In re Sony Gaming Networks & Customer Data Security Breach Litigation

996 F. Supp. 2d 942, 82 U.C.C. Rep. Serv. 2d (West) 493, 2014 WL 223677, 2014 U.S. Dist. LEXIS 7353

• Court: District Court, S.D. California
• Decided: January 21, 2014
• Docket: MDL No. 11md2258 AJB (MDD)
• Status: Published

Opinion

ORDER GRANTING IN PART AND DENYING IN PART DEFENDANTS’ MOTION TO DISMISS PLAINTIFFS’ FIRST AMENDED CONSOLIDATED CLASS ACTION COMPLAINT

ANTHONY J. BATTAGLIA, District Judge.

This action arises out of a criminal intrusion into a computer network system used to provide online gaming and Internet connectivity via an individual’s gaming console or personal computer. Plaintiffs, a nationwide putative consumer class, allege that Sony Computer Entertainment America, LLC (“SCEA”), Sony Online Entertainment, LLC (“SOE”), and Sony Network Entertainment America, Inc. (“SNE”) (collectively, “Sony” or “Defendants”), failed to provide reasonable network security, including utilizing industry-standard encryption, to safeguard Plaintiffs’ personal and financial information stored on Sony’s network.¹

Presently before the Court is Sony’s motion to dismiss Plaintiffs’ First Amended Consolidated Class Action Complaint (“FACC”). (Doc. No. 135.) Sony also submitted a request for judicial notice, (Doc. No. 135, Ex. 2), a notice of lodgment of foreign authorities, (Doc. No. 135, Ex. 2), and a notice of supplemental authorities, (Doc. No. 137).² Plaintiffs filed an opposition to Sony’s motion to dismiss on May 6, 2013, (Doc. No. 146), and Sony filed a reply on June 20, 2013, (Doc. No. 150). The Court issued a tentative ruling on October 10, 2013, (Doc. No. 157), and held a hearing on the motion on October 18, 2013, (Doc. No. 158). On October 24, 2013, the Court ordered supplemental briefing on seven of Plaintiffs’ consumer protection claims. (Doc. No. 159.) Sony filed its supplemental brief on November 15, 2013, (Doc. No. 163), Plaintiffs filed their opposition on December 6, 2013, (Doc. No. 164), and Sony filed its reply on December 20, 2013, (Doc. No. 165). On January 7, 2014, Plaintiffs filed a notice of supplemental authority informing the Court of a recent memorandum decision issued by the Ninth Circuit.³ (Doc. No. 166.) For the reasons set forth below, the Court GRANTS IN PART and DENIES IN PART Sony’s motion to dismiss.

BACKGROUND

I. Factual Background

Sony develops and markets the PlayStation Portable hand-held device (“PSP”) and the PlayStation 3 console (“PS3”) (collectively, “Console” or “Consoles”). (FACC ¶¶ 38, 39.) Both Consoles allow users to play games, connect to the Internet, and access Qriocity, Sony Online Entertainment Services, and the Play Station Network (“PSN”) (collectively, “Sony Online Services”).⁴ (Id. at ¶¶ 40-43.) Through the PSN, which is offered to consumers free of charge, users can engage in multi-player online games, (Id. at ¶ 27), and for additional one-time fees, the PSN allows users to purchase video games, add-on content (“map packs”), demos, themes, movie trailers, TV shows, and movies (collectively, “Downloads”). Users can also access various prepaid third party services by connecting to Sony Online Services via their Consoles or computers, including Netflix, MLB.TV, and NHL Gamecenter LIVE (collectively, “Third Party Services”). (Id. at ¶ 45).

Before establishing a PSN, Qriocity, and/or SOE account, Plaintiffs and other consumers were required to enter into a Terms of Service User Agreement with Sony and agree to Sony’s Privacy Policy. (Id. at ¶¶ 55-60.) As part of this registration process, Plaintiffs and other consumers were required to provide Sony with personal identifying information, including their names, mailing addresses, email addresses, birth dates, credit and debit card information (card numbers, expiration dates, and security codes), and login credentials (collectively, “Personal Information”).⁵ (Id. at ¶ 35.) On April 1, 2011, SCEA transferred its online PSN and Qriocity service operations to SNEA, including transferring Plaintiffs’ and other Class members’ Personal Information to SNEA for handling. (Id. at ¶ 54.) As a result of the transfer, SNEA required all PSN and Qriocity users to enter into a new Terms of Service User Agreement (“PSN User Agreement”) and Privacy Policy (“PSN Privacy Policy”). (Id. at ¶¶ 55, 56.) Plaintiffs who established accounts with SOE had to agree to SOE’s User Agreement (“SOE User Agreement”) and SOE’s Privacy Policy (“SOE Privacy Policy”). (Id. at ¶ 60.)

On April 16, 2011 or April 17, 2011, Plaintiffs allege that hackers accessed Sony’s Network (computer systems, servers, and databases), thereby stealing the Personal Information of millions of Sony’s customers, including Plaintiffs. (Id. at ¶ 65.) Plaintiffs further allege that even though Sony discovered that PSN and Qriocity user data had been stolen as early as April 17, 2011, Sony did not notify Plaintiffs and other affected consumers at that time. (Id. at ¶ 70.) Instead, on April 20, 2011, Sony simply took the PSN and Qriocity systems offline, stating that “[w]e’re aware certain functions of PlayStation Network are down. We will report back here as soon as we can with more information.” (Id. at ¶ 71.) Thereafter, the PSN and Qriocity systems remained offline for almost a month while Sony conducted a system audit to determine the cause of the breach. (Id. at ¶ 124.) During this time, Plaintiffs and the other Class members were unable to use Sony Online Services, and many were unable to access Third Party Services via their Consoles. (Id.)

Between April 21, 2011 and April 25, 2011, while Qriocity and the PSN remained offline, Plaintiffs allege that Sony continued to misrepresent the circumstances of the breach. (Id. at ¶¶ 73-77.) Specifically, Plaintiffs allege that Sony did not inform the public of the breach until April 26, 2011, when Sony made a public statement that user Personal Information had been compromised, and encouraged those affected to “remain vigilant, to review [their] account statements!,] and to monitor [their] credit reports.” (Id. at ¶ 78.) Shortly thereafter, Plaintiffs contend Sony admitted that its failures “may have had a financial impact on our loyal customers. We are currently reviewing options and will update you when the service is restored.” (Id. at ¶ 79.) Plaintiffs further allege that Sony conceded that “[s]ome games may require access to PSN for trophy sync, security checks[,] or other network functionality!,] and therefore cannot be played offline.” (Id.) On May 2, 2011, Sony also took SOE offline, (Id. at ¶ 82), and announced that SOE user Personal Information may have been compromised in the breach, (Id. at ¶ 83). This was the first time SOE users were informed that their Personal Information may have been compromised as a result of the intrusion. (Id. at ¶ 83.)

On April 30, 2011, ten days after Sony took the PSN and Qriocity systems offline, Sony announced that it would compensate PSN and Qriocity users in the United States with free identity theft protection services, certain free downloads and online services, and would consider helping customers who had to apply for new credit cards. (Id. at ¶ 85.) Likewise, on May 12, 2011, ten days after Sony took the SOE network offline, Sony announced that it would compensate SOE users in the United States by offering free identity theft protection services, one month of free service, and certain free in-game bonuses and currency. (Id. at ¶ 86.)

II. Procedural History

On August 16, 2011, the Judicial Panel on Multidistrict Litigation transferred certain civil actions from various district courts across the country into one consolidated action before this Court. (Doc. No. 1.) On November 11, 2011, the Court appointed a Liaison Counsel and a Plaintiffs’ Steering Committee (“PSC”) to streamline the process. (Doc. No. 61.) On January 31, 2012, the PSC filed a Consolidated Class Action Complaint (“Consolidated Complaint”), (Doc. No. 78), and on March 16, 2012, Sony moved to dismiss the Consolidated Complaint, (Doc. No. 94). The Court heard oral argument on the motion on September 27, 2012, and granted in part and denied in part Sony’s motion to dismiss the Consolidated Complaint on October 11, 2012. (Doc. No. 120.) Plaintiffs filed the operative FACC on December 10, 2012. (Doc. No. 128.) The FACC contains eleven named Plaintiffs from nine different states and alleges fifty-one independent causes of action.⁶ (Id.)

III. Named Plaintiffs

Robert M. Bova (“Bova”) resides in Tewksbury, Massachusetts and alleges that he acquired his PS3 in 2008. (FACC ¶ 18.) In or around 2009, Bova created a PSN account and provided his Personal Information to Sony, including information possibly regarding his Bank of America Visa and TD Bank debit card accounts. (Id.) Bova used the PSN through his PS3 to play games and to download additional game content such as “map packs.” (Id.) As a result of the intrusion, Bova’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he purchased credit monitoring services at a cost of approximately $10.00 per month. (Id.) Bova does not allege when he purchased credit monitoring services or that he experienced any unauthorized charges as a result of the intrusion. (Id.)

Christian Pierce Railed (“Railed”) resides in Wolfeboro, New Hampshire and alleges that he acquired his PS3 in 2009. (Id. at ¶ 19.) On or about October 21, 2009, Railed created a PSN account and provided his Personal Information to Sony, including information possibly regarding his American Express credit card. (Id.). Railed used the PSN through his PS3 to play games, to download game updates, to browse the Internet, and to stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Ralled’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he was unable to access his Netflix account through his PS3. (Id.) Railed does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

Scott Lieberman (“Lieberman”) resides in Plantation, Florida and alleges that he acquired his PS3 in early 2007. (Id. at ¶ 20.) In or around 2007, Lieberman created a PSN account and provided his Personal Information to Sony, including information regarding his American Express credit card. (Id.) Lieberman used the PSN through his PS3 to play games, to download games, and to stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Lieberman’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he was unable to access his Netflix account through his PS3. (Id.) Lieberman does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

Kyle Johnson (“Johnson”) resides in San Diego, California and alleges that he acquired his PS3 in 2007. (Id. at ¶ 21.) In or around 2007, Johnson created a PSN account and provided his Personal Information to Sony, including information regarding his Discover, American Express, and Visa credit card accounts. (Id.) Johnson used the PSN through his PS3 to play games, purchase and download games, and stream prepaid media content from Net-flix. (Id.) As a result of the intrusion, Johnson’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he was unable to access his Netflix account through his PS3. (Id.) In or around October 2011, Johnson alleges two unauthorized charges appeared on his Visa card. (Id.) Johnson does not allege whether these charges were later reimbursed. (Id.)

Arthur Howe (“Howe”) resides in San Diego, California and alleges that he acquired his PS3 in 2008. (Id. at ¶ 22.) Howe alleges he created two PSN accounts, one for him and one for his minor son. (Id.) In order to register for both accounts, Howe alleges he provided his Personal Information to Sony, including his Union Bank debiVcredit card account and a U.S. Bank account. (Id.) Howe used the PSN through his PS3 to play games, purchase and download games such as “map packs,” and stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Howe’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he was unable to access his Netflix account through his PS3. (Id.) Howe also alleges that he was forced to close two bank accounts and purchased credit monitoring services at a charge of approximately $9.00 per month. (Id.) Howe does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion, nor does Howe allege that he was forced to close his banks accounts due to unauthorized charges. (Id.)

Christopher Munsterman (“Munster-man”) resides in Kansas City, Missouri and alleges that he acquired his PS3 in 2008. (Id. at ¶ 23.) In or around 2008, Munsterman created a PSN account and provided his Personal Information to Sony, including information possibly regarding his Commerce Visa Debit card. (Id.) Mun-sterman used the PSN through his PS3 to play games, download games and movies, browse the internet, and stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Munsterman’s Personal Information was stolen, he was unable to access the PSN during the brief interruption in service, and he was unable to access his Netflix account through his PS3. (Id.) Munsterman does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

Adam Schucher (“Schucher”) resides in Surfside, Florida and alleges that he acquired his PS3 in mid-2008. (Id. at ¶ 24.) In or around 2008, Schucher created a PSN account and provided his Personal Information to Sony, including information regarding his Citibank Visa credit card. (Id.) Schucher used the PSN through his PS3 to purchase and download karaoke songs for Karaoke Revolution Presents: American Idol. (Id.) As a result of the intrusion, Schucher’s Personal Information was stolen and he was unable to access the PSN during the brief interruption in service. (Id.) Schucher does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

Rebecca Mitchell (“Mitchell”) resides in East Lansing, Michigan and alleges that she acquired her PS3 in 2009. (Id. at ¶ 25.) In or around 2009, Mitchell created a PSN account and provided her Personal Information to Sony, including information regarding her mother’s credit card and her own Visa debit card. (Id.) Mitchell used the PSN to play games and download karaoke songs for the PlayStation game Sing Star. (Id.) As a result of the intrusion, Mitchell’s Personal Information was stolen and she was unable to access the PSN during the brief interruption in service. (Id.) Mitchell does not allege that she experienced any unauthorized charges on any of her accounts or her mother’s accounts as a result of the intrusion. (Id.)

Christopher Wilson (“Wilson”) resides in Dallas, Texas and alleges that he acquired his PS3 in January 2007. (Id. at ¶ 26.) In or around 2007, Wilson created a PSN account and provided his Personal Information to Sony, including information regarding his Chase Bank Visa debit card. (Id.) Wilson used the PSN to play games and stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Wilson’s Personal Information was stolen, and he was unable to access the PSN during the brief interruption in service. (Id.) Wilson does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

James Wright (“Wright”) resides in Columbus, Ohio and alleges that he acquired his PS3 in 2008. (Id. at ¶27.) In or around 2008 or 2009, Wright created a SOE account, a Qriocity account, and PSN account, and provided his Personal Information to Sony, including information regarding his Visa U.S. Bank debit/credit card (Id.) Wright used his SOE account to play DC Universe Online, his Qriocity account to play music, and his PSN account to play games and stream prepaid media content from Netflix. (Id.) As a result of the intrusion, Wright’s Personal Information was stolen and he was unable to access his SOE, Qriocity, and PSN accounts during the brief interruption in service. (Id.) Wright does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

Timothy B. Whyland (“Whyland”) resides in Baldwinsville, New York and alleges that he acquired his PS3 in 2009. (Id. at 28.) In or around 2009, Whyland created a PSN account and provided his Personal Information to Sony, including information regarding his debit card. (Id.) Whyland used the PSN to play games and download additional golf courses for Tiger Woods Golf Masters PGA Tour 2012 and maps for Battlefield Bad Company 2. (Id.) As a result of the intrusion, Whyland’s Personal Information was stolen and he was unable to access his PSN for approximately twenty-one (21) days. (Id.) Why-land does not allege that he experienced any unauthorized charges on any of his accounts as a result of the intrusion. (Id.)

LEGAL STANDARDS

A complaint must contain “a short and plain statement of the claim showing that the pleader is entitled to relief.” Fed. R.Civ.P. 8(a). A motion to dismiss pursuant to Rule 12(b)(6) tests the legal sufficiency of the claims asserted in the complaint. Fed.R.Civ.P. 12(b)(6); Navarro v. Block, 250 F.3d 729, 731 (9th Cir.2001). When ruling on a motion to dismiss under Rule 12(b)(6), the court must accept all factual allegations pleaded in the complaint as true, and must construe them and draw all reasonable inferences from them in favor of the nonmoving party. Cahill v. Liberty Mut. Ins. Co., 80 F.3d 336, 337-38 (9th Cir.1996). In doing so however, the court is not bound to accept “legal conclusions” as true. Ashcroft v. Iqbal, 556 U.S. 662, 664, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009).

To avoid a Rule 12(b)(6) dismissal, a complaint need not contain detailed factual allegations; rather, the complaint must plead “enough facts to state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). A claim has “facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678, 129 S.Ct. 1937. “The plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Id. “Where a complaint pleads facts that are ‘merely consistent with’ a defendant’s liability, it ‘stops short of the line between possibility and plausibility of entitlement to relief.’ ” Id. (quoting Twombly, 550 U.S. at 557, 127 S.Ct. 1955). As a result, it is not proper for the court to assume that “the [plaintiff] can prove facts that [he or she] has not alleged or that defendants have violated ... laws in ways that have not been alleged.” Associated Gen. Contractors of Cal., Inc. v. Cal. State Council of Carpenters, 459 U.S. 519, 526, 103 S.Ct. 897, 74 L.Ed.2d 723 (1983).

