim. Finally, the Court will address Plaintiffs’ allegations under California’s Database Breach Act, and unjust enrichment and bailment causes of action.

A. Negligence Claim (Sixth Cause of Action)

Under California law, the elements of a negligence cause of action are: (1) the existence of a duty to exercise due care; (2) breach of that duty; (3) causation; and (4) damages. Paz v. California, 22 Cal.4th 550, 93 Cal.Rptr.2d 703, 994 P.2d 975, 980-81 (2000). Sony makes three separate arguments that Plaintiffs’ negligence claim fails, all of which are related to whether Plaintiffs have alleged sufficient damages: (1) the economic loss doctrine bars the claim; (2) failure to allege a cognizable injury; and (3) insufficient pleadings under Iqbal and Twombly. Each ground for dismissal will be considered in turn.

1. Economic Loss Doctrine

Sony presented substantial support in its moving papers and at the motion hearing to advance its contention that the economic loss doctrine bars Plaintiffs’ negligence claim. According to Sony, Plaintiffs’ damages consist entirely of “economic damages” associated with “credit monitoring, loss of use and value of [PSN] services, loss of use and value of prepaid Third Party Services, and diminution of the value of their PS3s and/or PSPs.” [Doc. No. 78 ¶ 180.] Furthermore, Sony claims courts in numerous other data breach cases have recognized that such economic losses are not recoverable under a negligence theory.¹²Accordingly, Sony claims Plaintiffs are attempting to plead around their contract with SNE, which expressly disclaims any guarantees of uninterrupted service or perfect security.¹³

Conversely, Plaintiffs assumed, without adequately arguing in either its moving papers or at the motion hearing, that the doctrine is inapplicable to the case at bar.¹⁴ After considering the arguments presented by the parties and the Court’s independent research, the Court finds that although Sony has failed to allege that the economic loss doctrine bars Plaintiffs negligence claim as a matter of law, Plaintiffs have also failed to allege sufficient facts to assert the doctrine’s non-applicability.

Under the economic loss doctrine, a plaintiffs tort recovery of economic damages is barred unless such damages are accompanied by some form of physical harm (i.e., personal injury or property damage).¹⁵ See N. Am. Chem. Co. v. Super. Ct., 59 Cal.App.4th 764, 777, 69 Cal.Rptr.2d 466 (1997). Thus, in actions for negligence, liability is limited to damages for physical injuries and recovery of economic loss is not allowed. Aas v. Super. Ct., 24 Cal.4th 627, 101 Cal.Rptr.2d 718, 12 P.3d 1125, 1130-31 (2000) (citing Seely v. White Motor Co., 63 Cal.2d 9, 45 Cal.Rptr. 17, 403 P.2d 145, 151 (1965)). As stated by the Ninth Circuit in Kalitta Air, L.L.C. v. Central Texas Airborne Systems, Inc., “in the absence of (1) personal injury, (2) physical damage to property, (3) a ‘special relationship’ existing between the parties, or (4) some other common law exception to the rule, recovery of purely economic loss is foreclosed.” 315 Fed.Appx. 603, 605 (9th Cir.2008); J'Aire Corp. v. Gregory, 24 Cal.3d 799, 157 Cal.Rptr. 407, 598 P.2d 60, 62-63 (1979). Here, Plaintiffs’ Consolidated Complaint does not assert personal injuries or physical damage to their consoles. Thus, in order to plead around the economic loss doctrine Plaintiffs must show that there is a “special relationship between the parties” or that some other common law exception, i.e., fraud or intentional misrepresentation, applies. See Giles v. Gen. Motors Acceptance Corp., 494 F.3d 865, 880 (9th Cir.2007) (finding that the economic loss doctrine did not apply because appellants’ tort claim was not a “mere contract claim cloaked in the language of tort,” as appellants claimed fraud in the inducement rather than fraud in the execution). Under the test articulated by the California Supreme Court in J'Aire, the court looks at six factors to determine the existence of a special relationship: (1) the extent to which the transaction was intended to affect the plaintiff; (2) the foreseeability of harm to the plaintiff; (3) the degree of certainty that the plaintiff suffered injury; (4) the closeness of the connection between the defendant’s conduct and the injury suffered; (5) the moral blame attached to the defendant’s conduct; and (6) the policy of preventing future harm. Kalitta Air, 315 Fed.Appx. at 605-06. All six factors must be considered by the court, and the presence or absence of one factor is not decisive. Id.

In the present case, although Plaintiffs stated at the motion hearing that the applicability of the economic loss doctrine is contingent on whether the negligence claim arises out of a contract for services, as opposed to a contract for the sale of goods or products, the Ninth Circuit has disregarded such a rudimentary distinction. Id. In doing so, the Ninth Circuit stated that if they were to “hold that the economic loss rule does not apply to a claim grounded in the performance of services, the district court must still apply the six criteria set forth in J'Aire to justify recovery of economic loss caused by the negligent performance of a contract.” See North American, 69 Cal.Rptr.2d at 479 (stating that the economic loss rule did not bar a negligence claim grounded in the negligent performance of services and applying the J’Aire criteria to justify recovery of economic loss caused by negligent performance of a contract); Zamora v. Shell Oil Co., 55 Cal.App.4th 204, 63 Cal.Rptr.2d 762, 766 (1997) (“J'Aire sets forth a limited exception to the general rule that economic loss alone is insufficient to state a negligence cause of action ... ”).

Therefore, the economic loss rule will not bar Plaintiffs’ negligence claim so long as Plaintiffs can satisfy the multifactor “special relationship” test applied in J'Aire, or can set forth some other common law exception to the rule. See J'Aire, 157 Cal.Rptr. 407, 598 P.2d at 63; Aas, 101 Cal.Rptr.2d 718, 12 P.3d at 1137-40 (applying J'Aire); Ales-Peratis Foods Int’l, Inc. v. American Can Co., 164 Cal.App.3d 277, 209 Cal.Rptr. 917, 921 (1985) (same); North American, 69 Cal.Rptr.2d at 479 (same). However, because Plaintiffs’ Consolidated Complaint has failed to adequately allege why the economic loss doctrine does not apply, in particular why the JAire factors weigh in favor of finding a “special relationship,” or allege actionable misrepresentations made by Sony that were justifiably relied on, Plaintiffs’ negligence claim must fail. See e.g., Robinson Helicopter Co., Inc. v. Dana Corp., 34 Cal.4th 979, 990-91, 22 Cal.Rptr.3d 352, 102 P.3d 268, 274 (2004) (finding the economic loss doctrine did not apply because plaintiff would not have accepted delivery and used the nonconforming goods, nor would it have incurred the cost of investigating the cause of the faulty product, had it not been for Defendants’ intentional misrepresentations upon which Plaintiff relied). Accordingly, the Court finds Plaintiffs have failed to allege why the economic loss doctrine does not bar their negligence claim.

2. Cognizable Injury

Second, Sony argues that even if Plaintiffs’ claim is not barred by the economic loss doctrine, the damages element of a negligence action requires Plaintiffs to show they have suffered some cognizable injury. Here, as discussed above, no Plaintiff alleges any identity theft or unauthorized use of his information causing a pecuniary loss. Sony claims courts have consistently held that mere allegations of exposure of a plaintiffs personal information are insufficient to establish a cognizable injury.¹⁶ In response, Plaintiffs assert they were injured because their Personal Information was stolen, which has exposed them to an increased risk of identity theft and fraud. Plaintiffs further allege they suffered injury related to the loss of use and value of SOS, the loss of use and value of prepaid Third Party Services, and the diminution of value of their PS3s and/or PSPs.

Under California law, appreciable, nonspeculative, present harm is an essential element of a negligence cause of action. Aas v. Super. Ct., 24 Cal.4th 627, 646, 101 Cal.Rptr.2d 718, 12 P.3d 1125 (2000); Ruiz v. Gap, Inc., 622 F.Supp.2d 908, 913 (N.D.Cal.2009), aff'd, 380 Fed.Appx. 689 (9th Cir.2010). The breach of a duty causing only speculative harm or the threat of future harm does not normally suffice to create a cause of action for negligence. See id.; see also Zamora v. Shell Oil Co., 55 Cal.App.4th 204, 211, 63 Cal.Rptr.2d 762 (4th Dist.1997) (finding there has not been the requisite damage for a negligence cause of action where defective water pipes had not yet leaked); San Francisco Unified Sch. Dist. v. W.R. Grace & Co., 37 Cal.App.4th 1318, 1327-30, 44 Cal.Rptr.2d 305 (1995) (finding that presence of asbestos products in buildings did not satisfy damage element of negligence cause of action when products had not contaminated buildings by releasing friable asbestos); Khan v. Shiley, Inc., 217 Cal.App.3d 848, 857, 266 Cal.Rptr. 106 (4th Dist.1990) (no cause of action for negligence premised on risk that implanted heart valve may malfunction in the future).

While Plaintiffs have currently alleged enough to assert Article III standing to sue based on an increased risk of future harm, the Court finds such allegations insufficient to sustain a negligence claim under California law. See Krottner v. Starbucks Corp., 406 Fed.Appx. 129, 130 (9th Cir.2010) (affirming the district court’s dismissal of the negligence claim for failure to adequately allege a cognizable injury because even though plaintiff-appellants pled an injury-in-fact for purposes of Article III standing they did not adequately plead damages for purposes of their state-law claims.) Accordingly, without specific factual statements that Plaintiffs’ Personal Information has been misused, in the form of an open bank account, or un-reimbursed charges, the mere “danger of future harm, unaccompanied by present damage, will not support a negligence action.” Id. (quoting Gazija v. Nicholas Jerns Co., 86 Wash.2d 215, 543 P.2d 338, 341 (1975)).¹⁷

Plaintiffs alterative grounds for cognizable loss fail for similar reasons. First, Plaintiffs fail to assert a plausible argument, in light of the PSN Terms and Service Agreement to which all Plaintiffs assented to, establishing a separate and distinct duty to provide continuous and uninterrupted service to either the PSN or prepaid Third-Party Services. Blanket assertions that Sony “represented that access to the PSN was a feature of the PSP and PS3” fail to justify a separate and distinct duty of care, and thus fall short of what is required. See Erlich v. Menezes (1999) 21 Cal.4th 543, 552, 87 Cal.Rptr .2d 886, 981 P.2d 978 (“[I]n each of these cases, the duty that gives rise to tort liability is either completely independent of the contract or arises from conduct which is both intentional and intended to harm.”). Moreover, and potentially most illusory, is Plaintiffs’ allegations that their consoles have diminished in value as a result of the Data Breach. However, as acknowledged by Sony at the motion hearing, Plaintiffs have failed to argue that as a result of the Data Breach Plaintiffs are using their consoles less, or report problems with their devices after the PSN resumed service. Thus, the Court finds Plaintiffs have not currently alleged a cognizable loss stemming from a legal duty to provide such services.

3. Allegations of Negligent Conduct Fail to Satisfy Iqbal and Twombly

Third, Sony argues that Plaintiffs’ allegations of negligent conduct and breach of duty fail to satisfy Iqbal and Twombly because they are conclusory and speculative. Sony claims that pointing by hindsight to the fact that an intrusion occurred does not establish or permit an inference that security was not reasonable. Specifically, Sony asserts that parroting unidentified commentary from blogs about inadequate firewalls do not make it plausible that an inadequate firewall was somehow involved in the intrusion. Thus, rather than alleging facts, Plaintiffs resort to arguing that Sony admitted their network security was inadequate, even though such a statement can in no way be regarded as an admission.

Although Sony’s arguments may be availing at a later juncture, at this stage in the proceedings Sony’s arguments generalize and mischaracterize Plaintiffs’ claims, especially since Plaintiffs allege that Sony knew of potential problems and failed to implement reasonable safeguards. Thus, because Plaintiffs do not need to prove that Sony’s conduct was in fact negligent, or that they did in fact have inadequate safeguards, Plaintiffs have satisfied their burden. Accordingly, the Court finds Plaintiffs have satisfied the requirements of Iqbal and Twombly with respect to their negligence claim. However, because Plaintiffs’ negligence claim fails for the reasons set forth above, the Court DISMISSES Plaintiffs negligence claim with leave to amend.

B. Consumer Protection Claims (First, Second, and Third Causes of Action)

Plaintiffs assert various claims under California’s consumer protection statutes alleging violations of the Unfair Competition Law (“UCL”), False Advertising Law (“FAL”), and the Consumers Legal Remedies Act (“CLRA”), all of which are based on Sony’s alleged misrepresentations that affected Plaintiffs’ access to the Sony Network and disclosure of their Personal Information. In response, Sony asserts that Plaintiffs’ consumer claims fail as to nonresident named Class members because the alleged misrepresentations occurred outside of California. Additionally, Sony alleges Plaintiffs’ claims fail as to resident Class members because Plaintiffs lack standing, they have failed to allege their claims with sufficient particularity, there is no basis for restitution or injunctive relief, and the CLRA is inapplicable to the transaction at issue. Each basis for dismissal is discussed in turn.

1. Non-Resident Named Plaintiffs

Sony first argues that Plaintiffs’ claims under the UCL, FAL, and the CLRA must be dismissed as to the non-resident named Plaintiffs. This argument is inline with the Ninth Circuit’s holding in Mazza v. American Honda Motor Co., wherein the court found that for claims sounding in misrepresentation, the governing consumer protection statute is that of the state where the misrepresentation was received. 666 F.3d 581, 593-94 (9th Cir.2012). See also McCann v. Foster Wheeler LLC, 48 Cal.4th 68, 94 n. 12, 105 Cal.Rptr.3d 378, 225 P.3d 516 (2010) (pointing out that the geographic location of an omission is the place of the transaction where it should have been disclosed); Zinn v. Ex-Cell-O Corp., 148 Cal.App.2d 56, 80 n. 6, 306 P.2d 1017 (1957) (concluding in fraud cases that the place of the wrong was the state where the misrepresentations were communicated to the plaintiffs, not the state where the intention to misrepresent was formed or where the misrepresented acts took place). Here, four of the six named Plaintiffs received the alleged misrepresentations outside of California. (Doc. No. 78.¶¶ 9, 12-14).¹⁸

Plaintiffs contend that the choice of law provision in the SNE Terms of Service Agreement dictates that California law applies to claims relating to their PSN accounts. By its own terms, however, the provision dictates only that California law applies to the construction and interpretation of the contract, and thus the provision does not apply to Plaintiffs’ non-eontractual claims asserted under California’s consumer protection statutes. The Court finds Mazza is clear and Plaintiffs misconstrue the choice of law provision in the SNE Terms and Service Agreement. Accordingly, the Court DISMISSES Plaintiffs’ claims arising under the UCL, FAL, and the CLRA, with respect to the nonresident named Plaintiffs with prejudice.