Complaints alleging fraud must satisfy the heightened pleading requirements of Rule 9(b). Rule 9(b) requires that in all averments of fraud or mistake, the circumstances constituting that fraud or mistake should be stated with particularity. Malice, intent, knowledge, and other conditions of a person’s mind may be alleged generally. A pleading is sufficient under Rule 9(b) if it “state[s] the time, place[,] and specific content of the false representations as well as the identities of the parties to the misrepresentation.” Misc. Serv. Workers, Drivers & Helpers v. Phil-co-Ford Corp., 661 F.2d 776, 782 (9th Cir.1981) (citations omitted); see also Vess v. Ciba-Geigy Corp. USA, 317 F.3d 1097, 1106 (9th Cir.2003) (quoting Cooper v. Pickett, 137 F.3d 616, 627 (9th Cir.1997)). Regardless of the title given to a particular claim, allegations grounded in fraud are subject to Rule 9(b)’s pleading requirements. Vess, 317 F.3d at 1103-04; Kearns v. Ford Motor Co., 567 F.3d 1120, 1125 (9th Cir.2009); Bros. v. Hewlett-Packard Co., No. C-06-02254 RMW, 2006 WL 3093685, at *7 (N.D.Cal.2006).

In interpreting federal law, a transferee court in a multidistrict case should look to the law of its own circuit rather than the law of the transferor courts’ circuits. In re Nat’l Century Fin. Enters., Inc., Inv. Litig., 323 F.Supp.2d 861, 876-77 (S.D.Ohio 2004) (citing In re Korean Air Lines Disaster of Sept. 1, 1983, 829 F.2d 1171, 1176 (D.C.Cir.1987)); In re Methyl Tertiary Butyl Ether (“MTBE”) Prods. Liab. Litig., No. 00-1898, 2005 WL 106936, at *5 (S.D.N.Y. Jan. 18, 2005). Thus, although the parties have cited cases from various circuits discussing Rule 9(b)’s heightened pleading requirements, the Court will analyze federal procedural law in accordance with Ninth Circuit precedent.

DISCUSSION

The fifty-one claims alleged in the FACC can be categorized into nine subgroups: (1) negligence; (2) negligent misrepresentation; (3) breach of express warranty; (4) breach of implied warranty; (5) unjust enrichment; (6) violation of state consumer protection statutes; (7) violation of the California Database Breach Act; (8) violation of the federal Fair Credit Reporting Act; and (9) partial performance/breach of the covenant of good faith and fair dealing. Sony moves to dismiss the FACC on the basis that Plaintiffs lack standing and that each cause of action fails to state a claim upon which relief can be granted. Each is discussed in turn.

I. Standing

Sony’s standing argument is two-fold. First, Sony contends SOE should be dismissed as a named Defendant because Plaintiffs do not have standing to pursue non-Ohio state law claims against SOE on behalf of non-Ohio residents. And second, Sony contends Plaintiffs’ amended allegations fail to establish Article III standing in light of the Supreme Court’s recent decision in Clapper v. Amnesty International, — U.S.-, 133 S.Ct. 1138, 185 L.Ed.2d 264 (2013).

A. Standing to Assert Claims Against SOE

First, Sony contends Plaintiffs lack standing to pursue non-Ohio state-law claims on behalf of non-Ohio residents because Plaintiff Wright, an Ohio resident, is the only named Plaintiff that is an SOE network subscriber. Plaintiffs do not rebut that Wright is the only SOE network subscriber, but contend that Wright has standing to pursue claims: (1) on behalf of SOE network subscribers alleging violations of Ohio law; and (2) on behalf of all SOE network subscribers, regardless of their state of residence, for enforcement of the settlement agreement and alleged violations of the FCRA. The Court agrees. As stated below, although each of Plaintiffs’ claims under Ohio law and the FCRA are dismissed without leave to amend, Plaintiffs have standing to assert claims against SOE for enforcement of the settlement agreement and/or breach of the covenant of good faith and fair dealing. Accordingly, Sony’s motion to dismiss SOE as a named Defendant is DENIED.

B. Article III Standing

Second, in an argument relegated to a footnote, Sony contends the FACC should be dismissed for lack of Article III standing because Plaintiffs’ amended allegations have once again failed to allege an “injury-in-fact” as a result of the intrusion. (Doc. No. 135 at 9 n. 12.) The Court’s prior order denied this exact argument, finding that under Krottner v. Starbucks, 628 F.3d 1139, 1142 (9th Cir.2010), Plaintiffs had sufficiently alleged that their- “sensitive Personal Information [was] wrongfully disseminated, thereby increasing the risk of future harm,” regardless of whether actual “harm [had] yet occurred.” (Doc. No. 120 at 13:17-19.) Sony now urges the Court to reconsider this ruling based on the Supreme Court’s recent decision in Clapper v. Amnesty International, — U.S.-, 133 S.Ct. 1138, 185 L.Ed.2d 264 (2013). Because Article III standing is an “indispensable part of a plaintiffs case,” and not merely a pleading requirement, the Court reconsiders its prior ruling. Lujan v. Defenders of Wildlife, 504 U.S. 555, 561, 112 S.Ct. 2130, 119 L.Ed.2d 351 (1992).

To establish Article III standing, a plaintiff must plead: (1) injury-in-fact; (2) causation; and (3) redressability. Lujan, 504 U.S. at 560-61, 112 S.Ct. 2130. The “injury-in-fact” element requires a plaintiff to plead the “invasion of a legally protected interest which is (a) concrete and particularized, and (b) actual or imminent, not conjectural or hypothetical.” Id. (citations omitted). Analyzing the “injury-in-fact” requirement, the Supreme Court in Clapper considered whether the respondents, who alleged that their work required them to engage in sensitive international communications with individuals potentially targeted under the Foreign Intelligence Surveillance Act (the “Act”), had Article III standing to declare the Act unconstitutional and/or to obtain an injunction against surveillance authorized under the Act. 133 S.Ct. at 1142-43. Respondents argued that they had sufficiently alleged an “injury-in-fact” based on: (1) the objectively reasonable likelihood that their communications would at some point be targeted under the Act; and (2) the fact that they had already taken costly and burdensome measures to protect the confidentiality of their international sources. Id. at 1147-54.

The Supreme Court rejected both arguments. Id. With regard to the first argument, the Supreme Court stated that although it may be “objectively reasonable” that respondents’ communications may at some point be intercepted under the Act, respondents had failed to show that the “threatened injury” was “certainly impending.” Id. at 1147. The Supreme Court noted that a “speculative chain of possibilities ... based on potential future surveillance” was not enough. Id. at 1150. With regard to respondents’ second argument, the Supreme Court stated that if parties could base Article III standing on reasonably incurred costs to avoid the risk of future harm, it would “water[] down the fundamental requirements of Article III.” Id. at 1151. “If the law were otherwise, an enterprising plaintiff would be able to secure a lower standard for Article III standing simply by making an expenditure based on a nonparanoid fear.” Id. Therefore, the Supreme Court held that even though respondents’ measures to avoid surveillance authorized under the Act was not “fanciful, paranoid, or otherwise unreasonable,” respondents could not “manufacture standing merely by inflicting harm on themselves based on fears of hypothetical harm that was not “certainly impending.” ” Id. at 1151.

Based on the above, Sony argues Clapper tightened the “injury-in-fact” analysis set forth by the Ninth Circuit in Krottner v. Starbucks and previously relied upon by the Court in its prior order. The Court does not agree. The Ninth Circuit in Krottner found Article III standing based on a “credible threat of harm” that was “both real and immediate, not conjectural or hypothetical,” 628 F.3d at 1143. In contrast, the Supreme Court in Clapper found that respondents failed to sufficiently allege Article III standing because a speculative chain of possibilities based on potential future surveillance was not enough to plausibly allege a “certainly impending” injury. 133 S.Ct. at 1150. Therefore, although the Supreme Cburt’s word choice in Clapper differed from the Ninth Circuit’s word choice in Krottner, stating that the harm must be “certainly impending,” rather than “real and immediate,” the Supreme Court’s decision in Clapper did not set forth a new Article III framework, nor did the Supreme Court’s decision overrule previous precedent requiring that the harm be “real and immediate.” To the contrary, the Supreme Court’s decision in Clapper simply reiterated an already well-established framework for assessing whether a plaintiff had sufficiently alleged an “injury-in-fact” for purposes of establishing Article III standing. Id. at 1147 (“Thus, we have repeatedly reiterated that ‘threatened injury must be certainly impending to constitute injury in fact,’and that ‘[allegations of possible future injury’ are not sufficient.”) (quoting Whitmore v. Ark., 495 U.S. 149, 158, 110 S.Ct. 1717, 109 L.Ed.2d 135 (1990)).

Therefore, the Court finds both Clapper and Krottner controlling, and case law in this circuit analyzing the “injury-in-fact” requirement following Krottner highly persuasive.⁷ For example, courts in this circuit have routinely denied motions to dismiss based on Article III standing where a plaintiff alleges that his personal information was collected and then wrongfully disclosed, as opposed to alleging that his personal information was collected without his consent.⁸ Compare In re Facebook Privacy Litig., 791 F.Supp.2d 705, 711-12 (N.D.Cal.2011) (finding plaintiffs’ allegations that their personal information was disclosed as opposed to just collected and retained by defendants sufficient for purposes of establishing Article III standing), Doe 1 v. AOL, LLC, 719 F.Supp.2d 1102, 1108-09 (N.D.Cal.2010) (finding plaintiffs’ allegations that their personal information was collected and then disclosed sufficient for purposes of establishing Article III standing), and San Luis & Delta-Mendota Water Auth. v. U.S. Dep’t of the Interior, 905 F.Supp.2d 1158, 1171 (E.D.Cal.2012) (“Although it was not guaranteed that reduced allocations would come to pass, the threat of harm was certainly real, not conjectural or hypothetical.”), with Yunker v. Pandora Media, Inc., No. 11-CV-03113 JSW, 2013 WL 1282980, at *3 (N.D.Cal. Mar. 26, 2013) (“Yunker does not allege that he disclosed sensitive financial information, such as a social security number or a credit card number, to Pandora. Further, he has not alleged that anyone has breached Pandora’s servers.”), Low v. LinkedIn Corp., No. 11-ev-01468-LHK, 2011 WL 5509848, at *6 (N.D.Cal. Nov. 11, 2011) (distinguishing Krottner in that the plaintiff had not alleged that his highly personal information had been stolen and then exposed to the public), and In re Google, Inc. Privacy Policy Litig., No. C 12-01382 PSG, 2012 WL 6738843, at *6 (N.D.Cal. Dec. 28, 2012) (dismissing plaintiffs’ claims based on Google’s policy of retaining personal information for lack of Article III standing because there were no allegations plaintiffs’ personal information had been disseminated).

Therefore, the Court finds Plaintiffs’ allegations that their Personal Information was collected by Sony and then wrongfully disclosed as a result of the intrusion sufficient to establish Article III standing at this stage in the proceedings. (FACC ¶¶ 18-29, 119-123, 124-127.) Although Sony argues that Plaintiffs’ allegations are insufficient because none of the named Plaintiffs have alleged that their Personal Information was actually accessed by a third party, neither Krottner nor Clapper require such allegations. Instead, Plaintiffs have plausibly alleged a “credible threat” of impending harm based on the disclosure of their Personal Information following the intrusion.⁹ See Cher-ri v. Mueller, No. 12-11656, 2013 WL 2558207, at *9 (E.D.Mich. June 11, 2013) (stating that after Clapper, a plaintiff need only allege a “certainly impending injury that is fairly traceable to” the defendant’s purported conduct to withstand a motion to dismiss). Accordingly, the Court DENIES Sony’s motion to dismiss based on Article III standing.¹⁰

II. Failure to State a Claim Under Rule 12(b)(6)

A. Negligence Claims

Plaintiffs assert negligence claims under California law (Count 5), Florida law (Count 11), Massachusetts law (Count 14), Missouri law (Count 27), and Ohio law (Count 43). (FACC ¶¶ 196-211, 244-249, 262-270, 355-360, 451-456.) Each claim requires a plaintiff to allege the following four elements: (1) the existence of a legal duty; (2) breach of that duty; (3) causation; and (4) cognizable injury.¹¹ Sony moves to dismiss each claim on the basis that Plaintiffs have failed to allege a cognizable injury, and even if they had, Plaintiffs have failed to allege that Sony had a legal duty to guarantee the security of Plaintiffs’ Personal Information. The Court first addresses the Florida, Missouri, and Ohio negligence claims, and then addresses the California and Massachusetts negligence claims.¹²

1. Florida, Missouri, and Ohio Negligence Claims

The Florida, Missouri, and Ohio negligence claims contain identical factual allegations. (FACC ¶¶ 244-249, 355-360, 451-456.) Each claim alleges that because Sony requested, gathered, and promised to secure Plaintiffs’ Personal Information, Sony had a duty to provide reasonable security consistent with industry standards, to ensure Sony Online Services were secure, and to protect Plaintiffs’ Personal Information from theft or misuse. Plaintiffs allege Sony breached this duty by failing to adequately secure its network, and that Plaintiffs suffered “economic injury and property damage” as a result of the intrusion. {Id. at ¶¶249, 360, 456.) The FACC does not explicitly allege what economic injury and/or property damage Plaintiffs allegedly suffered as a result of the intrusion.

Although Plaintiffs are not required to put forth evidence of their alleged injury at this stage in the proceeding, Plaintiffs’ allegations of causation and harm are wholly conclusory, and therefore fail to put the Court or Sony on notice of the specific relief requested. Iqbal, 556 U.S. at 663, 129 S.Ct. 1937 (“A claim has facial plausibility [under Rule 8] when the pleaded factual content allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.”); In re Polyurethane Foam Antitrust Litig., 799 F.Supp.2d 777, 792 (N.D.Ohio 2011), reconsideration denied (Sept. 15, 2011) (stating that conclusory allegations fail to put the defendant on notice of the claims alleged against it). For example, Plaintiffs do not specifically allege what economic injury they allegedly suffered as a result of Sony’s negligence, what property was allegedly damaged, or how the alleged property damage was proximately caused by Sony’s breach. Merely appending a clause incorporating by reference all prior allegations is insufficient, especially when Plaintiffs have alleged fifty-one independent causes of action in a complaint spanning over a hundred pages. See, e.g., Brandon v. City of N.Y., 705 F.Supp.2d 261, 268-69 (S.D.N.Y.2010) (“Such general allegations, without supporting facts other than a clause incorporating an entire complaint by reference, are insufficient to withstand even a motion to dismiss ... ”); Noel v. Bank of Am., No. 12-4019-SC, 2012 WL 5464608, at *3 (N.D.Cal. Nov. 8, 2012) (stating that incorporation by reference language failed to meet Rule 8’s pleading requirements because the plaintiff failed to connect specific allegations to the elements of her claims.) It is the Plaintiffs’ burden — not the Court’s — to identify the specific relief sought for each individual cause of action.

Therefore, although the Florida, Missouri, and Ohio negligence claims were not previously dismissed for lack of specificity in the Consolidated Complaint, because these claims appeared for the first time in the FACC, the Court finds its previous order dismissing the California negligence claim sufficiently put Plaintiffs’ counsel on notice that conclusory allegations of causation and harm would not suffice. (Doc. No. 120 at 18-20.) This is especially true in light of Plaintiffs’ factual allegations with respect to the Massachusetts negligence claim, which also appeared for the first time in the FACC, as this claim includes specific allegations of causation and harm. As a result, the Court finds Plaintiffs’ counsel, who are sophisticated attorneys well versed in high-profile class-action litigation, were well aware of what was required to state a claim for negligence, and further amendment of these claims would prejudice Defendants. See Eminence Capital, LLC v. Aspeon, Inc., 316 F.3d 1048, 1052 (9th Cir.2003) (“As this circuit and others have held, it is the consideration of prejudice to the opposing party that carries the greatest weight.”). Accordingly, the Court GRANTS Sony’s motion to dismiss the Florida, Missouri, and Ohio negligence claims without leave to amend.