2. Standing Under the UCL, FAL and CLRA

Sony next argues that Plaintiffs lack standing to sue under California’s consumer protection statutes because they have not alleged a cognizable injury. To maintain standing under the UCL and FAL, a plaintiff must “(1) establish a loss or deprivation of money or property sufficient to qualify as injury in fact, i.e., economic injury; and (2) show that economic injury was the result of, i.e., caused by, the unfair business practice or false advertising that is the gravamen of the claim.” Kwikset Corp. v. Super. Ct., 51 Cal.4th 310, 120 Cal.Rptr.3d 741, 246 P.3d 877, 885 (2011). A plaintiff need not allege eligibility for restitution to establish standing. Id. at 894-95, 120 Cal.Rptr.3d 741. Similarly, the CLRA requires that a plaintiff allege a “tangible increased cost or burden to the consumer.” Meyer v. Sprint Spectrum L.P., 45 Cal.4th 634, 88 Cal.Rptr.3d 859, 200 P.3d 295, 301 (2009). This requires showing “not only that a defendant’s conduct was deceptive but that the deception caused them harm.” In re Vioxx Class Cases, 180 Cal.App.4th 116, 129, 103 Cal.Rptr.3d 83, 94 (2009). Generally, the standard for deceptive practices under the fraudulent prong of the UCL applies equally to claims for misrepresentation under the CLRA. See Consumer Advocates v. Echostar Satellite Corp., 113 Cal.App.4th 1351, 1360, 8 Cal.Rptr.3d 22 (2003). For this reason, courts often analyze California’s consumer statutes together. See, e.g., Paduano v. American Honda Motor Co., Inc., 169 Cal.App.4th 1453, 1468-73, 88 Cal.Rptr.3d 90 (2009) (analyzing UCL and CLRA claims together).

Although the requirements of federal standing under Article III and the requirements of standing under California’s consumer protection statutes overlap, there are important differences. See Troyk v. Farmers Grp., Inc., 171 Cal.App.4th 1305, 1348-49, 90 Cal.Rptr.3d 589 (2009). For example, under Article III a plaintiff must allege: (1) an injury in fact; (2) causation; and (3) likelihood that the injury will be redressed by a favorable decision. Lujan, supra, 504 U.S. at pp. 560-561, 112 S.Ct. 2130. Conversely, under the UCL and FAL, Proposition 64 incorporates into Business and Professions Code section 17204 only the first element (i.e., an “injury in fact”), but includes two additional requirements not applicable to federal standing. Thus, even if a plaintiff has established an “injury in fact” for purposes of Article III, he must also show he has “lost money or property” to maintain an action under the UCL and FAL. See Troyk, 171 Cal.App.4th 1305 at 1348-49, 90 Cal.Rptr.3d 589.

Plaintiffs allege they have standing under the UCL, FAL, and CLRA because (1) their Personal Information was compromised; (2) they lost use of their consoles as a result of an interruption in PSN Services; (3) they lost use of Third-Party Services; and (4) they suffered a diminution in value of their PS3s and PSPs. Sony contends that none of Plaintiffs’ alleged losses are a cognizable injury because Plaintiffs have not suffered lost “money or property.” The Court is inclined to agree.

First, Plaintiffs’ allegations that the heightened risk of identity theft, time and money spent on mitigation of that risk, and property value in one’s information, do not suffice as injury under the UCL, FAL, and/or the CLRA. See In re iPhone Application Litigation, No. 11-MD-02250LHK, 2011 WL 4403963, at *14 (N.D.Cal. Sept. 20, 2011) (“[njumerous courts have held that a plaintiffs ‘personal information’ does not constitute money or property under the UCL”); Ruiz v. Gap, Inc., No. 07-5739-SC, 2009 WL 250481 at *3-4 (N.D.cal. Feb. 3, 2009), aff'd, 380 Fed.Appx. at 692 (stating that time and money spent to monitor and repair their credit is not the “kind of loss of money or property necessary for standing to assert a claim under section 17200”).

Second, Plaintiffs’ contentions that the interruption of PSN Services and the Data Breach caused damage to the value of their consoles are simply too speculative to constitute “lost money or property.” In order to have “lost money or property” a plaintiff must demonstrate some form of economic injury. Kwikset, 51 Cal.4th at 323, 120 Cal.Rptr.3d 741, 246 P.3d 877. Economic injury can occur in many ways, including, but not limited to, when a plaintiff “(1) surrenders] in a transaction more, or acquire[s] in a transaction less, than he or she otherwise would have; (2) [has] a present or future property interest diminished; (3) [is] deprived of money or property to which he or she has a cognizable claim; or (4) [is] required to enter into a transaction, costing money or property, that would otherwise have been unnecessary.” Id. Although this is by no means an exhaustive list to determine whether or not the required harm has been suffered, it is clear after Proposition 64 that “a private plaintiff filing suit now must establish that he or she has personally suffered such harm.” Id. Here, Plaintiffs have not alleged their consoles are worth less or their personal property was damaged as a result of the Data Breach. Moreover, although Plaintiffs’ PSN Service may have been temporarily suspended, they have not alleged they surrendered more than they otherwise would have because the PSN Terms and Service Agreement disclaimed any rights to uninterrupted service.

Finally, Plaintiffs’ claims of diminution in value of their consoles and/or loss of use of prepaid Third-Party Services also fail to establish a loss of money or property. As reaffirmed at the motion hearing, none of the named Class members assert their consoles are somehow defective after the PSN was restored, nor do any Class members assert they value their consoles less as a result of the Data Breach. Moreover, with regard to the loss of Third-Party Services, Plaintiffs have not alleged they were unable to access such services through an alternative medium, even if the PSN was a more preferable medium. Therefore, because none of the named Plaintiffs subscribed to premium PSN services, and thus received the PSN services free of cost, Plaintiffs have not alleged “lost money or profits.”¹⁹ Accordingly, the Court DISMISSES Plaintiffs claims under the UCL, FAL, and CLRA with leave to amend to plead standing.

3. The UCL, FAL, and CLRA Claims Must be Plead with Particularity

Even if the named Plaintiffs have standing, Sony argues they have failed to allege the UCL, FAL, and CLRA violations with sufficient particularity. Specifically, Sony contends that because the gravamen of Plaintiffs’ consumer claims is misrepresentation, i.e., that the intrusion and ensuing suspension of service contravened statements originally made by Sony, the heightened pleading standards under Rule 9(b) apply.²⁰ Federal Rule of Civil Procedure 9(b) requires that “[i]n all averments of fraud or mistake, the circumstances constituting fraud or mistake shall be stated with particularity.” Therefore, “the pleader must state the time, place, and specific content of the false misrepresentations as well as the identities of the parties to the misrepresentation.” Odom v. Microsoft Corp., 486 F.3d 541, 553 (9th Cir.2007) (citation omitted). Furthermore, the plaintiff must “set forth an explanation as to why the statement or omission complained of was false and misleading.” In re GlenFed, Inc. Sec. Litig., 42 F.3d 1541, 1548 (9th Cir.1994) (en banc), superseded by statute on other grounds.

Plaintiffs do not contest that Rule 9(b) applies to their consumer claims. Instead, Plaintiffs allege they have satisfied the requirements of the Rule 9(b) because they have sufficiently plead “what is false and misleading about the statement and why the statement is false.” See Cooper v. Pickett, 137 F.3d 616, 625 (9th Cir.1997). Sony asserts Plaintiffs have failed to meet this standard because the Consolidated Complaint does not allege (1) actionable statements likely to deceive, and (2) reliance on such statements as required under the statutes.²¹ Each is discussed in turn.

i. Actionable Statements that are “Likely to Deceive”

The Consolidated Complaint alleges that Sony violated the UCL, FAL, and CLRA by: (1) misrepresenting the quality of its Network security; (2) misrepresenting it would take “reasonable measures” to protect consumers’ Personal Information; (3) misrepresenting that the PS3s and PSPs could access PSN online services; (4) misrepresenting that the PS3s and PSPs would be able to connect to Qriocity, SOE, and other Third Party Services such as Netflix; and (5) failing to disclose that its Network was unsecure. (Doc. No. 78 ¶¶ 120, 122, 123, 133, 134, 135, 144, 146.). Sony argues that none of these statements are likely to deceive the reasonable consumer.

“To state a claim under the [UCL and FAL] one need not plead and prove the elements of a tort. Instead, one need only show that ‘members of the public are likely to be deceived.’ ” Bank of the West, 2 Cal.4th at 1267, 10 Cal.Rptr.2d 538, 833 P.2d 545 (quoting Chem v. Bank of America, 15 Cal.3d 866, 876, 127 Cal.Rptr. 110, 544 P.2d 1310 (1976)). “Likely to deceive implies more than a mere possibility that the advertisement might conceivably be misunderstood by some few consumers viewing it in an unreasonable manner. Rather the phrase indicates that the ad is such that it is probable that a significant portion of the general consuming public or of targeted consumers, acting reasonably in the circumstances, could be mislead.” Lavie v. Procter & Gamble Co., 105 Cal.App.4th 496, 508, 129 Cal.Rptr.2d 486 (2003) (internal citations omitted). Thus, “by explicitly imposing a ‘reasonable care’ standard on advertisers, [the FAL] implicitly adopts such a standard for consumers as well-unless particularly gullible consumers are targeted, a reasonable person may expect others to behave reasonably as well.” See Freeman v. Time, Inc., 68 F.3d 285, 289 (9th Cir.1995). Accordingly, the conduct need only be likely to deceive the reasonable consumer, and not a particular consumer. See Williams v. Gerber Prods. Co., 552 F.3d 934, 938 (9th Cir.2008).

Here, Plaintiffs have failed to sufficiently plead statements that would likely deceive the reasonable consumer. First, Sony never represented that the PSPs and PS3s would “always” be able to access the internet and/or connect to other online services. Instead, similar to the service agreement in Janda v. T-Mobile, which informed consumers who purchased the phone that the “monthly service rate excludes taxes and surcharges,” the SNE Terms of Service explicitly disclaimed that “continuous and uninterrupted” access to the PSN was a feature of Plaintiffs consoles. 2009 WL 667206 (N.D.Cal. Mar. 13, 2009) , aff'd 378 Fed.Appx. 705 (9th Cir.2010) (dismissing plaintiffs UCL claim with prejudice because it was undisputed that T-Mobile disclosed the imposition of such fees). Moreover, Plaintiffs do not contest that, albeit for the period of interrupted service at issue, their PSPs and PS3s did and still do have the ability to access the PSN Network. Thus, similar to Freeman, where the Ninth Circuit upheld the dismissal of a challenge to a mailer that suggested the plaintiff had won a million dollar sweepstakes because the mailer explicitly stated multiple times that the plaintiff would only win the prize if he had the winning sweepstakes number, here, the disclaimer clearly informed Plaintiffs that access to the PSN was subject to interruption. 68 F.3d 285 (9th Cir.1995).²²

Furthermore, Plaintiffs’ claim that Sony misrepresented the quality of its Network Security fails for similar reasons. Before registering for the PSN all Plaintiffs had to agree to Sony’s Privacy Policy, which states that “there is no such thing as perfect security ... we cannot ensure or warrant the security of any information transmitted to us through the [the PSN] ...” Thus, in the presence of clear admonitory language that Sony’s security was not “perfect,” no reasonable consumer could have been deceived. Cf Schnall v. The Hertz Corp., 78 Cal.App.4th 1144, 1163-64, 93 Cal.Rptr.2d 439 (2000) (finding that disclaimers do not give notice to the reasonable consumer when they are incomprehensible and needlessly complex). Therefore, Plaintiffs have failed to sufficiently allege how Sony’s representations taken as a whole would be likely to deceive the reasonable consumer. Accordingly, the Court DISMISSES Plaintiffs UCL, FAL, and CLRA claims with leave to amend.

ii. Reliance

Sony further alleges that even if Plaintiffs properly alleged actionable deceptive statements, their claims under the UCL, FAL, and CLRA fail because they have not shown actual reliance.²³ Specifically, Sony alleges that Plaintiffs have failed to show that they purchased or otherwise acquired their consoles and Third Party Services on the basis of Sony’s statements regarding the availability of PSN Services or the veracity of Sony’s Network security. In response, Plaintiffs argue that under In re Tobáceo II Cases they are not required to plead actual reliance, and under Massachusetts Mutual Life Insurance Co. v. Super. Ct., reliance is presumed where the misrepresentation or omission is material. 46 Cal.4th 298, 328, 93 Cal.Rptr.3d 559, 207 P.3d 20 (2009); 97 Cal.App.4th 1282, 119 Cal.Rptr.2d 190 (2002). The Court finds both Tobacco II and Massachusetts Mutual inapposite, and thus failure to plead actual reliance by the named Class members fatal to Plaintiffs’ consumer claims.

For fraud-based claims under all three consumer statutes the named Class members must allege actual reliance to have standing.²⁴ In re Tobacco II Cases, 46 Cal.4th 298, 306, 93 Cal.Rptr.3d 559, 207 P.3d 20 (2009) (A plaintiff “proceeding on a claim of misrepresentation as the basis of his or her UCL action must demonstrate actual reliance on the allegedly deceptive or misleading statements, in accordance with well-stated principles regarding the element of reliance in ordinary fraud actions”); Cohen v. DIRECTV, Inc., 178 Cal.App.4th 966, 973, 101 Cal.Rptr.3d 37 (2009) (same for claims arising under the CLRA). Actual reliance is presumed, or at least inferred, when the omission is material. Tobacco II, 46 Cal.4th at 327, 93 Cal.Rptr.3d 559, 207 P.3d 20. See also Vasquez v. Super. Ct., 4 Cal.3d 800, 814, 94 Cal.Rptr. 796, 484 P.2d 964 (1971); accord Mass. Mut. Life Ins. Co., 97 Cal.App.4th at 1292, 119 Cal.Rptr.2d 190. However, even after Massachusetts Mutual, an inference of common reliance arises only when plaintiffs can show that but for defendant’s material misrepresentation or omission plaintiffs would have proceeded differently. 97 Cal.App.4th at 1293, 119 Cal.Rptr.2d 190; McAdams v. Monier, Inc., 182 Cal.App.4th 174, 184, 105 Cal. Rptr.3d 704 (2010); Kwikset Corp. v. Super. Ct., 51 Cal.4th 310, 327, 120 Cal.Rptr.3d 741, 246 P.3d 877, 888 (2011). Finally, where plaintiffs allege “exposure to a long-term advertising campaign,” they need not identify the particular advertisements that induced them to make their purchases. 46 Cal.4th 298, 93 Cal.Rptr.3d 559, 207 P.3d 20.²⁵