2. California and Massachusetts Negligence Claims

Similar to the Florida, Missouri, and Ohio negligence claims, the California and Massachusetts negligence claims contain identical factual allegations.¹³ (FACC ¶¶ 196-211, 262-270.) Each claim alleges that Sony owed two independent legal duties that were separately breached: (1) the duty to timely disclose the nature of the intrusion, which was breached when Sony delayed in informing Plaintiffs that their Personal Information may have been disclosed to third parties; and (2) the duty to exercise reasonable care in safeguarding Plaintiffs’ Personal Information, which was breached when Sony failed to adopt, implement, and maintain adequate security measures to protect Plaintiffs’ Personal Information. (Id. at ¶¶ 197-200, 263-266.) As a result of Sony’s negligence, and with respect to the breach of both duties, Plaintiffs allege they incurred economic damages, including the cost to purchase credit monitoring services, loss of use and value of Sony Online Services, loss of use and value of Third Party Services, and a diminution in value of their Consoles. (Id. at ¶¶211, 270.) The Court separately addresses Plaintiffs’ allegations of duty and breach.

a. Cognizable Injuries Resulting From Sony’s Duty to Timely Disclose the Intrusion

Assuming without deciding that Sony owed Plaintiffs a legal duty to timely disclose the intrusion and the possibility that Plaintiffs’ Personal Information may have been disclosed, the Court finds Plaintiffs have failed to allege a single cognizable injury proximately caused by Sony’s resulting breach. See Held v. Bail, 28 Mass.App.Ct. 919, 547 N.E.2d 336, 337 (1989); Dalkilic v. Titan Corp., 516 F.Supp.2d 1177, 1190 (S.D.Cal.2007). Although Plaintiffs allege that Plaintiff Johnson received notification of the intrusion on April 27, 2013, approximately ten days after the intrusion, and that Plaintiff Howe received notification of the intrusion on April 28, 2013, approximately eleven days after the intrusion, neither of these allegations set forth a plausible claim that the alleged untimely disclosure, and not the intrusion itself, resulted in Johnson or Howe’s alleged injuries. (FACC ¶¶ 21, 22.) See Berardi v. Menicks, 340 Mass. 396, 164 N.E.2d 544, 546-47 (1960) (“[I]t is not enough to show the mere possibility of a causal connection; the probability of such a connection must be shown”). The same is true with respect to Plaintiff Bova. Although Plaintiffs did not specify when Bova was notified of the intrusion, the Court infers that Bova had constructive notice of the PSN intrusion on April 26, 2011 (when Sony issued a public statement), and that Bova had constructive notice of the SOE intrusion on May 2, 2011 (when Sony posted a Customer Service Notification on SOE’s website). However, as with Johnson and Howe, Plaintiffs allegations do not set forth a plausible claim for relief on the basis that the delay, and not just the intrusion, caused Bova’s alleged injuries. (Id. at ¶¶78, 83.) This cannot be left to conjecture or speculation. See Twombly, 550 U.S. at 561, 127 S.Ct. 1955.

Therefore, even though the Court finds Plaintiffs may have alleged a brief delay in the time period between the intrusion and when Sony notified consumers of the intrusion, the Court finds Plaintiffs have failed to allege that their injuries — credit monitoring services, loss of use and value of the PSN, loss of use and value of Third Party Services, and/or a diminution in value of their Consoles — were proximately caused by Sony’s alleged untimely delay.¹⁴ See Stollenwerk v. Tri-W. Health Care Alliance, 254 Fed.Appx. 664, 668 (9th Cir.2007) (“Here, however, proximate cause is supported not only by the temporal, but also by the logical, relationship between the two events.”); Jorgensen v. Mass. Port Auth., 905 F.2d 515, 524 (1st Cir.1990) (stating that Massachusetts law requires that the defendant’s conduct be the “but-for cause” of the plaintiffs injury). Accordingly, the Court GRANTS Sony’s motion to dismiss the California and Massachusetts negligence claims based on Sony’s alleged breach of the duty to timely disclose the nature of the intrusion. Because the Court finds further amendment of this claim would be futile, the Court grants Sony’s motion without leave to amend.

b. Cognizable Injuries Flowing From Sony’s Duty to Provide Reasonable Network Security

As set forth above, the FACC also alleges that Sony owed Plaintiffs Johnson, Howe, and Bova a duty to exercise reasonable care in safeguarding and protecting their Personal Information. (FACC ¶¶ 197, 263.) Plaintiffs allege this duty included, among other things, the duty to design, implement, maintain, and test Sony’s security system in order to ensure Plaintiffs’ Personal Information was adequately secured and protected. (Id.) Plaintiffs allege Sony breached this duty by failing to implement proper procedures to protect Plaintiffs’ Personal Information, and as a result, Plaintiffs incurred economic damages, including the cost to purchase credit monitoring services, loss of use and value of Sony Online Services, loss of use and value of Third Party Services, and/or a diminution in value of their Consoles. Sony moves to dismiss these claims on the basis that Plaintiffs have failed to allege: (1) a legal duty to provide reasonable security; and (2) cognizable injuries not barred by the economic loss doctrine. The Court discusses each in turn.

i. Legal Duty to Provide Reasonable Security

Although neither party provided the Court with case law to support or reject the existence of a legal duty to safeguard a consumer’s confidential information entrusted to a commercial entity, the Court finds the legal duty well supported by both common sense and California and Massachusetts law. See, e.g., Witriol v. Lexis-Nexis Grp., No. C05-02392 MJJ, 2006 WL 4725713, at *8 (N.D.Cal. Feb. 10, 2006); CUMIS Ins. Soc’y., Inc. v. BJ’s Wholesale Club, Inc., No. 051158, 2005 WL 6075375, at *4 (Mass.Super.Dec. 7, 2005) aff'd, 455 Mass. 458, 918 N.E.2d 36 (2009); Yakubowicz v. Paramount Pictures Corp., 404 Mass. 624, 536 N.E.2d 1067, 1070 (1989) (“A basic principle of negligence law is that ordinarily everyone has a duty to refrain from affirmative acts that unreasonably expose others to a risk of harm.”). As a result, because Plaintiffs allege that they provided their Personal Information to Sony as part of a commercial transaction, and that Sony failed to employ reasonable security measures to protect their Personal Information, including the utilization of industry-standard encryption, the Court finds Plaintiffs have sufficiently alleged a legal duty and a corresponding breach.

ii. Economic Loss Doctrine

However, the existence of a legal duty and a corresponding breach are not the only elements required to state a claim for negligence — Plaintiffs must also allege appreciable, non-speculative harm proximately caused by Sony’s breach. See, e.g., Vinci v. Byers, 65 Mass.App.Ct. 135, 837 N.E.2d 1140, 1145 (2005) (stating that appreciable harm is “injury, loss, or detriment that is capable of being measures or perceived”) (internal citations and quotations omitted); Int’l Engine Parts, Inc. v. Feddersen & Co., 9 Cal.4th 606, 614, 38 Cal.Rptr.2d 150, 888 P.2d 1279 (1995) (stating that a negligence claim requires appreciable, non-speculative, present injury). Here, Plaintiffs allege the following cognizable injuries resulted from Sony’s alleged breach: (1) expenses incurred to purchase credit monitoring services (Howe and Bova); (2) loss of use and value of Sony Online Services (Howe, Johnson, Bova); (3) loss of use and value of Third Party Services (Johnson and Howe); and (4) a diminution in value of Plaintiffs’ Consoles (Johnson, Howe, Bova).¹⁵ (FACC ¶¶207, 211, 270.) Sony contends each of these injuries are barred by the economic loss doctrine as articulated under Massachusetts and California law.

Massachusetts generally prohibits the recovery of purely economic losses in tort absent personal injury or property damage. Aldrich v. ADD Inc., 437 Mass. 213, 770 N.E.2d 447, 454-55 (2002).¹⁶ Although there are exceptions to this general rule, which allow a plaintiff to recover economic losses premised on negligent misrepresentations, Plaintiff Bova alleges an independent negligent misrepresentation cause of action, and his negligence claim is not premised on Sony’s alleged misrepresentations. Therefore, the Court finds the exception inapplicable. (FACC ¶¶ 270, 274.) See Nota Constr. Corp. v. Keyes Assocs., Inc., 45 Mass.App. Ct. 15, 20, 694 N.E.2d 401 (Mass.App.Ct.1998) (“An exception to the doctrine permits recovery for economic losses resulting from negligent misrepresentation.”); 695 Atl. Ave. Co. v. Commercial Const. Consulting, Inc., 64 Mass.App.Ct. 1109, 834 N.E.2d 322 (2005) (affirming the trial court’s dismissal of the negligence claim based on the economic loss rule but noting the negligent misrepresentation claim could proceed because it is an exception to the economic loss doctrine). Accordingly, the Court GRANTS Sony’s motion to dismiss the Massachusetts negligence claim based on the economic loss doctrine without leave to amend. See Hatch v. Dep’t for Children, Youth & Their Families, 274 F.3d 12, 26 (1st Cir.2001).

Similarly, under California law, “[i]n the absence of (1) personal injury, (2) physical damage to property, (3) a ‘special relationship’ existing between the parties, or (4) some other common law exception to the rule, recovery of purely economic loss is foreclosed.” Kalitta Air, LLC v. Cent. Tex. Airborne Sys., Inc., 315 Fed.Appx. 603, 605 (9th Cir.2008) (quoting J'Aire Corp. v. Gregory, 24 Cal.3d 799, 157 Cal.Rptr. 407, 598 P.2d 60, 62-63 (1979) (setting forth the factors a court must consider when determining whether a special relationship exists between the parties)). Put simply, the economic loss doctrine was created to prevent “the law of contract and the law of tort from dissolving one into the other.” Robinson Helicopter Co. v. Dana Corp., 34 Cal.4th 979, 988, 22 Cal.Rptr.3d 352, 102 P.3d 268 (Cal.2004) (internal quotations omitted).

Based on the above, Sony moves to dismiss the California negligence claim on the basis that neither Howe nor Johnson have alleged personal injury or property damage as a result of the intrusion, nor have Howe or Johnson alleged a “special relationship” with Sony based on the factors articulated by the California Supreme Court in J'Aire Corp. v. Gregory, 24 Cal.3d 799, 157 Cal.Rptr. 407, 598 P.2d 60 (1979). Moreover, even if Plaintiffs could satisfy the JAire special relationship test, Sony contends the JAire factors are inapplicable because the duty Sony allegedly violated was specifically referenced in the PSN User Agreement, and therefore, can only form the basis of a contract claim. As a result, Sony contends Plaintiffs’ California negligence claim is nothing more than an attempt to plead around their contract with Sony, which clearly disclaims the economic losses Plaintiffs now seek to recover. Although Plaintiffs Johnson and Howe seemingly concede that the California negligence claim seeks to recover purely economic losses — credit monitoring fees, loss of use and value of the PSN, loss of use and value of Third Party Services, and a diminution in value of their Consoles— they nonetheless argue that they can recover these losses based on the J’Aire “special relationship” exception.

Before turning to the application of the J’Aire factors, the Court dispels Sony’s contention that their contract with Plaintiffs forecloses tort liability. As stated by the California Supreme Court in Aas v. Superior Court, “[a] person may not ordinarily recover in tort for the breach of duties that merely restate contractual obligations.” 24 Cal.4th 627, 643, 101 Cal.Rptr.2d 718, 12 P.3d 1125 (Cal.2004) (superseded by statute on other grounds) (quoting Freeman & Mills, Inc. v. Belcher Oil Co., 11 Cal.4th 85, 107, 44 Cal.Rptr.2d 420, 900 P.2d 669 (Cal.1995)). Based on this general rule, “courts will generally enforce the breach of a contractual promise through contract law, except when the actions that constitute the breach violate a social policy that merits the imposition of tort remedies.” Id. As a result, although a plaintiff will not be able to recover in tort based solely on allegations that a contract was negligently performed, a plaintiff may be able to pursue both contract and tort remedies if the plaintiff alleges that the contractual breach also violated “a duty independent of the contract arising from principles of tort law.” Aas, 24 Cal.4th at 643, 101 Cal.Rptr.2d 718,12 P.3d 1125; see also Erlich v. Menezes, 21 Cal.4th 543, 550, 87 Cal.Rptr.2d 886, 981 P.2d 978 (Cal.1999). Accordingly, because Sony owed Plaintiffs a legal duty to provide reasonable network security (as articulated by the Court above), which was separate and independent from the PSN User Agreement, the Court finds Plaintiffs may pursue both contract and tort remedies, to the extent Plaintiffs’ tort claims are not barred by the economic loss doctrine.¹⁷

Under J’Aire special relationship exception to the economic loss doctrine, the existence of a “special relationship” is based on a determination of the following six factors:

(1) the extent to which the transaction was intended to affect the plaintiff, (2) the foreseeability of harm to the plaintiff, (3) the degree of certainty that the plaintiff suffered injury, (4) the closeness of the connection between the defendant’s conduct and the injury suffered, (5) the moral blame attached to the defendant’s conduct and (6) the policy of preventing future harm.

J’Aire, 157 Cal.Rptr. 407, 598 P.2d at 63. All six factors must be considered by the court and the presence or absence of one factor is not decisive. Kalitta Air, 315 Fed.Appx. at 605-06.

Here, Plaintiffs Johnson and Howe allege a “special relationship” between the parties because: (1) Sony developed Sony Online Services for use with PSPs and PS3s and intended its contract with consumers, which required consumers to provide their Personal Information before registering for such services, to effect Plaintiffs and other class members; (2) if Sony did not reasonably perform its contractual obligations, in light of previous instances of admitted security vulnerabilities, Plaintiffs’ Personal Information could be disclosed; (3) Plaintiffs suffered injury as a result of the intrusion, including expenses incurred to purchase credit monitoring services, loss of use and value of Sony Online Services, loss of use of Third Party Services, and a diminution in value of their Consoles; (4) the injuries were a direct result of Sony’s lack of adequate, reasonable, and industry-standard security measures; (5) Sony’s conduct warrants moral blame because Sony promised to secure Plaintiffs’ Personal Information; and (6) holding Sony accountable will require Sony and other companies to provide reasonable, adequate, and industry-standard security measures. (FACC ¶¶204-211.)

After considering the six J’Aire factors in light of Plaintiffs’ factual allegations, the Court finds Plaintiffs have failed to allege a “special relationship” with Sony beyond those envisioned in everyday consumer transactions, and therefore, negligence is the wrong legal theory on which to pursue recovery for Plaintiffs’ economic losses. See Greystone Homes, Inc. v. Midtec, Inc., 168 Cal.App.4th 1194, 1231, 86 Cal.Rptr.3d 196 (Cal.Ct.App.2008) (“[W]e conclude, as a matter of law, that Midtec did not have a special relationship with Greystone sufficient to support a negligence cause of action for economic losses pursuant to J’Aire.”). The Court first addresses the degree of certainty that Sony’s conduct proximately caused: (1) a loss of use and value of Sony Online Services and a loss of use and value of Third Party Services; (2) costs incurred to purchase credit monitoring services; and (3) a diminution in value of Plaintiffs’ Consoles. See Aas, 24 Cal.4th at 646, 101 Cal.Rptr.2d 718, 12 P.3d 1125 (“Lacking that fundamental prerequisite to a tort claim, it is difficult to imagine what other factors, singly or in combination, might justify the court in finding liability.”).

First, with respect to the alleged loss of use and value of Sony Online Services and the alleged loss of use and value of Third Party Services, neither are recoverable in negligence because they were not proximately caused by Sony’s alleged failure to provide reasonable network security and/or did not result in a measurable loss. Although the amount of recoverable damages is usually a question of fact, which is a determination not properly before the court on a motion to dismiss, the measure of damages, existence of damages, and whether a plaintiff has sufficiently pled a causal connection between the damage and the alleged harm is a question of law. See, e.g., Hendricks v. DSW Shoe Warehouse Inc., 444 F.Supp.2d 775, 779 (W.D.Mich.2006) (citing Wolff & Munier, Inc. v. Whiting-Turner Contracting Co., 946 F.2d 1003, 1009 (2d Cir.1991); Phillips v. TLC Plumbing, Inc., 172 Cal.App.4th 1133, 1139, 91 Cal.Rptr.3d 864 (Cal.Ct.App.2009); Berardi v. Menicks, 340 Mass. 396, 164 N.E.2d 544, 546-47 (1960) (stating that “it is not enough to show the mere possibility of a causal connection; the probability of such a connection must be shown”)). Therefore, because Plaintiffs acknowledge that Sony did not owe Plaintiffs a legal duty to provide uninterrupted PSN service, it is nonsensical, and defies the bounds of common sense for Plaintiffs to simultaneously seek damages for an interruption in PSN service. (Doc. No. 146 at 33-34.) This disconnect in Plaintiffs’ factual allegations is additionally supported by Plaintiffs’ concession that access to the PSN is free, that Plaintiffs did not purchase premium PSN services, that Plaintiffs could access Third Party Services through other mediums, and that Sony’s disclaimed any right to uninterrupted PSN access. See Grawitch v. Charter Commc’ns, Inc., No. 4:12CV01990 AGF, 2013 WL 253534, at *3 (E.D.Mo. Jan. 23, 2013) (finding the plaintiff had failed to state a pecuniary loss because “the upgraded service was provided for free and not at an increased cost”). Therefore, the Court finds neither of these damages were a foreseeable result of Sony’s alleged breach.