Here, the Consolidated Complaint alleges that Plaintiffs acquired their consoles before consenting to Sony’s Privacy Policy and Terms of Service Agreement, which Plaintiffs allege contain the alleged misrepresentations. Indeed the named Class members contend that they created their PSN accounts — and thus assented to the Terms of Sony’s Terms of Service and Privacy Policy — after they acquired their consoles. Thus, even if the Court found Sony’s alleged misrepresentations material, because Plaintiffs had already purchased or otherwise acquired their consoles when the alleged misrepresentations were made, reliance on such statements in purchasing their consoles is impossible. Therefore, even though Plaintiffs are not required to show that the alleged misrepresentations were the “sole or even decisive” cause of the injury-producing conduct, Plaintiffs are still required to show that the “misrepresentation was an immediate cause” of the injury. Tobacco II, 46 Cal.4th at 328, 93 Cal.Rptr.3d 559, 207 P.3d 20. See also Hall v. Time Inc., 158 Cal.App.4th 847, 857, 70 Cal.Rptr.3d 466 (2008) (demurrer was properly sustained where the plaintiff did not allege that misrepresentations caused him to pay money for a book or that he would otherwise have returned the book to avoid payment). Accordingly, because Plaintiffs have not plead actual reliance, cannot rely on an inference of reliance, and have not alleged a long-term advertising campaign such that reliance is unnecessary, the Court DISMISSES Plaintiffs claims under the UCL, FAL, and CLRA with leave to amend to plead actual reliance by the named Class members.

4. Basis for Restitution and Injunctive Relief under the UCL and FAL

Sony next contends that Plaintiffs’ UCL and FAL claims fail to establish any entitlement to restitution or injunctive relief, which are the only remedies available to a UCL and FAL claimant. With regard to restitution, Sony argues Plaintiffs are not entitled to such relief because Plaintiffs paid monies to third parties-not Sony-any loss of value over the lifetime of the consoles or services did not accrue to Sony, and Sony offered free premium services for the period of interrupted services. Furthermore, with regard to injunctive relief, Sony argues Plaintiffs have failed to state what injunctive relief, if any, they are entitled to, or how such relief would be warranted as there is no continuing wrong that needs to be rectified. The Court is inclined to agree.

Although Plaintiffs seek to justify restitution on the ground that the remedy is permitted to “compel a defendant to return money obtained through an unfair business practice to persons in interest from whom the property was taken,” the remedy requires a corresponding benefit to the defendant. See Trew v. Volvo Cars of N. Amer., No. CIV-S-05-1379, 2006 WL 306904, at *2, 2006 U.S. Dist. Lexis 4890, at *6 (E.D.Cal. Feb. 8, 2006) (finding restitution appropriate even where defendant did not receive money directly from plaintiff if defendant otherwise profited from an unfair business practice). Here, however, Sony did not benefit financially from the Data Breach, nor did Sony receive monies paid by Plaintiffs for Third Party Services. Moreover, because “[c]ase law is clear that the loss of use and loss of value ... are not recoverable as restitution because they provide no corresponding gain to a defendant,” Plaintiffs cannot use such a basis to support a claim for restitution. Wofford v. Apple, Inc., No. 11-cv-0034-AJB (NLS), 2011 WL 5445054 at *3 (S.D.Cal. Nov. 9, 2011). Plaintiffs did not assert additional grounds for restitution at the motion hearing.

With regard to injunctive relief, Plaintiffs allegations are conclusory in that they argue relief should be granted because they have been injured by Sony’s conduct. However, such assertions fail to specify the relief they seek, or even the basis on which they seek it.²⁶ Accordingly, the Court DISMISSES Plaintiffs’ claims for restitution under the UCL and FAL with prejudice and DISMISSES Plaintiffs’ claims for injunctive relief under the UCL and FAL with leave to amend.

5. Applicability of the CLRA

In addition to the deficiencies in Plaintiffs’ CLRA claim noted above, Sony also asserts that Plaintiffs have (1) failed to comply with the statute’s procedural notice requirements; and (2) failed to allege an intent to “sell or lease” a “good or service” as required under the statute.

i. CLRA Affidavit Requirement

As a prerequisite to seeking damages under the CLRA, a plaintiff is required to provide notice to the defendant of the alleged statutory infraction, and a demand to rectify the alleged violation.²⁷ Cal.Civ.Code § 1782(a). Such notice must be received by the defendant thirty (30) days before filing such suit. Cal. Civ.Code § 1782(a). A plaintiff may alternatively file suit for injunctive relief without notice, give notice of intent to amend the claims to add a claim for damages, and amend thirty (30) days after the notice. Cal. Civ.Code § 1782(d).

Here, adequate notice was given. The Consolidated Complaint alleges that on June 8, 2011, Plaintiff Johnson mailed Sony notice in writing, and that the notice expressly set forth the nature of the dispute and declared that damages would be sought if the appropriate corrections were not made. After Sony failed to respond, Plaintiffs instituted the current action. Furthermore, in compliance with Cal. Civ.Code § 1780(d), Plaintiff Johnson attached his affidavit to his complaint, which stated that San Diego County is an appropriate venue. See ECF No. 1-1 (Case 3:11-cv-01268-BTM-WMC). Because the CLRA notice requirement is intended to provide the defendant with an opportunity to cure its conduct and avoid an action for damages, the Court finds Johnson’s letter and affidavit satisfy the requirements under § 1780(a) and (d). See Stearns v. Ticketmaster Corp., 655 F.3d 1013, 1023 (9th Cir.2011) (finding CLRA notice does not have to state that Plaintiffs plans to commence a class action); In re Easysaver Rewards Litig., 737 F.Supp.2d 1159, 1178 (S.D.Cal.2010) (holding that putative class met the CLRA notice requirements even though plaintiff who had sent the letter and attached the affidavit was dismissed as a Class representative).

ii. Applicability of the CLRA to the Transactions at Issues

California’s Consumers Legal Remedies Act (“CLRA”) establishes a nonexclusive statutory remedy for unfair methods of competition and unfair or deceptive acts or practices undertaken by any person in a transaction intended to result or which results in the sale or lease of goods or services to any consumer. McAdams v. Monier, Inc., 60 Cal.Rptr.3d 111 (2007). Any consumer who suffers any damage as a result of the use or employment by any person of a method, act, or practice declared to be unlawful by section 1770 of California’s Civil Code, may bring an action against that person to recover actual damages, injunctive relief, restitution of property, punitive damages, and any other relief the court deems proper. See id. (citing Cal. Civ.Code § 1780(a)).

In the Consolidated Complaint, Plaintiffs allege Sony violated the CLRA by inducing Plaintiffs and other consumers to purchase PS3s and PSPs, by inducing Plaintiffs and other consumers to purchase or register for the PSN, and by representing that its Network was secure when in fact it knew, or should have known that its Network was vulnerable to attack. [Doc. No. 78146.] Defendants argue, and the Court agrees, that because Plaintiffs did not “purchase or lease” a “good or service” Plaintiffs’ CLRA claim must fail.

First, although the CLRA does not require a contractual relationship between the consumer and the defendant, the transaction must result or be intended to result in the sale or lease of goods or services to a consumer. See McAdams, 60 Cal.Rptr.3d 111 (2007); Wofford v. Apple Inc., 11-CV-0034 AJB NLS, 2011 WL 5445054 (S.D.Cal. Nov. 9, 2011). Here, although Plaintiffs try to fit within the CLRA by arguing that Sony “sold” PSPs and PS3s with the intent that they be used in conjunction with the PSN,” the Court finds this argument unavailing. The PSN is a free service that consumers can choose or refuse to register for. All of which occurs after they purchase a PSP, PS3 or other Sony console. Thus, the purchase of the Sony console is a separate transaction from the transaction to acquire the PSN. Therefore, because consumers who purchased a Sony console, yet never registered for the PSN, or utilized the device to access Third-Party Services, were not affected by the Data Breach, the Court finds the transaction at issue does not fall within the parameters of the CLRA.

Even if the Court found the transaction resulted in a sale or lease, Plaintiffs’ CLRA claim would fail because the PSN is not a good or service as defined under the statute. “Services” within the context of the CLRA are defined as “work, labor, and services other than a commercial or business use, including services furnished in connection with the sale or repair of goods.” Cal. Civ.Code § 1761(b). “Goods” are defined as “tangible chattels.” Id. § 1761(a). Here, Plaintiffs unavailing argue that the present action fits within the CLRA because “Sony sold PSPs and PS3s, intending them to be used with the PSN and other online services.” However, this does nothing to prove that the shutdown of the PSN, which is the basis for Plaintiffs’ claim, is a good or service as defined by the CLRA. Furthermore, California law is clear that software is not a tangible good or service for the purposes of the CLRA. In Ferrington v. McAfee, Inc., 10-CV-01455-LHK, 2010 WL 3910169 (N.D.Cal. Oct. 5, 2010), the court discussed the application of the CLRA to a license for the use of software and concluded that the CLRA expressly limits the definition of “goods” to “tangible chattels,” which exclude software from the Acts coverage. See Berry v. American Exp. Publishing, Inc., 147 Cal.App.4th 224, 229, 54 Cal.Rptr.3d 91 (Cal.Ct.App.2007). Accordingly, although Plaintiffs tried to differentiate this case from Wofford, this Court sees no difference between an iPhone and the iOS Operating system, and the PSP/ PS3 and the PSN. Thus, the Court DISMISSES Plaintiffs’ CLRA claim with leave to amend.

C. California Civil Code Section 1798.80 “Breach Act” (Fourth Cause of Action)

Sony next argues that Plaintiffs have failed to state a claim under the California Database Breach Act, Cal. Civ.Code §§ 1798 et seq. (“the Breach Act”), because: (1) the notice provided was timely as a matter of law; (2) no statutory personal information is alleged; (3) Plaintiffs have failed to allege they were injured as a result; and (4) the claim is barred as to non-resident Plaintiffs.

First, Sony claims that its disclosure of the breach was timely as a matter of law because the statute does not require notification immediately upon the very first sign of a potential breach; rather, it requires notice “in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, ... or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.” Cal. Civ.Code § 1798.82(a). In support, Sony points to the California Office of Privacy Protection’s Guidance on best practices following a data breach, which instructs California businesses that, “Once you have determined that the information was, or is reasonably believed to have been, acquired by an unauthorized person, notify affected individuals within 10 business days.” However, because the Court may only take judicial notice of the Privacy Protection Guidelines as proof of their existence, and not for the truth of the matters asserted therein, the Court finds that such a factual determination is not proper on a motion to dismiss.

As to Sony’s remaining allegations, because the Court has already found that Plaintiffs have alleged enough “cognizable injury” to assert standing under Article III, and the parties have not alerted the Court to any case law defining “injury” under the statute, nor did the Court find any through its own independent research, the Court finds Plaintiffs’ allegations of “injury” sufficient. The same is true regarding whether or not Plaintiffs have sufficiently alleged theft of personal information to fall within the purview of the statute. Finally, although Plaintiffs try once again to save the claims of nonresident Plaintiffs, the Breach Act is clear that it applies only to “ensure the personal information [of] California residents [is] protected.” Cal. Civ.Code § 1798.81.5(a).

Finally, although neither party alerted the Court to such in their moving papers, or at oral argument, under Section 1798.84(d), “Unless the violation is willful, intentional, or reckless, a business that is alleged to have not provided all the information required by subdivision (a) of Section 1798.83, to have provided inaccurate information, failed to provide any of the information required by subdivision (a) of Section 1798.83, or failed to provide information in the time period required by subdivision (b) of Section 1798.83, may assert as a complete defense in any action in law or equity that it thereafter provided regarding the information that was alleged to be untimely, all the information, or accurate information, to all customers who were provided incomplete or inaccurate information, respectively, within 90 days of the date the business knew that it had failed to provide the information, timely information, all the information, or the accurate information, respectively.” (emphasis added).²⁸ Thus, because the Consolidated Complaint only alleges that Sony either knew or should have known that its security measures were inadequate, and failed to inform Plaintiffs of the breach in a timely fashion, none of Plaintiffs current allegations assert willful, intentional, or reckless conduct on behalf of Sony. Accordingly, the Court DISMISSES Plaintiffs’ cause of action under the Breach Act with prejudice as to the non-resident Plaintiffs and with leave to amend as to the California named Plaintiffs.

D. Unjust Enrichment (Fifth Cause of Action)

Sony moves to dismiss Plaintiffs’ fifth cause of action alleging there is not an independent cause of action for unjust enrichment. Courts consistently have held that unjust enrichment is not a proper cause of action under California law. “The phrase ‘unjust enrichment’ does not describe a theory of recovery, but an effect: the result of a failure to make restitution under circumstances where it is equitable to do so.” Melchior v. New Line Prod., Inc., 106 Cal.App.4th 779, 793, 131 Cal.Rptr.2d 347 (2003) (quoting Lauriedale Assoc., Ltd. v. Wilson, 7 Cal.App.4th 1439, 1448, 9 Cal.Rptr.2d 774 (1992)). “Unjust enrichment is a general principle, underlying various legal doctrines and remedies, rather than a remedy itself.” Id. (quoting Dinosaur Dev., Inc. v. White, 216 Cal. App.3d 1310, 1315, 265 Cal.Rptr. 525 (1989) (quotation marks omitted)). Simply put, “there is no cause of action in California for unjust enrichment.” Id. Accordingly, the Court DISMISSES Plaintiffs’ claim for unjust enrichment with prejudice.

E. Bailment (Seventh Cause of Action)

Finally, Sony seeks dismissal of Plaintiffs’ seventh cause of action because the type of relationship and transaction necessary to support a claim for bailment does not exist in this case. The Ninth Circuit, relying on California law, has defined bailment as “the deposit of personal property with another, usually for a particular purpose.” United States v. Alcaraz-Garcia, 79 F.3d 769, 774 n. 11 (9th Cir.1996); see also Whitcombe v. Stevedoring Sens, of Am., 2 F.3d 312, 317 (9th Cir.1993) (stating “California law generally defines a bailment as the delivery of a thing in trust for a purpose upon an implied or express contract”) (internal citation omitted); Earhart v. Callan, 221 F.2d 160, 163 (9th Cir.1955) (defining a bailment as “the relationship arising when personal property is delivered to another for some particular purpose upon an express or implied contract to redeliver the goods when the purpose has been fulfilled or to otherwise deal with the goods according to the bailor’s directions”).