Second, with respect to Howe’s ability to recover costs incurred to purchase credit monitoring services, the Court finds Howe has failed to allege why these prophylactic costs were reasonably necessary, and therefore proximately caused by Sony’s alleged breach.¹⁸ In assessing whether credit monitoring services in the context of data breach cases are recoverable in negligence, courts have generally analogized to medical monitoring cases, which require a plaintiff to plead that the monitoring costs were both reasonable and necessary.¹⁹ See Stollenwerk, 254 Fed.Appx. at 666; Pisciotta v. Old Nat Bancorp, 499 F.3d 629, 639 (7th Cir.2007). As a result, courts assessing data breach cases have found that where a state allows recovery for medical monitoring damages (as does California), and a plaintiff has sufficiently alleged a threat of identity theft (i.e., the opening of unauthorized accounts), a plaintiff may seek to recover expenses to purchase credit monitoring services. However, as with the recovery of medical monitoring costs, this is a high burden and requires a plaintiff to plead both a logical and temporal connection between the decision to purchase credit monitoring services and the defendant’s alleged breach. See Stollenwerk, 254 Fed.Appx. at 668; Ruiz v. Gap, Inc., 622 F.Supp.2d 908, 915 (N.D.Cal.2009) aff'd, 380 Fed.Appx. 689 (9th Cir.2010) (“Ruiz cannot meet California’s standard for recovery of monitoring costs because he has presented no evidence that there was a significant exposure of his personal information, and he has presented no evidence that he has become a victim of identity theft.”).

Here, Plaintiff Howe has not met this high burden because has not alleged any instances of identity theft resulting from the intrusion. See Kahle v. Litton Loan Servicing, LP, 486 F.Supp.2d 705, 709 (S.D.Oh.2007) (stating that the recovery of credit monitoring services as a measure of cognizable damages is a question of law to be decided by the court). Although Howe alleges that he was forced to close two bank accounts, Howe does not allege when he closed these accounts, why he closed these accounts, or whether he has ever been a victim of identity theft in the past. (FACC ¶ 22.) These allegations remain unchanged even though Plaintiffs were permitted leave to amend the Consolidated Complaint after Sony’s initial motion to dismiss. Therefore, in accordance with analogous medical monitoring cases and data breach cases from other districts, the Court finds Howe has failed to allege that his prophylactic credit monitoring costs were a reasonable foreseeable result of Sony’s alleged breach.²⁰

Third, with respect to damages relating to an alleged diminution in value of Plaintiffs’ Consoles, Plaintiffs have once again failed to allege enough facts for the Court to adequately access the plausibility of the claim. See Balistreri v. Pacifica Police Dep’t, 901 F.2d 696, 699 (9th Cir.1988) (stating that dismissal can be based on the lack of a cognizable legal theory or the absence of sufficient facts alleged under a cognizable legal theory). As stated in the Court’s prior order, without allegations that Plaintiffs are using their Consoles less as a result of the intrusion, or have reported problems with their Consoles after the intrusion, Plaintiffs’ allegations of diminution in value fail to allege how Plaintiffs have suffered an appreciable, non-speculative harm. See Aguilera v. Pirelli Armstrong Tire Corp., 228 F.3d 1010, 1015 (9th Cir.2000). Although the FACC attempts to bolster the allegations in the Consolidated Complaint by alleging that Plaintiffs’ Consoles diminished in value as a result of Sony’s failure to secure their Personal Information and/or the brief interruption in PSN access, none of these additional allegations support a claim that is “plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 547, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). As stated by countless courts considering this issue, subjective allegations that a product has diminished in value are insufficient. See, e.g., Arcand v. Brother Int’l Corp., 673 F.Supp.2d 282, 301 (D.N.J.2009) (“In evaluating whether a plaintiff has suffered an ascertainable loss, the Court need not countenance ‘hypothetical or illusory’ losses or the wholly subjective expectations of a consumer.”); See In re iPhone Application Litig., 844 F.Supp.2d 1040, 1064 (N.D.Cal.2012) (“Purely economic damages to a plaintiff which stem from disappointed expectations from a commercial transaction must be addressed through contract law; negligence is not a viable cause of action for such claims.”).

Therefore, at this stage in the proceedings, although Plaintiffs are not required to come forward with evidence to support their allegations, Plaintiffs must set forth a plausible claim for relief. Plaintiffs have not done that here. See In re iPhone Application Litig., 844 F.Supp.2d at 1064 (“All of the allegations of harm identified in the Amended Consolidated Complaint are either too speculative to support a claim for negligence under California law, or they stem from disappointed expectations from a commercial transaction and thus do not form the basis of a negligence claim.”)- Instead, after over two years of motion practice conducted by highly sophisticated counsel, Plaintiffs have alleged nothing more than economic damages relating to “disappointed expectations from a commercial transaction,” all of which “must be addressed through contract law.” Id. “[N]egligenee is not a viable cause of action for such claims,” and the Court will not allow expensive, potentially burdensome class action discovery to ensue in the absence of a viable cause of action. See Twombly, 550 U.S. at 558, 127 S.Ct. 1955 (deficiencies in the complaint “should be exposed at the point of minimum expenditure of time and money by the parties and the court” given the prospect of costly discovery); Grigsby v. Valve Corp., No. C12-0553JLR, 2012 WL 5993755, at *4-6 (W.D.Wash. Nov. 14, 2012) (stating that the Twombly pleading standard is particularly demanding in “complex, large-scale” data breach class action litigation). Accordingly, the Court finds the third J’Aire factor weighs against finding a special relationship between the parties.

Plaintiffs’ allegations with respect to the remaining J’Aire factors fare no better. With regard to the first factor, the extent to which the transaction was intended to affect the plaintiff, the Court finds Plaintiffs have failed to allege why the transactions at issue were intended to affect Plaintiffs “in a way particular to [them], as opposed to all potential” consumers. Greystone Homes, 168 Cal.App.4th at 1231, 86 Cal.Rptr.3d 196 (stating that the “J’Aire test was not met because the sink sales at issue were like any other sink sale made by the product manufacturer — i.e., the product manufacturer had not specially made the sink for the benefit of the [plaintiffs]”). Therefore, as noted by countless California courts applying J’Aire, “[i]f a duty of care to avoid economic injury existed [in every contract], every manufacturer would become an insurer, potentially forever, against economic loss from negligent defects in a product used for its intended purpose.” Fieldstone Co. v. Briggs Plumbing Prods., Inc., 54 Cal.App.4th 357, 368-69, 62 Cal.Rptr.2d 701 (Cal.Ct.App.1997); see also Ott v. Alfa-Laval Agri, Inc., 31 Cal.App.4th 1439, 1455, 37 Cal.Rptr.2d 790 (Cal.Ct. App.1995) (“First, neither the pleadings nor the evidence suggests the 1970 milking system was ‘intended to affect’ the plaintiffs in any way particular to the plaintiffs, as opposed to all potential purchasers of the equipment.”); Greystone, 168 Cal.App.4th at 1230-31, 86 Cal.Rptr.3d 196. Therefore, because Plaintiffs have failed to allege that Sony developed the goods and services at issue for Plaintiffs’ specific benefit, above and beyond what was offered to all consumers, the Court finds this factor weighs against imposing a special relationship between the parties.

With regard to the second factor, the foreseeability of harm, the Court finds, as it did above, that Plaintiffs’ injuries were not a foreseeable result of Sony’s alleged negligence. As to the fourth factor, the closeness of the connection between the defendant’s conduct and the injury suffered, the Court finds Plaintiffs have sufficiently alleged a connection between Sony’s conduct and the brief interruption in PSN access. Finally, with regard to fifth and sixth factors, the moral blame attached to Sony’s conduct and the policy of preventing future harm, the Court finds Plaintiffs have alleged that Sony knew of its security vulnerabilities and that imposing liability might influence other businesses to take the necessary precautions. Thus, these factors also weigh in favor of Plaintiffs.

However, after collectively considering the J’Aire factors, the Court finds Plaintiffs have failed to allege a “special relationship” that would allow Plaintiffs to recover purely economic losses unaccompanied by physical injury or property damage. See, e.g., Carrau v. Marvin Lumber and Cedar Co., 93 Cal.App.4th 281, 295, 112 Cal.Rptr.2d 869 (2001) (barring recovery for the diminished value of a house in which defective windows were installed under the economic loss rule); Anthony v. Kelsey-Hayes Co., 25 Cal.App.3d 442, 446, 102 Cal.Rptr. 113 (Cal.Ct.App.1972) (denying loss of bargain damages in negligence). Accordingly, the Court GRANTS Sony’s motion to dismiss the California negligence claims based on the economic loss doctrine without leave to amend. See Leadsinger, Inc. v. BMG Music Pub., 512 F.3d 522, 532 (9th Cir.2008).

B. Negligent Misrepresentation/Innocent Misrepresentation/Negligent Omission

Plaintiffs assert negligent misrepresentation claims under Florida law (Count 9), Massachusetts law (Count 15), Michigan law (Count 19), New Hampshire law (Count 31), Ohio law (Count 42), and Texas law (Count 47), an innocent misrepresentation claim under Michigan law (Count 20), and a negligent omission claim under Missouri law (Count 26). (FACC ¶¶ 234-238, 271-275, 300-304, 305-309, 346-354, 383-387, 446-450, 479-483.) Although there are slight differences between the required elements for each claim, each claim essentially requires Plaintiffs to allege that: (1) they relied upon a material misrepresentation made by Sony; and (2) that the misrepresentation resulted in a subsequent pecuniary loss.²¹ Sony contends Plaintiffs have failed in both respects, and independently moves to dismiss the Ohio negligent misrepresentation claim and the Missouri negligent omission claim. The Court first addresses Sony’s individual grounds for dismissing the Ohio and Missouri claims, and then addresses Sony’s global arguments for dismissing the remaining negligent misrepresentation claims.²²

1. Ohio and Missouri Claims

First, Sony contends the Ohio negligent misrepresentation claim should be dismissed because Ohio only recognizes the claim if the alleged misrepresentation was made for the guidance of others in the course of a business transaction. To support this contention, Sony relies on Doe v. SexSearch.com and Thornton v. State Farm Mutual Auto Insurance Company.23 Although Plaintiffs attempt to distinguish Doe and Thornton, Plaintiffs fail to cite any case law to the contrary and the Court finds their attempts only bolster Sony’s contentions.

Under Ohio law, a “defendant is liable for negligent misrepresentation if he: (1) supplies false information (2) for the guidance of others in their business transaction (3) causing pecuniary loss to the plaintiff (4) while the plaintiff justifiably relied upon the information and (5) the defendant failed to exercise reasonable care or competence in obtaining or communicating the information.” Doe, 551 F.3d at 418. Here, Plaintiffs fail to satisfy the second element. As set forth in the FACC, Plaintiff Wright alleges that he registered for the PSN and SOE networks to play games and stream prepaid media from Netflix, both of which were presumably for personal and not business purposes. See, e.g., Andersons, Inc. v. Consol, Inc., 348 F.3d 496, 505 (6th Cir.2003) (acknowledging the distinct nature of a negligent misrepresentation claim under Ohio law); Thornton, 2006 WL 3359448, at *16 (“The Ohio Supreme Court is unequivocal that negligent misrepresentation is a business tort related to professional malpractice.”). Accordingly, because Plaintiffs do not allege that Wright registered for the PSN or SOE networks for business purposes, the Court GRANTS Sony’s motion to dismiss the Ohio negligent misrepresentation claim without leave to amend.

Second, citing Moore v. U.S. Bank and Lowdermilk v. Vescovo Building & Realty Company, Sony contends the Missouri negligent omission claim should be dismissed because Missouri does not recognize such a claim.²⁴ Although Plaintiffs do not offer an opposition to Sony’s contentions, possibly because Sony’s arguments were relegated to a footnote, the Court finds further briefing on the issue unnecessary. Missouri does not recognize a separate cause of action for negligent omission; rather a plaintiff may plead omissions as the basis for a negligence claim. See, e.g., Govero v. Standard Oil Co., 192 F.2d 962, 964 (8th Cir.1951); City of Kennett v. Wartsila N. Am., Inc., No. 4:05CV114 HEA, 2005 WL 3274334, at *3 (E.D.Mo. Dec. 2, 2005). Accordingly, the Court GRANTS Sony’s motion to dismiss the Missouri negligent omission claim without leave to amend. See In re Gen. Motors Corp. Anti-Lock Brake Prods. Liab. Litig., 174 F.R.D. 444, 446 (E.D.Mo. 1997) aff'd sub nom. Briehl v. Gen. Motors Corp., 172 F.3d 623 (8th Cir.1999) (stating that a court does not “abuse its discretion in refusing to allow amendment of pleadings to change the theory of a case if ... no valid reason is shown for the failure to present the new theory at an earlier time”).

2. Remaining Negligent Misrepresentation Claims

In addition to the arguments set forth above, Sony contends the remaining misrepresentation claims should be dismissed because Plaintiffs have failed to: (1) specify the actual misrepresentations upon which they relied; and (2) allege a pecuniary loss resulting from Plaintiffs’ reliance on the actionable misrepresentation. To the extent the Court finds Plaintiffs have sufficiently stated a claim, Sony also contends that the Michigan, New Hampshire, and Texas misrepresentation claims are barred by the economic loss doctrine.

a. Actual Misrepresentations

First, Sony contends the Florida, Massachusetts, Michigan, New Hampshire, and Texas misrepresentation claims should be dismissed because Plaintiffs have failed to allege actionable misrepresentations in compliance with Rule 9(b). Specifically, Sony argues the Florida, Massachusetts, and Texas claims should be dismissed because Plaintiffs have failed to identify what “advertising, packaging, and correspondence” the alleged misrepresentations were contained in, and the Florida and Texas claims should be dismissed because Plaintiffs have failed to identify how the alleged misrepresentations were “reiterated and disseminated by the officers, agents, representatives, servants, or employees of Defendants acting within the scope of their authority.” (FACC ¶¶ 232, 272, 384, 480, 235, 480.)

Although Sony raises valid arguments, the Court finds Plaintiffs have sufficiently alleged the specific representations they contend were false and/or misleading when made (representations regarding reasonable security and industry-standard encryption), and that these representations were contained in the PSN and SOE User Agreements and/or Privacy Policies, both of which were presented to Plaintiffs at the time they registered for the PSN or SOE network. Therefore, Plaintiffs have sufficiently alleged actionable misrepresentations in compliance with Rule 9(b). However, Plaintiffs allegations regarding the dissemination of these alleged misrepresentations by the officers, employees, and/or representatives of Sony do not satisfy Rule 9(b). Neither the FACC nor Plaintiffs’ opposition supports these allegations with the required specificity. Swartz v. KPMG LLP, 476 F.3d 756, 764-65 (9th Cir.2007) (“Rule 9(b) does not allow a complaint to merely lump multiple defendants together but ‘require[s] plaintiffs to differentiate their allegations when suing more than one defendant ... and inform each defendant separately of the allegations surrounding his alleged participation in the fraud.’ ”) (citing Haskin v. R.J. Reynolds Tobacco Co., 995 F.Supp. 1437, 1439 (M.D.Fla.1998)). Accordingly, the Court finds Plaintiffs have sufficiently alleged actionable misrepresentations in compliance with Rule 9(b), but have failed to sufficiently allege how these misrepresentations were “reiterated and disseminated by the officers, agents, representatives, servants, or employees of Defendants acting within the scope of their authority.”

b. Pecuniary Loss Flowing From Plaintiffs’ Reliance on the Alleged Misrepresentations

Sony also contends that Plaintiffs have failed to allege a pecuniary loss flowing from the alleged negligent misrepresentations. The Court agrees. First, with respect to the Florida and Michigan negligent misrepresentation claims, Plaintiffs allege they would not have registered with Sony Online Services or sent their Personal Information to Sony had they known the truth regarding Sony’s network security. (FACC ¶¶ 234-238, 300-304.) However, as stated above, because Plaintiffs’ Personal Information does not have independent monetary value, registration and use of Sony Online Services was provided to consumers free of charge, and none of the Plaintiffs allege that they paid for premium PSN services, the Court finds Plaintiffs have failed to allege a pecuniary loss caused by Sony’s alleged misrepresentations. See Doe v. Chao, 540 U.S. 614, 625, 124 S.Ct. 1204, 157 L.Ed.2d 1122 (2004) (finding that a plaintiff must allege an “actual, quantifiable, pecuniary loss” to state a cause of action in tort); In Burroius v. Purchasing Power, LLC, No. 1:12— cv-22800-UU, 2012 WL 9391827, at *3 (S.D.Fla. Oct. 18, 2012) (“Personal data does not have an apparent monetary value that fluctuates like the price of goods or services.”); Sipes v. Kinetra, LLC, 137 F.Supp.2d 901, 910 (E.D.Mich.2001) (requiring a resulting damage to the plaintiff). Accordingly, the Court finds the Florida and Michigan negligent misrepresentation claims fail to allege a pecuniary loss.