Plaintiffs’ claim for bailment fails for several reasons. First, as Plaintiffs freely admit, Plaintiffs’ Personal Information was stolen as a result of a criminal intrusion of Sony’s Network. Plaintiffs do not allege that Sony was in any way involved with the Data Breach. Rather, Plaintiffs allege that Sony failed to maintain adequate security procedures to protect against this type of theft. Thus, there are no allegations of conversion or any other intentional conduct by Sony that would indicate that Sony sought to unlawfully retain possession of Plaintiffs’ Personal Information.

Second, the Court is hard pressed to conceive of how Plaintiffs’ Personal Information could be construed to be personal property so that Plaintiffs somehow “delivered” this property to Sony and then expected it be returned. If such a legal theory for bailment exists, Plaintiffs have failed to present the Court with such in its Opposition papers.²⁹ Finally, because the only allegation against Sony regarding the theft of Plaintiffs’ Personal Information was that Sony was negligent or otherwise engaged in unfair or fraudulent practices, Plaintiffs’ claim for bailment is duplicative of its claims for negligence and violations of California’s consumer protection statutes. Damages under bailment are typically related to the reasonable value of the property that was not returned. See Weisberg v. Loughridge, 253 Cal.App.2d 416, 428, 61 Cal.Rptr. 563 (Ct.App.1967) (stating “[o]ne who is in possession of personal property as a bailee and thereafter converts it by excluding therefrom the person rightfully entitled to possession without the consent of the owner is liable for its reasonable value”). Thus, any damages Plaintiffs might be able to recover under this unorthodox claim for bailment would be recoverable under its negligence and/or consumer protection claim. For the reasons stated above, the Court DISMISSES Plaintiffs’ claim for bailment with prejudice.

CONCLUSION

For the reasons set forth above, the Court GRANTS in part and DENIES in part Defendants’ motion to dismiss. Plaintiffs have until November 9, 2012 to file an amended Consolidated Complaint. Specifically, the Court makes the following findings with respect to Defendants’ instant motion:

1. GRANTS Defendants’ supplemental request for judicial notice as to all documents, but not as to the contents of the Privacy Protection Guidelines;

2. GRANTS Defendants’ motion to dismiss for lack of Article III standing as to Defendants SOE and SCA with leave to amend;

3. DENIES Defendants’ motion to dismiss for lack of Article III standing as to the remaining Sony Defendants;

4. GRANTS Defendants’ motion to dismiss as to the Sixth Cause of Action for negligence with leave to amend;

5. GRANTS Defendants’ motion to dismiss as to the First, Second, and Third Causes of Action under the UCL, FAL, and CLRA with prejudice as to non-resident Plaintiffs and Plaintiffs claims for restitution, and with leave to amend with respect to the remaining claims;

6. GRANTS Defendants’ motion to dismiss as to the Fourth Cause of Action under the Breach Act with prejudice as to non-resident Plaintiffs, and with leave to amend as to resident Plaintiffs and all remaining claims;

7. GRANTS Defendants’ motion to dismiss as to the Fifth Cause of Action alleging unjust enrichment with prejudice;

8. GRANTS Defendants’ motion to dismiss as to the Seventh Cause of Action alleging bailment with prejudice.

IT IS SO ORDERED.

1 . Timothy Blood, Brian Strange, and Gayle Blatt appeared in person on behalf of the Plaintiffs, and Paul Geller, Adam Levitt, Ben Barrow, and David McKay appeared telephonically on behalf of the Plaintiffs. William Boggs, Amanda Fitzsimmons, Harvey Wolkoff, Dan Routh, and Mark Szpak appeared on behalf of the Defendants.

2 . As it must, for purposes of the present Motion to Dismiss, the Court accepts as true the factual allegations set forth by Plaintiffs in the Consolidated Complaint.

3 . On April 1, 2011, SCEA transferred its online PSN and Qriocity service operations to SNEA, including transferring Plaintiffs' and other Class members' Personal Information to SNEA for handling. [Id. ¶ 39.]

4 . This prompted an Internet activist group known as "Anonymous” to warn Sony in online, public postings, "You have abused the judicial system in an attempt to censor information on how your products work ... Now you will experience the wrath of Anonymous ... Expect us.” [Id. ¶ 74.]

5 . The Court previously denied Plaintiffs’ motions to remand related case Nos.: 11cv2119 (Detert) and 11cv2120 (Hinkle).

6 . Mr. Johnson alleged fraudulent credit card charges and Mr. Howe alleged he incurred credit monitoring costs as a result of the Data Breach. Sony alleges neither has sustained an injury-in-fact. See e.g., Anderson v. Hannaford Bros., 659 F.3d 151, 155 n. 2, 167 (1st Cir.2011) (dismissing all the claims of all named plaintiffs who alleged fraudulent charges that were later reimbursed).

7 . Plaintiffs did not specifically respond to Sony’s contentions regarding Johnson and Howe. However, Plaintiffs stated that the losses asserted are "direct financial injuries to Plaintiffs and other Class members, and such economic losses have always conferred Article III standing. [Doc. No. 107, 11:1-4.]

8 . In support of this contention Sony points to many out of state cases. As such, these sources are only persuasive and not binding authority. See Reilly v. Ceridian Corp., 664 F.3d 38, 42-46 (3d Cir.2011) (dismissing plaintiffs’ claims for lack of injury because plaintiffs’ contentions that the hacker obtained the information with the intent of misusing it, and was in fact able to do so, were speculative — noting that "unless and until these conjectures come true, [plaintiffs] have not suffered any injury”) (emphasis added); Amburgy v. Express Scripts, Inc., 671 F.Supp.2d 1046, 1053 (E.D.Mo.2009) (granting motion to dismiss); Key v. DSW, Inc., 454 F.Supp.2d 684, 691 (S.D.Ohio 2006) (granting motion to dismiss); Hammond v. Bank of N.Y. Mellon Corp., No. 08 Civ. 6060(RMB)(RLE), 2010 WL 2643307, at *7 (S.D.N.Y. June 25, 2010) (granting summary judgment for defendant).

9 . See Webb v. Carter’s Inc., 272 F.R.D. 489, 498 (C.D.Cal.2011) (putative class members who alleged that they “acquired” rather than "purchased” a defective product did not suffer a cognizable injury for the purposes of standing).

10 . See Webb, 272 F.R.D. at 498 (finding that a majority of plaintiffs, regardless of purchase or acquisition, suffered no adverse effect).

11 . However, Plaintiffs must be mindful that Article III standing requirements are an “indispensable part of a plaintiffs case.” Lujan, 504 U.S. at 561, 112 S.Ct. 2130. Therefore, if the Court later finds Plaintiffs’ injury is hypothetical, speculative, or lacks a causal connection, the Court must conclude Plaintiffs lack standing. Moreover, where actual evidence is required, in the case of summary judgment, a much different result could occur in this case.

12 . However, once again, the cases cited by Sony are only persuasive authority and not binding on this Court. See, e.g., In re TJX Cos. Retail Sec. Breach Litig., 564 F.3d 489, 498-99 (1st Cir.2009) (affirming dismissal of negligence claims under the Massachusetts economic loss rule); Cumis Ins. Soc., Inc. v. BJ’s Wholesale Club, Inc., 455 Mass. 458, 918 N.E.2d 36, 46-47 (2009) (holding that Massachusetts law precluded recovery in negligence for economic loss in data breach case); Pa. State Employees Credit Union v. Fifth Third Bank, 398 F.Supp.2d 317, 330 (M.D.Pa.2005).

13 . Sony's Privacy Policy (which each user must agree to) promises that Sony will “take reasonable measures to protect the confidentiality, security, and integrity of the personal information collected from our website visitors” and that "Sony Online Services use industry standard encryption to prevent unauthorized electronic access to sensitive financial information such as your credit card number.” [Id. ¶ 42.] However, the Privacy Policy also expressly disclaims any promise of immunity from intrusion: "Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our website, Sony Online Services or that we store on our systems or that is stored on our service providers’ systems.” [See Def.’s RJN, Ex. B, 6.]

Additionally, Sony’s Terms of Service agreement (which every user must enter into) expressly provides that Sony does not offer any warranty against uninterrupted service: "No warranty is given about the quality, functionality, availability or performance of Sony Online Services, or any content or service offered on or through Sony Online Services ... SNEA does not warrant that the service and content will be uninterrupted, error-free or without delays ... SNEA assumes no liability for any inability to purchase, access, download or use any content, data or service.” [See Def.'s RJN, Ex. A, 9.]

14 . At the motion hearing Sony asserted that Plaintiffs failure to address the economic loss doctrine in their opposition waived any right to contest the doctrine’s applicability. However, the Court finds that Plaintiffs did mention the doctrine, albeit insubstantially in their opposition, and is nonetheless unwilling to dismiss the claim offhandedly and without considering its merits.

15 . As stated by the court in North American Chemical, "economic loss” includes "damages for inadequate value, costs of repair and replacement of the defective product or consequent loss of profits-without any claim of personal injury or damages to other property....” Sacramento Regional Transit Dist. v. Grumman Flxible (1984) 158 Cal.App.3d 289, 294, 204 Cal.Rptr. 736. Although purely economic loss usually occurs in the form of lost profits, it may also include consequential damages, loss of expected proceeds, lost opportunities, diminution in the value of the allegedly defective property, the costs of repair and replacement, loss of use, loss of goodwill, and damages paid to third parties as a result of a defendant's negligence. See Segalla & Nowak, Economic Loss Rule: Foreseeability-Dialogue of the 90's? (Fall, 1994) 45 Fed’n. of Ins. & Corp. Couns. Q. 25, 26.

16 . Among other cases, Sony cites to Krottner, 406 Fed.Appx. at 131 (affirming dismissal because the plaintiffs failed to allege actual loss or damage required to state a claim for negligence under Washington law); Ruiz v. Gap, Inc., 380 Fed.Appx. 689, 691 (9th Cir.2010) (affirming summary judgment for defendant because the plaintiff failed to allege appreciable damage required to state a claim for negligence under California law); Low v. LinkedIn Corp., No. 5:11-cv-01468-LHK, 2011 WL 5509848, at *4 (N.D.Cal. Nov. 11, 2011) (denying standing under Article III for plaintiff's claim that his personal information had independent economic value).

17 . Plaintiffs' opposition states that such authority is not instructive as the Ninth Circuit applied Washington law. However, the Court does not find this argument persuasive because the elements required in a negligence action under Washington law and California law are not materially different.

18 . Scott Lieberman lives in Plantation, Florida; Adam Schucher lives in Surfside, Florida; Rebecca Mitchell lives in East Lansing, Michigan; and Christopher Wilson lives in Dallas, Texas. Kyle Johnsona dn Arthur Howe both live in San Diego, California.

19 . See TrafficSchool.com, Inc. v. Edriver, Inc., 653 F.3d 820, 825 n. 1 (9th Cir.2011) ("Plaintiffs filing an unfair competition suit must prove a pecuniary injury ... and "immediate” causation ... neither is required for Article III standing.”).

20 . Rule 9(b)'s heightened pleading standards apply equally to claims for violation of the UCL, FAL, or CLRA that are grounded in fraud. See Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1103-06 (9th Cir.2003); Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir.2009).

21 . The Consolidated Complaint alleges violations under all three prongs of the UCL — the unlawful, unfair, and fraudulent prongs. Although Sony does not specifically contest the validity of Plaintiffs’ claims under the unlawful and unfair prongs, to the extent the Court dismisses the underlying statutory violations those claims would also fail. See Kowalsky v. Hewlett-Packard Co., 771 F.Supp.2d 1156, 1162 (N.D.Ca.2011) (dismissing UCL claim that was predicated on CLRA violation).

22 . The Ninth Circuit found it was not necessary to evaluate additional evidence regarding whether the advertising was deceptive because the advertisement itself made it impossible for the plaintiff to prove that a reasonable consumer was likely to be deceived.

23 . The Court addresses this ground for dismissal in the event Plaintiffs amend their Consolidated Complaint.

24 . The standing requirements for a CLRA claim and a UCL/FAL claim differ in a class action. Under the CLRA, each class member must present actual injury, whereas under the UCL/FAL, even after Proposition 64, only the named Class representatives must reliance and causation. See In re Steroid Prod. Cases, 181 Cal.App.4th 145, 155, 104 Cal.Rptr.3d 329 (2010). See also Stearns v. Ticketmaster Corp., 655 F.3d 1013, 1022 (9th Cir.2011) (stating that causation on a classwide basis may be established by materiality).

25 . In the class action context, the UCL and FAL only requires named Class members to plead actual reliance, whereby the CLRA requires actual reliance of all Class members. See Mass. Mut. Life Ins. Co., 97 Cal.App.4th at 1292, 119 Cal.Rptr.2d 190.

26 . Plaintiffs acknowledged these deficiencies at the motion hearing, but noted any deficiency could be remedied if granted leave to amend.

27 . Unlike the UCL and FAL, plaintiffs can recover money damages under the CLRA. Here, Plaintiffs seek compensatory and exemplary damages, an order enjoining Sony from continuing the unlawful practices described herein, a declaration that Sony's conduct violated the CLRA, restitution as appropriate, attorneys’ fees, and the costs of litigation. [Doc. No. 153.]

28 . Plaintiffs Consolidated Complaint included Section 1798.84 subdivisions (a), (b), (c) and (e), but omitted subdivision (d). (Doc. No. 78 at 36-37.)

29 . The Court finds the present case distinguishable from cases cited by Plaintiffs. See Software Design & Application, Ltd. v. Hoefer & Arnett, Inc., 49 Cal.App.4th 472, 485, 56 Cal.Rptr.2d 756 (1996) (finding funds in a brokerage account are in the nature of bailment); Kremen v. Cohen, 337 F.3d 1024, 1035-36 (9th Cir.2003) (finding internet domain name was property subject to bailment). Moreover, Plaintiffs rely on People v. Cohen, a 1857 California Supreme Court case. 8 Cal. 42. The Court does not find this case determinative.