The same is true with respect to the Massachusetts, New Hampshire, and Texas negligent misrepresentations claims and the Michigan innocent misrepresentation claim. (FACC ¶¶ 271-275, 305-309, 383-387, 446-450.) Each claim alleges that Plaintiffs would not have purchased their Consoles, Sony Online Services, and/or registered for Sony Online Services, or paid as much for these products or services, had they known the truth regarding Sony’s network security. However, as set forth above, Sony Online Services was provided free of charge, and none of the Plaintiffs allege they paid for premium PSN services. Moreover, and even more detrimental to Plaintiffs’ claims, although Plaintiffs allege that they would not have purchased their Consoles “but for” Sony’s alleged misrepresentations, Plaintiffs concede that they base their misrepresentation claims on statements contained in the PSN User Agreement and/or the PSN Privacy Policy, both of which were presented to Plaintiffs “after” they purchased their Consoles. Therefore, the Court finds Plaintiffs cannot plausibly allege that the misrepresentations contained in these agreement induced them to purchase their Consoles. Accordingly, the Court finds the Massachusetts, New Hampshire, and Texas negligent misrepresentations claims and the Michigan innocent misrepresentation claim each fail to allege a pecuniary loss.

Accordingly, the Court GRANTS Sony’s motion to dismiss the Florida, Massachusetts, Michigan, New Hampshire, and Texas negligent misrepresentations claims and the Michigan innocent misrepresentation claim. Because the Court’s prior order highlighted the deficiencies noted above, dismissal is without leave to amend. See Foman v. Davis, 371 U.S. 178, 182, 83 S.Ct. 227, 9 L.Ed.2d 222 (1962) (stating leave to amend need not be given when the party has been given prior opportunities to cure deficiencies).

C. Breach of Warranty Claims

Plaintiffs assert breach of warranty claims under Florida law (Count 7), Michigan law (Count 17), Missouri law (Count 24), New Hampshire law (Count 29), New York law (Count 34), Ohio law (Counts 40-41), and Texas law (Count 45). (FACC ¶¶ 222-227, 288-293, 334-339, 404-409, 371-376, 441-445, 467-472, 436-440.) Each claim essentially asserts the same factual basis for relief — Sony made affirmations of fact and/or promises to consumers regarding the adequacy and performance of Sony’s network security, and subsequently breached these promises by failing to provide adequate network security to protect Plaintiffs’ Personal Information.

Sony moves to dismiss each warranty claim on the basis that: (1) the choice-of-law provisions in the PSN and SOE User Agreements, upon which Plaintiffs base their claims, require any and all claims arising out of the agreements to be brought under California law; (2) Plaintiffs have failed to allege a cognizable injury; (3) Plaintiffs have failed to plead reliance; (4) Plaintiffs have failed to demonstrate that an express warranty has been breached; and (5) Plaintiffs cannot recover consequential, incidental, or special damages pursuant to limitation of damages clauses contained in the agreements. Because the Court finds the choice-of-law clauses in the PSN and SOE User Agreements require Plaintiffs to bring their breach of warranty claims under California law, which Plaintiffs have not done, the Court does not addresses Sony’s remaining arguments for dismissal.²⁵

1. Choice-of-Law Analysis

Sony contends each breach of warranty claim should be dismissed pursuant to the choice-of-law clauses in the PSN and SOE User Agreements because the agreements specify that any and all claims arising under the agreements must be brought under California law. (Doc. No. 94-2, Ex. A, SNE User Agreement; Doc. No. 135-2, Ex. 1, SOE User Agreement.) Sony further argues judicial estoppel supports this argument because Plaintiffs previously relied on the PSN and SOE User Agreements to support their UCL, FAL, and CLRA claims, and therefore can not now elect to contest the applicability of these agreements. (Doc. No. 78 ¶ 116; FACC ¶ 145). In response, Plaintiffs do not specifically address the applicability of the choice-of-law clauses, rather, Plaintiff argue that judicial estoppel does not bar their claims because they never asserted California breach of warranty claims, and they did not previously “achieve success” with regard to their UCL, FAL, and CLRA claims. The Court finds Plaintiffs’ judicial estoppel arguments fail to address the dispositive issue before the Court — the applicability and enforceability of the choice-of-law provisions.

In pertinent part, the PSN User Agreement states: “Except as otherwise required by applicable law, this Agreement shall be construed and interpreted in accordance with the laws of the State of California applying to contracts fully executed and performed within the State of California.” (Doc. No. 94-2, Ex. A at 9.) Similarly, the SOE User Agreement states: “This Agreement is governed in all respects by the substantive laws of the State of California and of the United States of America.” (Doc. No. 135-2, Ex. 1 at 32.) Therefore, based on the unambiguous language set forth above, the Court finds each of Plaintiffs’ breach of warranty claims is potentially subject to dismissal under the choice-of-law clauses, subject only to the enforceability of the provisions under applicable law. See, e.g., Wolph v. Acer Am. Corp., 272 F.R.D. 477, 485 (N.D.Cal.2011).

To determine the enforceability of the choice-of-law clauses in the PSN and SOE User Agreements, the Court employs a two-step process. First, the Court must decide which forum’s choice-of-law rules apply; and second, the Court must decide whether the choice-of-law clauses are enforceable in each of the selected forum(s). Under the first determination, courts generally apply the choice-of-law rules of the forum in which the action is currently pending, which in this case would be California. See Klaxon Co. v. Stentor Elec. Mfg., Co., 313 U.S. 487, 496, 61 S.Ct. 1020, 85 L.Ed. 1477 (1941). However, because the JPML transferred the instant litigation to this Court pursuant to 28 U.S.C. § 1407, the Court must apply the choice-of-law rules of each state where the individual actions were originally filed. (Doc. No. 1.) See, e.g., In re Toyota Motor Corp. Unintended Acceleration Mktg., Sales Practices, & Prods. Liab. Litig., 785 F.Supp.2d 925, 929 (C.D.Cal.2011) (stating that although the cases in multidistrict litigation are before one court in one jurisdiction, they have been “effectively consolidated for pretrial purposes, the cases retain separate and distinct identities in preparation for their eventual return to their home states.”); In re Nucorp Energy Sec. Litig., 772 F.2d 1486, 1492 (9th Cir.1985). Although this would normally be an arduous task, properly conducted by the parties rather than the Court, the Court finds further briefing on the issue unnecessary. Each of the cases filed by the eleven named Plaintiffs were originally filed in California.²⁶ Accordingly, the Court employs California choice-of-law rules to determine the enforceability of the provisions.

a. Enforceability Under California Law

In deciding whether to enforce a contractual choice-of-law provision, California applies the Restatement (Second) Conflict of Laws Section 187, “which reflects a strong public policy favoring enforcement of such provisions.” ABF Capital Corp. v. Osley, 414 F.3d 1061, 1065 (9th Cir.2005) (quoting Hambrecht & Quist Venture Partners v. Am. Med. Int’l, Inc., 38 Cal.App.4th 1532, 1544, 46 Cal.Rptr.2d 33 (Cal.Ct.App.1995)). Under Section 187, a court must first determine: “(1) whether [California] has a substantial relationship to the parties or the transaction, or (2) whether there is any other reasonable basis for the parties’ choice-of-law.” ABF Capital Corp., 414 F.3d at 1066; see also Nedlloyd Lines B.V. v. Super. Ct., 3 Cal.4th 459, 465, 11 Cal.Rptr.2d 330, 834 P.2d 1148 (Cal.1992). If the court finds either condition has been met, California law will apply unless it is contrary to a fundamental policy of the state selected by the aggrieved party. Nedlloyd, 3 Cal.4th at 466, 11 Cal.Rptr.2d 330, 834 P.2d 1148.

Here, although neither party analyzed whether the choice-of-law clauses in the PSN and SOE User Agreements are enforceable under Section 187, the allegations set forth in the FACC are sufficient to enable the Court to make this determination without further briefing. The FACC alleges that: (1) SCEA is a Delaware limited liability company with its principal place of business in Foster City, California, (FACC ¶ 30); (2) SNEA is a Delaware corporation that conducts business in California, (Id. at ¶ 31); (3) SNEI is a Delaware limited liability company with its principal place of business in Los Angeles, California, (Id. at ¶ 32); and (4) SOE is a Delaware limited liability company that has its principal place of business in Ter-man Court, San Diego, (Id. at ¶ 33). Therefore, because three of the four Sony Defendants (SCEA, SNEI, and SOE) have their principal place of business in California and the remaining Sony Defendant (SNEA) conducts business in the state of California, the Court finds California has a substantial relationship to the parties. See, e.g., Ruiz v. Affinity Logistics Corp., 667 F.3d 1318, 1323 (9th Cir.2012) (“A substantial relationship exists where one of the parties is domiciled or incorporated in the chosen state.”); PAE Gov’t Servs., Inc. v. MPRI, Inc., 514 F.3d 856, 860 (9th Cir.2007) (finding Virginia had a substantial relationship to one of the parties because the party had its principal place of business in Virginia).

Finding the first condition met, i.e., that California has a substantial relationship to the parties, the Court next determines whether California express warranty law is contrary to a fundamental policy of Florida, Michigan, Missouri, New York, New Hampshire, Ohio, or Texas express warranty law. The Court finds no conflict. In order to assert a claim for breach of warranty under California, Florida, Michigan, Missouri, New York, New Hampshire, Ohio, or Texas law a plaintiff must allege that: (1) the seller made a promise; (2) the buyer relied upon the seller’s promise; (3) the seller’s promise later turned out to be false; and (4) the plaintiff suffered injury as a result.²⁷ Each state also requires a buyer to provide notice to the seller before bringing a breach of warranty claim.²⁸

Therefore, based on the above, the Court finds the choice-of-law clauses in the PSN and SOE User Agreements enforceable and each of the warranty claims not alleged under California law should be dismissed. Moreover, because Plaintiffs did not bring express warranty claims under California law, did not address Sony’s contentions that a California breach of express warranty claim would nonetheless fail as a matter of law, and explicitly alleged that California law should be applied to each of their claims pursuant to the PSN and SOE User Agreements (FACC ¶ 145), the Court GRANTS Sony’s motion to dismiss each of the express warranty claims without leave to amend. See Civ. L.R. 7.1.f.S.b (“The opposition shall contain a brief and complete statement of all reasons in opposition to the position taken by the movant, an answering memorandum of all points and authorities, and copies of all documentary evidence which the party in opposition relies.”); Missud v. Oakland Coliseum Joint Venture, No. 12-02967 JCS, 2013 WL 3286193, at *11 (N.D.Cal. June 27, 2013) (dismissing claim without leave to amend on the basis that further amendment would be futile in light of the opposing parties failure to address the moving parties’ arguments).

D. Breach of Implied Warranty

Plaintiffs’ breach of implied warranty claims can be categorized into two subgroups — common law claims and statutory claims. Plaintiffs assert common law implied warranty claims under Florida law (Count 8), Michigan law (Count 18), Missouri law (Count 25), and New York law (Count 35), (FACC ¶¶ 228-233, 294-299, 340-345, 410-415), and statutory implied warranty claims under Massachusetts law (Count 12), New Hampshire law (Count 30), and Texas law (Count 46), (Id. at ¶¶ 250-255, 377-382, 473-478). Each common law implied warranty claim alleges that Sony impliedly represented and warranted that Sony Online Services provided adequate network security, when in fact, Sony knew its network security was inadequate and vulnerable to intrusion. (Id. at ¶¶ 229-230, 295-296, 341-342, 411-412.) Similarly, each statutory implied warranty claim alleges that by creating, marketing, and selling PS3s, PSPs, and Sony Online Services, Sony impliedly represented and warranted that Sony Online Services and/or the Network were merchantable, fit for their intended purposes, and provided adequate security for Plaintiffs’ Personal Information. (Id. at ¶¶ 252, 378, 474.)

Sony moves to dismiss each implied warranty claim on the basis that: (1) Plaintiffs have not alleged a cognizable injury; (2) the common law claims fail because there is an express agreement between the parties governing the exact warranties at issue; (3) the statutory claims fail because network services are not “goods” as defined under the Uniform Commercial Code (“UCC”); and (4) the implied warranties were expressly disclaimed and/or expressly limited by clear and conspicuous language in the PSN User Agreement.²⁹ (Doc. No. 135 at 26-30.) The Court finds Sony’s second, third, and fourth arguments fatal to Plaintiffs’ claims, and therefore does not address Sony’s remaining argument.³⁰

1. Common Law Implied Warranties

First, Sony contends each common law implied warranty claim should be dismissed because implied terms are disfavored under common law where the parties have a written agreement that covers the exact terms at issue. Therefore, Sony argues the Florida, Michigan, Missouri, and New York implied warranty claims should be dismissed because they are based on the same factual allegations as Plaintiffs’ Florida, Michigan, Missouri, and New York express warranty claims. (Compare FACC ¶¶ 229, 295, 341, 411 with ¶¶ 223, 289, 335, 405.) Assuming without deciding that Plaintiffs would be permitted to pursue their implied warranty claims in the alternative to their breach of express warranty claims, as set forth below, the Court finds Plaintiffs’ common law implied warranty claims are subject to dismissal based on the disclaimer in the PSN User Agreement and the PSN Privacy Policy. (Doc. No. 94, Ex. A at 9, PSN User Agreement; Doc. No. 94, Ex. C at 4, PSN Privacy Policy.)

2. Disclaimer of Implied Warranties

Second, as a general rule, statutory and common law implied warranties can be disclaimed by conspicuous language in a contract presented to the consumer at the time of the transaction.³¹ Here, before registering for the PSN, each Plaintiff was required to consent to the PSN User Agreement and the PSN Privacy Policy. (FACC ¶¶ 40, 56, 57.) In pertinent part, the PSN User Agreement contained the following disclaimer:

16. WARRANTY AND DISCLAIMER AND LIMITATION OF LIABILITY

No warranty is given about the quality, functionality, availability or performance of Sony Online Services or any content or service offered on or though Sony Online Services. All services and content are provided “AS IS” and “AS AVAILABLE” with all fault. SNEA does not warrant that the service and content will be uninterrupted, error-free or without delays. In addition to the limitations of liability in merchantability, warranty of fitness for a particular purpose and warranty of non-infringement, SCEA assumes no liability for any inability to purchase, access, download or use any content, data, or service.

(Doc. No. 94, Ex. A at 9.) Although not labeled as a disclaimer, the PSN Privacy Policy contained similar admonitory language regarding the adequacy of Sony’s network security:

Accuracy & Security

We take reasonable measures to protect the confidentiality, security, and integrity of the personal information collected from our website visitors ... Unfortunately, there is no such thing as perfect security. As a result, although we strive to protect personally identifying information, we cannot ensure or warrant the security of any information transmitted to us through or in connection with our websites, that we store on our systems or that is stored on our service providers’ systems.

(Doc. No. 94, Ex. C at 4.) Based on the above, both parties agree that Florida, Michigan, Missouri, New York, New Hampshire, and Texas law each allow a party to waive implied warranties, but waiver of implied warranties is prohibited under Massachusetts law.³²

a. Florida, Michigan, Missouri, New York, New Hampshire, and Texas Implied Warranty Claims

Although the parties agree that Florida, Michigan, New York, New Hampshire, and Texas law permit the waiver of implied warranties, the parties disagree over whether the waiver was effective because it was made at the time Plaintiffs registered for the PSN and not at the time Plaintiffs purchased their Consoles. To the extent the waiver is ineffective, the parties also disagree over whether the limitation of damages provision is unconscionable. (Doc. No. 94, Ex. A at 9.)

After a review of the parties’ respective arguments, the Court finds the waiver effective. Plaintiffs’ contentions that the waiver was ineffective because it was made at the time Plaintiffs registered for the PSN and not at the time Plaintiffs purchased their Consoles is nonsensical, and representative of Plaintiffs’ continued attempts to bootstrap the purchase of a PSP or PS3 with registration for free PSN access. The FACC clearly alleges that Sony breached both common and statutory implied warranties by representing and warranting that Sony Online Services and/or the Network would provide adequate security for Plaintiffs’ Personal Information, when in fact, Sony knew its security was inadequate. (FACC ¶¶ 229, 295, 341, 378, 411, 474.) Thus, although Plaintiffs try to allege that the disclaimer in the PSN User Agreement and/or the PSN Privacy Policy was ineffective because it was not made at the time Plaintiffs purchased their Consoles, each implied warranty claim explicitly alleges that Sony Online Services and/or the Network — not Plaintiffs’ Consoles — failed to function as warranted. (Id.) This inconsistency in the FACC is further supported by the fact that Plaintiffs continue to rely on representations and warranties contained in the PSN User Agreement and the PSN Privacy Policy to support their claims, both of which were presented to Plaintiffs after they purchased their Consoles and before registering for free PSN access. Therefore, the Court finds the disclaimer effective because it was made at the time Plaintiffs bargained for free PSN access. See Bowdoin v. Showell Growers, Inc., 817 F.2d 1543, 1545, 1546 n. 11 (11th Cir.1987) (observing that courts generally hold pre-sale disclaimers effective and collecting cases from state courts that conclude a post-sale disclaimer is not effective).

Finding the disclaimer applicable, the Court now examines the language of the disclaimer to determine the reach and effect of the disclaimer. As stated above, the PSN User Agreement states that “[a]ll services and content are provided ‘AS IS’ and ‘AS AVAILABLE’ with all faults.”³³ (Doc. No. 94, Ex. A at 9.) The disclaimer also states that “any implied warranty of merchantability, warranty of fitness for a particular purpose^] and warranty of non-infringement” was expressly disclaimed. (Id.) Similarly, the PSN Privacy Policy states that Sony does not “ensure or warrant the security of any information” transmitted to Sony over the network. (Doc. No. 94, Ex. C at 6.)

Therefore, based on the disclaimer and admonitory language in the PSN User Agreement and the PSN Privacy Policy, the Court finds the language clear and conspicuous. Read in conjunction, both documents explicitly disclaimed any and all claims arising under the implied warranty of merchantability, disclaimed any and all claims arising under the implied warranty of fitness for a particular purpose, stated in all caps that Sony Online Services would be provided “AS IS” and “AS AVAILABLE,” and informed consumers that Sony was not warranting the security of consumer personal information transmitted to Sony via the network. See, e.g., Rudy’s Glass Constr. Co. v. E.F. Johnson Co., 404 So.2d 1087, 1090 (Fla.Dist.Ct.App. 1981) (finding disclaimer set forth in a separate paragraph titled “Disclaimer of Warranties” and in a larger or contrasting font conspicuous); U.S. Fibres, Inc. v. Proctor & Schwartz, Inc., 509 F.2d 1043, 1047 (6th Cir.1975) (applying Michigan law); Chase Resorts, Inc. v. Johns-Manville Corp., 476 F.Supp. 638, 638 (E.D.Mo.1979) aff'd, 620 F.2d 203 (8th Cir.1980); Commc’ns Grps., Inc. v. Warner Commc’ns, Inc., 138 Misc.2d 80, 527 N.Y.S.2d 341, 346 (N.Y.Civ.Ct.1988); Dana Commercial Credit Corp. v. Hanscom’s Truck Stop, Inc., 141 N.H. 131, 679 A.2d 570, 571 (1996); Arkmight-Boston Mfrs. Mut. Ins. Co. v. Westinghouse Elec. Corp., 844 F.2d 1174, 1183 (5th Cir.1988) (applying Texas law). Accordingly, based on the disclaimer in the PSN User Agreement and the PSN Privacy Policy, the Court GRANTS Sony’s motion to dismiss the Florida, Michigan, Missouri, New York, New Hampshire, and Texas implied warranty claims without leave to amend,

b. Massachusetts Implied Warranty Claim

Finally, although the Massachusetts implied warranty claim cannot be disclaimed, the claim is nonetheless subject to dismissal under the UCC. See Mass. Gen. Law § 2-316A. Under Section 2 of the UCC, the implied warranty of merchantability and fitness for a particular purpose only applies to “transactions in goods.” Mass. Gen. Law § 2-102. The UCC defines “Goods” as “all things ... which are movable at the time of identification to the contract for sale.” Mass. Gen. Law § 2-105(1). The rendition of services is not covered by Section 2. See White v. Peabody Constr. Co., 386 Mass. 121, 434 N.E.2d 1015, 1021 (1982). However, if a contract involves the sale of both goods and services, the court must consider whether the predominant factor, thrust, or purpose of the contract is: (1) “the rendition of [a] service, with goods incidentally involved (e.g., contract with artist for painting);” or (2) “is a transaction of sale, with labor incidentally involved (e.g., installation of a water heater in bathroom).” Bonebrake v. Cox, 499 F.2d 951, 960 (8th Cir.1974).

Here, Plaintiffs allege that by “creating, marketing, and selling PS3s, PSPs, and Sony Online Services,” Sony “impliedly represented and warranted that the Network was merchantable, fit for its intended purposes, and provided adequate security.” (FACC ¶ 252.) Plaintiffs then define the “Network” as Sony’s computer systems, servers, and databases. (Id. at ¶ 4.) Therefore, based on Plaintiffs’ own allegations, Plaintiffs allege that the “Network,” i.e., Sony’s computer systems, servers, and/or databases were not merchantable or fit for their intended purposes— not Plaintiffs’ Consoles. Thus, because network services are not subject to the UCC because they are not physically “movable at the time of identification to the contract,” nor could PSN access be considered a good because it was offered free of charge, the Court finds Plaintiffs’ claim is barred by the UCC.³⁴ Mass. Gen Law. § 2-105(1). Moreover, although Plaintiffs attempt to argue that this was a mixed transaction, because the purchase of a Console was a necessary prerequisite to obtain free PSN services, the Court is not persuaded. To the extent this was a mixed transaction, the trust or purpose of the contract was to provide free PSN access, with goods, i.e., the Console, incidentally involved. See, e.g., Bonebrake, 499 F.2d at 960; Ogden Martin Sys. of Indianapolis, Inc. v. Whiting Corp., 179 F.3d 523, 530 (7th Cir.1999) (“As the party seeking the benefit of the UCC, Whiting bears the burden of establishing that the predominant thrust of the transaction was for goods and only incidentally for services.”).

Accordingly, based on the disclaimer in the PSN User Agreement, the admonitory language in the PSN Privacy Policy, and Plaintiffs’ failure to show that their Massachusetts statutory implied warranty claim falls within the purview of the UCC, the Court GRANTS Sony’s motion to dismiss the Florida, Michigan, Missouri, New York, New Hampshire, Texas, and Massachusetts implied warranty claims without leave to amend. See Pedigo v. Cnty. of L.A., 24 Fed.Appx. 779, 785 (9th Cir.2001) (“[A] district court does not abuse its discretion in denying leave to amend where the proposed amendment would be futile or where the amended complaint would not withstand a motion to dismiss.”).

E. Unjust Enrichment Claims

Plaintiffs assert unjust enrichment claims under Florida law (Count 10), Massachusetts law (Count 13), Michigan law (Count 21), Missouri law (Count 23), New Hampshire law (Count 32), New York law (Count 36), Ohio law (Count 39), and Texas law (Count 48). (FACC ¶¶ 239-243, 256-261, 310-313, 329-333, 388-392, 416-420, 432^435, 484-488.) Each cause of action essentially alleges that Plaintiffs conferred benefits on Sony by purchasing, registering with, and/or sending their Personal Information to Sony Online Services, and that Sony was unjustly enriched in retaining revenues derived from these benefits. (Id. at ¶¶ 240-241, 257, 259, 311-312, 330-331, 389-390, 433-434, 485-486.) Sony moves to dismiss each claim on the basis that: (1) Plaintiffs cannot assert claims for unjust enrichment claims because an express contract governs the same subject matter at dispute between the parties; and (2) Plaintiffs have failed to allege a benefit conferred upon Sony that was wrongly retained.³⁵

In response, Plaintiffs contend their unjust enrichment claims are properly plead in the alternative to their breach of contract claims. The Court, however, does not agree. Under Florida, Massachusetts, Michigan, Missouri, New Hampshire, New York, Ohio, and Texas law a plaintiff may not recover for unjust enrichment where a “valid, express contract governing the subject matter of the dispute exists.” Coghlan v. Wellcraft Marine Corp., 240 F.3d 449, 454 (5th Cir.2001) (applying Texas law).³⁶ Here, neither party contests the validity of the PSN/SOE User Agreements and the PSN/SOE Privacy Policies, and Plaintiffs rely on these exact agreements to support their allegations. Therefore, because Plaintiffs do not argue that the agreements are somehow invalid or otherwise unenforceable, Plaintiffs are not permitted to plead unjust enrichment as an alternative to breach of contract claims.³⁷ Accordingly, the Court GRANTS Sony’s motion to dismiss the Massachusetts, Texas, Florida, Missouri, New Hampshire, New York, Ohio, and Michigan law unjust enrichment claims without leave to amend. See Netbula, LLC v. Distinct Corp., 212 F.R.D. 534, 539 (N.D.Cal.2003) (discussing futility of amendment when considering whether to grant leave to amend).

F. Consumer Protection Claims

Plaintiffs assert consumer protection claims under the California Unfair Competition Law (“UCL”) (Count 1), the California False Advertising Law (“FAL”) (Count 2), the California Consumer Legal Remedies Act (“CLRA”) (Count 3), the Florida Deceptive and Unfair Trade Practices Act (“FDUTPA”) (Count 6), the Michigan Consumer Protection Act (“MCPA”) (Count 16), the Missouri Merchandising Practices Act (“MMPA”) (Count 22), the New Hampshire Consumer Protection Act (“NHCPA”) (Count 28), the New York Deceptive Practices Act (“NYDPA”) (Count 33), the Ohio Consumer Sales Practices Act (“OCSPA”) (Count 37), the Ohio Deceptive Trade Practices Act (“ODTPA”) (Gount 38), and the Texas Deceptive Trade Practices Act- (“TDTPA”) (Count 44). On October 24, 2013, the Court ordered supplemental briefing on the FDUTPA, MCPA, MMPA, NHCPA, NYDPA, OCS-PA, and the TDTPA causes of actions. (Doc. No. 159.) Because consumer protection claims are a “creature of the state in which they are fashioned,” the Court separately addresses the sufficiency of each claim. See Mazza v. Am. Honda Motor Co., 666 F.3d 581, 591 (9th Cir.2012).

1. California Consumer Protection Claims

Plaintiffs’ first three causes of action allege Sony violated California’s, consumer protection statutes — the UCL, the FAL, and the CLRA. (FACC ¶¶ 146-185.) Courts often analyze these statutes together because they share similar attributes. See, e.g., Paduano v. Am. Honda Motor Co., 169 Cal.App.4th 1453, 1468-73, 88 Cal.Rptr.3d 90 (Cal.Ct.App.2009) (analyzing UCL and CLRA claims together); Anunziato v. eMachines, Inc., 402 F.Supp.2d 1133, 1137 (C.D.Cal.2005) (analyzing UCL and FAL together). The UCL prescribes business practices that are “unlawful, unfair or fraudulent,” Cal. Bus. & Prof.Code §. 1720.0, the FAL prohibits the dissemination of any advertising “which is untrue or misleading,” Cal. Bus. & Prof.Code § 17500, and the CLRA declares specific acts and practices in the sale of goods or services to be -unlawful, including making affirmative misrepresentations or omissions regarding the “standard, quality, or grade” of a particular good or service, Cal. Civ.Code § 1770(a). Under the UCL and FAL a plaintiff may only recover restitution and injunctive relief, whereas a plaintiffs recovery under the CLRA is not so limited. See In re Vioxx Class Cases, 180 , 103 Cal.Rptr.3d 83 (Cal.Ct.App.2009) (UCL and FAL); Cal. Civ.Code § 1780(a)(1) (stating that the CLRA allows actual and punitive damages). Sony moves to dismiss the UCL, FAL, and CLRA claims on the basis that: (1) Plaintiffs do not have standing; (2) Plaintiffs have failed to plead unlawful, unfair, deceptive, or unconscionable conduct; (3) Plaintiffs have failed to plead any basis for restitution or injunctive relief under the UCL and FAL; and (4) the CLRA is inapplicable to the transactions at issue. Each is discussed in turn.

a. Standing Under the UCL, FAL, and CLRA

First, Sony contends Plaintiffs do not have standing under the UCL, FAL, or CLRA because the alleged misrepresentations and/or omissions did not result in a cognizable injury. As stated in the Court’s prior order, standing under the UCL and FAL is limited to individuals who can “(1) establish a loss or deprivation of money or property sufficient to qualify as injury in fact, i.e., economic injury, and (2) show that the economic injury was the result of, i.e., caused by, the unfair business practice or false advertising that is the gravamen of the claim.” Kwikset Corp. v. Super. Ct., 51 Cal.4th 310, 322, 120 Cal.Rptr.3d 741, 246 P.3d 877 (Cal.2011) (holding that the UCL and FAL standing requirements are identical); Cal. Bus. & Prof.Code §§ 17204 (UCL), 17535 (materially identical standard under the FAL); Hinojos v. Kohl’s Corp., 718 F.3d 1098, 1104 (9th Cir.2013). A plaintiff need not allege eligibility for restitution to establish standing under UCL and FAL. Id. at 335-36. Similarly, to establish standing under the CLRA, a plaintiff must allege that the defendant’s conduct resulted in a “tangible increased cost or burden to the consumer.” Meyer v. Sprint Spectrum LP, 45 Cal.4th 634, 88 Cal.Rptr.3d 859, 200 P.3d 295, 301 (2009). This requires showing “not only that a defendant’s conduct was deceptive[,] but that the deception caused them harm.” In re Vioxx Class Cases, 180 Cal.App.4th at 129, 103 Cal.Rptr.3d 83.

Here, Plaintiffs allege they lost money or property under the UCL and FAL because: (1) they lost the unencumbered use of their passwords; (2) their passwords were obtained by a third party without their consent; (3) they were unable to access Sony Online Services during the time the PSN was temporarily disabled; (4) certain applications and products that can only be accessed via the network were rendered worthless during the brief interruption in PSN service; and (5) their Consoles diminished in value as a result of Sony’s failure to secure the network and/or the extended time during which the network was disabled. (FACC ¶¶ 157-158, 168-169.) With respect to the CLRA, Plaintiffs allege that they were harmed as a result of Sony’s unlawful conduct because their Personal Information was compromised, they now have an increased risk of future identity theft, they lost the unencumbered use of their passwords, and their passwords were disclosed to third parties without their consent. Plaintiffs also allege that they lost money or property under the CLRA because their Consoles diminished in value as a result of: (1) Sony’s failure to secure their Personal Information; (2) the brief interruption in PSN services; and (3) the diminished value of products and services that could not be accessed during the brief interruption in PSN service. Although the Court does not readdress Plaintiffs’ previously dismissed contentions that their Personal Information has independent monetary value, (Doc. No. 120 at 21:11-16), under the unusual circumstances presented here, the Court finds Plaintiffs’ amended allegations have satisfied the standing requirement under the UCL, FAL, and CLRA based on Sony’s alleged omissions at the point of purchase of Plaintiffs’ Consoles.

As an initial matter, neither party disputes that the PSN was offered to Plaintiffs free of charge or that Plaintiffs registered for the PSN after acquiring them Consoles. Nonetheless, the parties ardently dispute whether Plaintiffs have sufficiently alleged a loss of money or property and/or harm that was “caused by” Sony’s alleged unfair business practices or deceptive conduct. Throughout the FACC, Plaintiffs contend that access to the PSN and the corresponding ability to access the Internet via their Consoles was a key feature of Plaintiffs’ Consoles, and that had Sony disclosed that the PSN was not reasonably secure and/or that Sony did not use industry-standard encryption to secure Plaintiffs’ Personal Information, Plaintiffs would not have purchased their Consoles and/or would not have paid as much for their Consoles.³⁸ In response, Sony contends that Plaintiffs cannot plausibly allege that they relied on Sony’s alleged misrepresentations because each of the alleged representations were contained in the PSN User Agreement and/or the PSN Privacy Policy, both of which were presented to Plaintiffs after they purchased their Consoles. As a result, Sony argues the alleged misrepresentations and/or deceptive conduct could not have plausibly caused Plaintiffs harm.

Although the Court agrees with Sony, that Plaintiffs cannot plausibly rely on alleged misrepresentations contained within the PSN User Agreement and/or the PSN Privacy Policy, as these representations were presented to Plaintiffs after they purchased their Consoles, Sony’s arguments fail to address Plaintiffs’ fraudulent omission contentions. As set forth by the California Supreme Court in Kwikset v. Superior Court, 51 Cal.4th 310, 323, 120 Cal.Rptr.3d 741, 246 P.3d 877 (Cal.2011), economic injury may result from unfair competition if a plaintiff; “(1) surrender^] in a transaction more, or ae-quire[s] in a transaction less[ ] than he or she otherwise would have; (2) [has] a present or future property interest diminished; (3) [is] deprived of money or property to which he or she has a cognizable claim; or (4) [is] required to enter into a transaction, costing money or property, that would otherwise have been unnecessary.” As a result, to the extent a consumer has “paid more for a product than he or she otherwise might have been willing to pay if the product had been labeled accurately,” the consumer has lost money or property regardless of whether the court “might objectively view the products as functionally equivalent.” Id. at 329, 120 Cal.Rptr.3d 741, 246 P.3d 877. This reasoning holds true whether the plaintiffs claim is based on affirmative misrepresentations or omissions. See, e.g., Daugherty v. Am. Honda Motor Co., Inc., 144 Cal. App.4th 824, 835, 51 Cal.Rptr.3d 118 (Cal.Ct.App.2006) (stating that omissions are actionable under the CLRA if the omission is “contrary to a representation actually made ... [or] a fact the defendant was obliged to disclose”); Tait v. BSH Home Appliances Corp., No. 10-00711, 2011 WL 3941387, at *2 (C.D.Cal. Aug. 31, 2011).

Therefore, although this is not a false advertising case, which was acknowledged by Plaintiffs at the October 18, 2013 motion hearing, In re Tobacco II, 46 Cal.4th 298, 328, 93 Cal.Rptr.3d 559, 207 P.3d 20 (Cal.2009), is nonetheless instructive — a plaintiff alleging standing under the UCL, FAL, and CLRA need only allege that the defendant’s conduct, whether it be an affirmative misrepresentation or an actionable omission, was an “immediate” cause and not the “sole” cause of the plaintiffs injury. As a result, because Plaintiffs have alleged that Sony omitted material information regarding the security of Sony Online Services, and that this information should have been disclosed to consumers at the time consumers purchased their Consoles, the Court finds Plaintiffs have sufficiently alleged a loss of money or property “as a result” of Sony’s alleged unfair business practices. See, e.g., Mirkin v. Wasserman, 5 Cal.4th 1082, 1093, 23 Cal.Rptr.2d 101, 858 P.2d 568 (Cal.1993) (stating that omitted information is material if a plaintiff can allege that “had the omitted information been disclosed, one would have been aware of it and behaved differently”); Falk v. Gen. Motors Corp., 496 F.Supp.2d 1088, 1095 (N.D.Cal.2007) (stating that materiality is viewed from the prospective of the reasonable consumer); Donohue v. Apple, Inc., 871 F.Supp.2d 913, 921 (N.D.Cal.2012) (stating that the plaintiff satisfied the causation requirement by pleading that he would not have purchased the product and or would have asked for a timely refund had he known certain material facts). Accordingly, the Court DENIES Sony’s motion to dismiss the UCL, FAL, and CLRA claims based on Plaintiffs’ failure to allege standing.

b. Failure to Allege Unlawful, Unfair, or Deceptive Conduct

Second, even if Plaintiffs have standing to assert claims under the UCL, FAL, and CLRA, Sony contends each claim should be dismissed because Plaintiffs have faded to allege unlawful, unfair, or deceptive conduct in compliance with Rule 9(b). Under Rule 9(b), allegations sounding in fraud “must state with particularity the circumstances constituting fraud or mistake.” Fed.R.Civ.P. 9(b). Where claims allege a “unified course of fraudulent conduct and rely entirely on that course of conduct as the basis of that claim, ... the claim is said to be ‘grounded in fraud’ or to ‘sound in fraud,’ and the pleading ... as a whole must satisfy the particularity requirement of Rule 9(b).” Kearns, 567 F.3d at 1126 (applying Rule 9(b) standard to uphold dismissal of UCL and CLRA claims that Ford Motor Company and its “co-conspirator” dealerships knowingly misrepresented to the public that certain vehicles were “safer and more reliable”).

Here, Plaintiffs’ UCL, FAL, and CLRA claims each allege the same factual basis for relief.³⁹ Plaintiffs contend that: (1) Sony failed to take reasonable precautions and/or use industry-standard encryption to protect Plaintiffs’ Personal Information, (FACC ¶¶ 149, 163, 178); (2) Sony was aware that its security systems were inadequate and failed to rectify these shortcomings, (Id. at ¶¶ 149, 163, 175); (3) Sony misrepresented that access to the PSN was a feature of PSPs and PS3s, (Id. at ¶¶ 151, 164, 180); (4) Sony misrepresented that online connectivity and the corresponding ability to connect to Sony Online Services and Third Party Services was a feature of PSPs and PS3s, (Id. at ¶¶ 152, 165, 180); (5) Sony’s omitted material information regarding the security of the PSN, (Id. at ¶¶ 155, 163, 175); and (6) Sony’s conduct was unlawful because it violated the FAL, CLRA, DBA, and Sony’s own Privacy Policies, (Id. at ¶ 153). Plaintiffs also allege that Sony’s acts, omissions, and misrepresentations induced Plaintiffs to purchase their Consoles, register for the PSN, provide their Personal Information to Sony, and purchase content from the Playstation Store. (Id. at ¶¶ 156, 166, 179). Accordingly, the Court finds each claim “sounds in fraud” and Plaintiffs must plead their misrepresentation and omission claims under the UCL, FAL, and CLRA with particularity under Rule 9(b).⁴⁰ Kearns, 567 F.3d at 1126.

i. Fraud-Based Affirmative Misrepresentations

A plaintiff alleging fraudulent misrepresentations under the UCL, FAL, and CLRA must allege that he was exposed to the particular representation claimed to be deceptive. See, e.g., Baltazar v. Apple, Inc., No. CV-10-3231-JF, 2011 WL 588209, at *3-4 (N.D.Cal. Feb. 10, 2011); Minnick v. Cleanuire US, LLC, 683 F.Supp.2d 1179, 1188 (W.D.Wash. 2010). This requires the plaintiff to identify the “ ‘the time, place, and content of the alleged fraudulent misrepresentation! ]; the identity of the person engaged in the fraud; and the circumstances indicating falseness’ or ‘the manner in which [the] representations were false and misleading.’ ” Gema v. Digital Link Coup., 25 F.Supp.2d 1032, 1038 (N.D.Cal.1997) (quoting In re GlenFed Sec. Litig., 42 F.3d 1541, 1547-58 n. 7 (9th Cir.1994)). Under all three statutes, conduct is deemed deceptive or misleading if the conduct is likely to deceive a reasonable consumer. See Williams v. Gerber Prods. Co., 552 F.3d 934, 938 (9th Cir.2008). Although this determination is generally fact intensive, courts have granted motions to dismiss under the UCL, FAL, and CLRA on the basis that the alleged misrepresentations were not false, misleading, or deceptive as a matter of law. See, e.g., Freeman v. Time, Inc., 68 F.3d 285, 290 (9th Cir.1995) (stating that when the flyer was read as a whole, including the qualifying language, the plaintiffs allegation that a particular statement was deceptive was dispelled); Haskell v. Time, Inc., 857 F.Supp. 1392, 1398 (E.D.Cal.1994) (stating that “statements, in context, are not misleading. It is clear from the exemplar that no reasonable addressee could believe that the mailing announced that the addressee was already the winner .... ”).

Here, Plaintiffs allege that Sony: (1) misrepresented that access to the PSN was a feature of PSPs and PS3s; (2) misrepresented that online connectivity and the corresponding ability to access Sony Online Services and Third Party Services was a feature of PSPs and PS3s; (3) misrepresented the characteristics and quality of Sony’s network security; (4) misrepresented that Sony uses “reasonable measures to protect the confidentiality, security, and integrity of the personal information collected from [its] website visitors;” and (5) misrepresented that Sony maintains security measures “to protect the loss, misuse, and alteration of’ consumer Personal Information. (FACC ¶¶ 151-152, 164-165, 177, 180.) Sony contends each of Plaintiffs’ misrepresentation claims should be dismissed because Plaintiffs have failed to plead actionable misrepresentations and/or causation.

As stated in the Court’s prior order, Plaintiffs’ first two contentions are without merit. No reasonable consumer would believe that Sony’s representations regarding the network were meant to promise continued and uninterrupted access to Sony Online Services and/or that Sony was providing uninterrupted access to the PSN. (Doc. No. 120 at 26-27.) However, notwithstanding the Court’s prior order, Plaintiffs continue to advance these same misrepresentation contentions in the FACC. For example, the FACC points to two Internet links where Plaintiffs allege Sony misrepresented that PSN access and online connectivity were" features of the PS3.⁴¹ However, neither of these links represent that Sony promised continuous and uninterrupted service, and the first link (regarding PSN access) directs consumers to the PSN User Agreement and the PSN Privacy Policy, both of which inform consumers that Sony “does not warrant that the service and content will be uninterrupted, error-free, or without delays.” (Doc. No. 94-2, Ex. A at 9.) Therefore, although Sony represented that access to the PSN and online connectivity were features of Sony Consoles, Sony also informed consumers that continuous PSN access and/or Internet connectively was not guaranteed without interruption. Accordingly, similar to Freeman v. Time, wherein the Ninth Circuit held that the defendant’s alleged misrepresentations were not misleading as a matter of law, here the PSN User Agreement clearly stated that access to the PSN and online connectivity may be interrupted. 68 F.3d at 290.

However, the Court finds Plaintiffs’ final two contentions are sufficiently plead. “Plaintiffs allege that Sony misrepresented that it would take “reasonable steps” to secure Plaintiffs’ Personal Information, and that Sony Online Services use[d] industry-standard encryption to prevent unauthorized access to sensitive financial information.” (Doc. No. 94-2, Ex. B at 6.) Although Sony seeks to combat these allegations by stating that Sony disclaimed any right to so-called “perfect security,” the Court agrees with Plaintiffs that whether or not Sony’s representations regarding “reasonable security” were deceptive, in light of Sony’s additional representations regarding “industry-standard” encryption, are questions of fact not suitable for disposition on a motion to dismiss. Thus, because Sony made competing, potentially ambiguous representations, the Court cannot find the representations were are not deceptive as a matter of law. See Lavie v. Procter & Gamble Co., 105 Cal.App.4th 496, 508, 129 Cal.Rptr.2d 486 (Cal.Ct.App.2003) (“A perfectly true statement couched in such a manner that it is likely to mislead or deceive the consumer, such as by failure to disclose other relevant information,” is actionable). This determination is more properly adjudicated after discovery regarding Sony’s use or non-use of industry-standard encryption. Accordingly, the Court GRANTS Sony’s motion to dismiss the UCL, FAL, and CLRA claims based on affirmative misrepresentations regarding Plaintiffs’ ability to access the PSN and connect to the Internet, and DENIES Sony’s motion to dismiss Plaintiffs’ claims based on affirmative misrepresentations contained within the PSN User Agreement and the PSN Privacy Policy regarding “reasonable security” and “industry-standard encryption.” (FACC ¶¶ 149-150,155,163,175.)

i. Fraud-Based Omissions

In addition to affirmative misrepresentations, the FACC now alleges fraud-based omission claims under the UCL, FAL, and CLRA. To be actionable under all three California consumer protections statutes, an omission must be “contrary to a representation actually made by the defendant, or an omission of a fact the defendant was obliged to disclose.” Daugherty, 144 Cal.App.4th at 835, 51 Cal. Rptr.3d 118. A duty to disclose may arise: (1) when the defendant is in a fiduciary relationship with the plaintiff; (2) when the defendant had exclusive knowledge of material facts not known to the plaintiff; (3) when the defendant actively conceals a material fact from the plaintiff; or (4) when the defendant makes partial representations but also suppresses some material fact. Falk, 496 F.Supp.2d at 1094-95 (citing LiMandri v. Judkins, 52 Cal. App.4th 326, 337, 60 CaI.Rptr.2d 539 (Cal. CLApp.1997)).

Here, Plaintiffs allege that Sony: (1) failed to tell consumers that it did not have reasonable and adequate safeguards in place to protect consumers’ confidential information; (2) failed to immediately notify members of the California subclass that the intrusion had occurred; and (3) omitted material facts regarding the security of its network, including the fact that Sony failed to install and maintain firewalls and utilize industry-standard encryption. Sony does not separately address Plaintiffs’ fraud-based omission claims. Rather, Sony contends Plaintiffs’ omission claims fail because Sony clearly disclosed the possibility of an intrusion. However, as discussed above with respect to statutory standing under the UCL, FAL, CLRA, the Court finds Plaintiffs’ fraud-based omission claims are sufficiently plead. Accordingly, the Court DENIES Sony’s motion to dismiss Plaintiffs’ claims under the UCL, FAL, and CLRA based on fraudulent omissions.

c. Restitution and Injunctive Relief Under the UCL and FAL

Third, Sony contends the UCL and FAL claims should be dismissed because Plaintiffs have failed to allege any basis for restitution and/or injunctive relief — the only two remedies allowed under the UCL and FAL. Although the Court previously dismissed Plaintiffs’ restitution claims with prejudice, Plaintiffs’ amended allegations have persuaded the Court to reconsider its prior ruling. (Doc. No. 120 at 29:4-30:3.) As set forth above, the FACC now clarifies that Plaintiffs seek restitution based on the fact that Sony benefitted financially from the' sale of PSPs and PS3s, which was made possible and enhanced by Sony’s fraudulent omissions. (Doc. 146 at 27:7-8.) Therefore, to the extent Plaintiffs’ can prevail on their fraud-based omission claims, the Court finds Plaintiffs may be able to recover the purchase price of their Consoles or a portion thereof. Accordingly, the Court DENIES Sony’s motion to dismiss Plaintiffs’ claims for restitution under the UCL and FAL.

However, with regard to Plaintiffs’ claims for injunctive relief under the UCL and FAL, the Court previously dismissed theses claims for failure to allege the specific relief sought. (Doc. No. 120 at 29:25-30:3.) Plaintiffs’ acknowledged this deficiency at the September 27, 2012 motion hearing, stating that amendment would allow Plaintiffs to correct the pleading error. Plaintiffs have failed to do so. Accordingly, the Court GRANTS Sony’s motion to dismiss Plaintiffs’ claims for injunctive relief without leave to amend. See Sisseton-Wahpeton Sioux Tribe of Lake Traverse Indian Res., N.D. & S.D. v. United States, 90 F.3d 351, 355-56 (9th Cir.1996) (stating that a district court does not abuse its discretion to dismiss a complaint without leave to amend if a plaintiff was previously given an opportunity to correct noted deficiencies).

d. Applicability of the CLRA

Finally, Sony contends Plaintiffs’ CLRA claim should be dismissed because it is inapplicable to the transactions at issue — registration for free PSN services. The Court previously dismissed the CLRA claim with leave to amend on these exact grounds, finding that the claim was specifically linked to Plaintiffs’ registration for the PSN, which is neither a good nor a service under the CLRA. However, as acknowledged above, the FACC now alleges liability under the CLRA based on omissions that occurred at the point of purchase of Plaintiffs’ Consoles. (FACC ¶ 176.) Daugherty, 144 Cal.App.4th at 835, 51 Cal.Rptr.3d 118 (stating that a “claim may be stated under the CLRA in terms constituting fraudulent omissions”); Herron v. Best Buy Co., 924 F.Supp.2d 1161, 1175 (E.D.Cal.2013) (stating that fraudulent omission claims apply equally to claims under the CLRA). Therefore, although the Court still finds Plaintiffs’ CLRA claim cannot proceed based on affirmative misrepresentations, because those relate solely to the PSN, the CLRA claim may proceed on the basis that Sony omitted material information regarding the security of the PSN at the time Plaintiffs purchased their Consoles. Accordingly, the Court DENIES Sony’s motion to dismiss the CLRA claim.

2. Florida Deceptive and Unfair Trade Practices Act

Count 6 is brought by Plaintiffs Lieberman and Schucher and alleges violation of the FDUTPA. (FACC ¶¶ 212-221.) The FDUTPA prohibits “[u]nfair methods of competition, unconscionable acts or practices, and unfair or deceptive acts or practices in the conduct of any trade or commerce.” Fla. Stat. § 501.204(1); see also Delgado v. J.W. Courtesy Pontiac GMC-Truck, Inc., 693 So.2d 602, 605-06 (Fla.1997) (discussing the purpose of the FDUTPA in light of its legislative history). Plaintiffs allege Sony violated the FDUT-PA by falsely representing the security of Sony Online Services and request injunc-tive relief, declaratory relief, actual damages, and attorneys’ fees and costs. See Fla. Stat. § 501.211(1) (injunctive and declaratory relief), § 501.211(2) (actual damages and attorney’s fees and court costs), § 501.2105 (attorney’s fees). Sony moves to dismiss the FDUTPA claim on the basis that Plaintiffs have failed to allege: (1) actual loss caused by Sony’s conduct; and (2) unfair or deceptive acts or practices entitling Plaintiffs to declaratory or injunc-tive relief. (Doc. No. 163 at 1-6.)

a. Actual Damages Caused by Sony’s Deceptive and Unfair Conduct

As an initial matter, Sony contends the FDUTPA claim should be dismissed because Plaintiffs have not alleged actual damages caused by Sony’s deceptive or unfair conduct. The Court agrees. To state a claim under the FDUTPA, a consumer must allege: “(1) a deceptive act or unfair practice; (2) causation; and (3) actual damages.” Rollins, Inc. v. Butland, 951 So.2d 860, 869 (Fla.Dist.Ct.App.2006), review denied, 962 So.2d 335 (Fla.2007); see also Virgilio v. Ryland Grp., Inc., 680 F.3d 1329, 1338 n. 25 (11th Cir.2012).⁴² Florida courts have defined “actual damages” as the “difference in the market value of the product or service in the condition in which it was delivered and its market value in the condition in which it should have been delivered according to the contract of the parties.” Rollins, Inc. v. Heller, 454 So.2d 580, 585 (Fla.Dist.Ct App.1984) (internal citations omitted); Butland, 951 So.2d at 869. “Nominal damages, speculative losses, or compensation for subjective feelings of disappointment” are not recoverable under the FDUTPA, Butland, 951 So.2d at 873, nor may a Plaintiff recover “consequential damages,” Urling v. Helms Exterminators, Inc., 468 So.2d 451, 454 (Fla.Dist.Ct. App.1985).

Here, Plaintiffs Lieberman and Schucher seek to recover: (1) the purchase price of their Consoles and/or the amount they overpaid for their Consoles; (2) monthly premiums paid for Third Party Services during the time Plaintiffs were unable to access these services via their Consoles; and (3) the value of them Personal Information that was wrongfully disclosed. As explained below, none of these injuries are “actual damages” recoverable under the FDUTPA. Fitzpatrick v. Gen. Mills, Inc., 263 F.R.D. 687, 695 (S.D.Fla.2010), vacated on other grounds, 635 F.3d 1279 (11th Cir.2011) (stating that although “subjective evidence of reliance” is not required, a plaintiff still must allege that “an objective reasonable person would have behaved” differently but for the alleged deceptive or unfair conduct).

First, although Plaintiffs’ supplemental brief contends that Plaintiffs suffered actual damages in the form of the purchase price of their Consoles, because they bargained for secure access to the PSN at the time they purchased their Consoles, the FACC does not support these contentions. (Doc. No. 164 at 5-7.) Rather, the FACC merely alleges that Plaintiffs were aggrieved by Sony’s deceptive and unfair conduct “in that they registered with, and sent their Personal Information[ ] to Sony Online Services after exposure to Defendants’ false and misleading representations regarding the security of Sony Online Services.” (FACC ¶ 218.) Nowhere does the FDUTPA claim allege that Plaintiffs would not have purchased their Consoles but for Sony’s alleged deceptive or unfair conduct. See, e.g., Pa. ex rel. Zimmerman v. Pepsi-Co, Inc., 836 F.2d 173, 181 (3d Cir.1988) (“[I]t is axiomatic that the complaint may not be amended by the briefs in opposition to a motion to dismiss.”).

Moreover, even if the Court were to entertain Plaintiffs’ unpled contentions, which it will not, Plaintiffs have failed to allege that an “objective reasonable person would have behaved” differently absent the alleged deceptive or unfair conduct. Fitzpatrick, 263 F.R.D. at 695. For example, although Plaintiffs allege that Sony misled consumers as to the security of Sony Online Services, and that this deceptive conduct induced consumers to purchase their Consoles, or to purchase Consoles at an inflated price, Plaintiffs concede that the alleged misrepresentations were contained in the PSN User Agreement and/or the PSN Privacy Policy — both of which were presented to consumers after they purchased their Consoles. As a result, Plaintiffs have failed to plausibly allege that the purchase price of their Console was an “actual damage” caused by Sony’s deceptive or unfair conduct. Cf. Smith v. Wm. Wrigley Jr. Co., 663 F.Supp.2d 1336, 1339-40 (S.D.Fla.2009) (allowing plaintiff to recover on a benefit of the bargain theory because the plaintiff alleged that they relied on the defendant’s representations, and as a result of the alleged misleading representations, the defendant was able to charge a price premium for the product).

Second, Plaintiffs allege that they suffered actual injury because they paid monthly premiums for Third Party Services and were unable to access these services during the brief interruption in PSN access. However, similar to the reasons sets forth above, these allegations fail to set forth a plausible claim for relief. Plaintiffs did not advance these damage theories in the FACC (with respect to the FDUTPA claim), nor would such allegations suffice had they been properly pled. For example, as stated by the court in Urling v. Helms Exterminators, Inc., 468 So.2d 451, 454 (Fla.Dist.Ct.App.1985), which considered on appeal whether the plaintiff had been awarded the proper measure of damages against a termite inspection company who issued a favorable report when no inspection had in fact been made, consequential damages are not permitted under the FDUTPA. Therefore, just as the plaintiff in Urling could not recover the cost of repairing extensive termite damage following the issuance of a fabricated termite report, here Plaintiffs are not permitted to recover monthly premiums paid to Third Party Services. See, e.g., Orkin Exterminating Co. v. Petsch, 872 So.2d 259, 263 (Fla.Dist.Ct.App.2004) (stating that the FDUTPA only permits a consumer to recover the “diminished value” of the good or service received, consequential damages are not recoverable); Kia Motors Am. Corp. v. Butler, 985 So.2d 1133, 1140 (Fla.Dist.Ct.App.2008) (finding that recovery of repair and replacement costs are not recoverable under the FDUTPA); Fla. Stat. § 501.212(3); In re Crown Auto Dealerships, Inc., 187 B.R. 1009, 1018 (Bankr.M.D.Fla.1995) (holding claimants entitled to no recovery where they failed to establish that they suffered actual damages as a result of the misrepresentations about the vehicles; claimants subjective feelings of disappointment are insufficient to form a basis of actual damages). The same could be said for any recovery based on the brief interruption in PSN access, as the PSN was provided free of charge and Sony clearly disclaimed any right to uninterrupted access. (Doc. No. 94-2, Ex. A at 9.)

Finally, although Plaintiffs’ third contention is supported by the FACC, in that the FACC alleges that Plaintiffs would not have sent their Personal Information to Sony had they known the truth regarding Sony’s network security, these allegations fail to allege “actual damages” under the FDUTPA. As stated by the court in Burrows v. Purchasing Power, LLC, No. 1:12-cv-22800-UU, 2012 WL 9391827, at *3 (S.D.Fla. Oct. 18, 2012), which considered whether the disclosure of the plaintiffs personal information without his consent gave rise to a claim under the FDUTPA, “[p]ersonal data does not have an apparent monetary value that fluctuates like the price of goods or services.” As a result, to the extent Plaintiffs are alleging an entitlement “to the value of their Personal Information,” but have not alleged a monetary loss relating to the disclosure of their Personal Information, these allegations fail under Florida law. See Himes v. Brown & Co. Secs. Corp., 518 So.2d 937, 938 (Fla.Dist.Ct.App.1987) (finding no recovery under FDUTPA for misleading and false advertisement where plaintiff sustained no out-of-pocket losses); Macias v. HBC of Fla., Inc., 694 So.2d 88, 90 (Fla. Dist.Ct.App.1997) (stating that to be entitled to any relief under FDUTPA the consumer must plead and prove he was aggrieved by the unfair and deceptive act.).

Therefore, the Court finds Plaintiffs have failed to allege “actual damages” flowing from Sony’s alleged deceptive or unfair misrepresentations, nor would further amendment correct these deficiencies. Accordingly, the Court GRANTS Sony’s motion to dismiss the FDUTPA claim seeking actual damages without leave to amend. See, e.g., Sisseton-Wahpeton Sioux Tribe, 90 F.3d at 356 (stating that the district court did not err in denying leave to amend because the plaintiff acknowledged that the claim was similar to claims previously asserted); Int’l Star Registry of Ill. v. Omnipoint Mktg., LLC, 510 F.Supp.2d 1015, 1024 (S.D.Fla.2007).

b. Deceptive or Unfair Conduct Warranting Declaratory and Injunctive Relief Under the FDUTPA

Next, Sony moves to dismiss the declaratory and injunctive relief claims on the basis that Plaintiffs have failed to allege deceptive or unfair conduct under the FDUTPA. Specifically, Sony contends Plaintiffs have failed to: (1) allege deceptive or unfair conduct with particularity under Rule 9(b); (2) plausibly allege how Sony’s representations were deceptive in light of the admonitory language in the PSN Privacy Policy; (3) show how Sony violated Fla. Stat. § 500.04 and 21 U.S.C. § 343 because both statutes pertain to misbranded food; and (4) allege how Sony’s conduct was unfair in light of the fact that Plaintiffs have not alleged a single instance of identity theft or unreim-bursed charges. The Court only addresses Sony’s second and fourth contentions.⁴³

Under the FDUTPA, a deceptive practice is one that is “likely to mislead” consumers, Davis v. Powertel, Inc., 776 So.2d 971, 974 (Fla.Dist.Ct.App.2000), and an unfair practice is one that “offends established public policy” or is “immoral, unethical, oppressive, unscrupulous or substantially injurious to consumers,” Samuels v. King Motor Co. of Fort Lauderdale, 782 So.2d 489, 499 (Fla.Dist.Ct.App.2001) (quoting Spiegel, Inc. v. Fed. Trade Comm’n, 540 F.2d 287, 293 (7th Cir.1976)). A plaintiff need not allege an entitlement to “actual damages” in order to seek in-junctive and/or declaratory relief under the FDUTPA, and must only allege a violation of the statute. See, e.g., Fla. Stat. § 501.211(1) (“[AJnyone aggrieved by a violation of this part may bring an action to obtain a declaratory judgment that an act or practice violates this part and to enjoin a person who has violated, is violating, or is otherwise likely to violate this part.”); Wyndham Vacation Resorts, Inc. v. Timeshares Direct, Inc., 123 So.3d 1149, 1152 (Fla.Dist.Ct.App.2012).

Therefore, although Sony contends that the representations in the PSN User Agreement and the PSN Privacy Policy could not have plausibly been deceptive or unfair in light of admonitory language in the PSN Privacy Policy, which disclaimed any right to so-called “perfect security,” Plaintiffs have refashioned their allegations to escape dismissal. As exemplified in the FACC and Plaintiffs’ opposition, Plaintiffs do not allege that Sony’s representations were deceptive because Sony promised perfect security (which was clearly disclaimed), Plaintiffs allege Sony violated the FDUTPA because Sony warranted that it would take “reasonable security” measures, including utilizing “industry-standard encryption”, but failed to do so. (FACC ¶¶ 3, 57, 62, 88, 97.) Thus, as discussed above, Plaintiffs have raised an issue of fact as to whether Sony’s representations, when viewed as a whole, were deceptive.⁴⁴ See Siever v. BWGaskets, Inc., 669 F.Supp.2d 1286, 1293 (M.D.Fla.2009) (“Whether particular conduct constitutes such an unfair or deceptive trade practice is a question of fact.”).⁴⁵ Aecord-ingly, because declaratory and injunctive relief under the FDUTPA are available in the absence of actual damages, the Court DENIES Sony’s motion to dismiss Plaintiffs’ injunctive and declaratory relief claims under the FDUTPA.

3. Michigan Consumer Protection Act

Count 16 is brought by Plaintiff Mitchell and alleges violation of the MCPA. (FACC ¶¶ 276-287.) The MCPA prohibits “[u]nfair, unconscionable, or deceptive methods, acts, or practices in the conduct of trade or commerce[.]” Mich. Comp. Laws Ann. § 445.903(1). A plaintiff can pursue a claim under the MCPA based on fraud, deception, or breach of express or implied warranties. See Parsley v. Monaco Coach Corp., 327 F.Supp.2d 797, 807 (W.D.Mich.2004). Here, Plaintiffs allege Sony violated the MCPA by “misleading the consuming public into believing that their Personal Information would be safe upon transmission to Defendants^] when in fact[,] Defendants knew that them security systems were woefully inadequate.” (FACC ¶ 281.) Although not labeled as such in the FACC, Plaintiffs contend this conduct is grounded in both fraud and breach of express and implied warranties. Plaintiffs allege Sony violated the following sections of the MCPA:

(c) Representing that goods or services have sponsorship, approval, characteristics, ingredients, uses, benefits, quantities that they do not have or that a person has sponsorship, approval, status, affiliation, or connection that he or she does not have ...

(e) Representing that goods or services are of a particular standard, quality, or grade, or that goods are of a particular style or model, if they are of another ...

(bb) Making a representation of fact or statement of fact material to the transaction such that a person reasonably believes the represented or suggested state of affairs to be other than it actually is .... [and]

(cc) Failing to reveal facts that are material to the transaction in light of representations of fact made in a positive manner.

Mich. Comp. Laws § 445.903(l)(c), (e), (bb), (cc). Sony moves to dismiss the MCPA claim on the basis that Plaintiffs have failed to allege: (1) actual damages caused by a violation of the statute; and (2) a violation of the statute warranting declaratory or injunctive relief.

a. Actual Damages Under the MCPA

Plaintiffs seek the following actual damages under the MCPA: (1) the disclosure of their Personal Information and a corresponding loss in privacy; (2) the purchase price of them Consoles or a portion thereof; and (3) the inability to access Sony Online Services during the brief interruption in PSN access. (FACC ¶ 282.) Sony contends none of these damage allegations suffice because: (1) Plaintiffs have failed to plead reliance on the alleged misrepresentations in compliance with Rule 9(b); and (2) Sony Online Services was offered free of charge and Sony clearly disclaimed any right to uninterrupted access. Plaintiffs do not dispute that the potential risk of future identity theft resulting from the loss of personal information is not a cognizable injury under Michigan law. Hammond v. The Bank of N.Y. Mellon Corp., No. 08 CIV. 6060 RMB RLE, 2010 WL 2643307, at *1, 8 (S.D.N.Y. June 25, 2010); Hendricks v. DSW Shoe Warehouse, Inc., 444 F.Supp.2d 775, 782 (W.D.Mich.2006). Therefore, the Court only addresses whether Plaintiffs have sufficiently pled reliance on Sony’s alleged misrepresentations, thereby entitling Plaintiffs to recover the purchase price of their Consoles and/or any damage relating to the inability to access Sony Online Services during the brief interruption in PSN access.

As an initial matter, the parties dispute whether Plaintiffs are required to plead actual reliance on the alleged misrepresentations, and to the extent actual reliance is required, whether reliance must be pled with particularity under Rule 9(b). Sony contends that pursuant to Mich. Comp. Laws Ann. Section 445.911(3), and countless Michigan courts interpreting the MCPA, Plaintiffs must allege actual reliance on Sony’s alleged deceptive conduct with specificity under Rule 9(b). In response, Plaintiffs argue that actual reliance is not required, and to the extent reliance is required, Plaintiffs have sufficiently alleged that Mitchell relied on Sony’s alleged misrepresentations. The Court agrees with Sony on both points.

First, although Plaintiffs attempt to rely on Dix v. American Bankers Life Assurance Co. of Florida, 429 Mich. 410, 415 N.W.2d 206, 209 (1987), and Gasperoni v. Metabolife, International Inc., No. 00-71255, 2000 WL 33365948 (E.D.Mich. Sept. 27, 2000), for the proposition that reliance can be demonstrated by pleading that a “reasonable person would have relied on the representation,” both Dix and Gasper-oni fail to address the pertinent issue before the Court — whether a named plaintiff in a putative class action must allege actual reliance. As a result, the Court finds Dix and Gasperoni fail to support Plaintiffs’ contentions, and cases discussing Dix and Gasperoni confirm that although class allegations can be based on what a reasonable person would have relied upon, a named plaintiff biinging a putative class action under the MCPA must still allege actual reliance. See, e.g., Kussy v. Home Depot USA Inc., No. 06-12899, 2006 WL 3447146, at *5-7 (E.D.Mich. Nov. 28, 2006); In re OnStar Contract Litig., 278 F.R.D. 352, 378 (E.D.Mich.2011) (stating that there is “no dispute” that individuals asserting MCPA claims “must establish reliance”); Williams v. Scottrade, Inc., No. 06-10677, 2006 WL 2077588, at *7 (E.D.Mich. July 24, 2006) (dismissing a plaintiffs MCPA claim premised on allegations of fraud because the plaintiff failed to identify the specific statements on which he relied); Mayhall v. A.H. Pond Co., 129 Mich.App. 178, 341 N.W.2d 268, 270 (1983) (stating that the MCPA requires a plaintiff “to have sustained a loss as a condition for bringing an action to recover damages [because] ... the Legislature ... has incorporated ... the common-law requirement of injury”). Accordingly, the Court finds Plaintiffs must allege that Mitchell actually relied on Sony’s alleged misrepresentations.

Second, although Plaintiffs are correct, that Rule 9(b) is inapplicable to MCPA claims based on breach of warranty rather than fraud, as stated above, the Court dismissed Plaintiffs’ breach of express and implied warranty claims under Michigan law. See Michels v. Monaco Coach Corp., 298 F.Supp.2d 642, 651 (E.D.Mich.2003); Sautner v. Fleetwood Enters., Inc., No. 05-73252, 2007 WL 1343806, at *6 (E.D.Mich. May 8, 2007) (“If there is no basis for a breach of warranty claim, it follows, then, that there is no basis for a MCPA claim based on the alleged breach.”). Therefore, the Court finds Plaintiffs’ allegations must be plead with particularity under Rule 9(b).

Based on the above, the Court finds Plaintiffs have failed to sufficiently allege that Mitchell actually relied on Sony’s alleged deceptive conduct in compliance with Rule 9(b). With regard to Plaintiffs’ allegations that they paid for their Consoles “after being exposed” to Sony’s alleged misrepresentations, this argument has already been disposed of by the Court. Each of the alleged misrepresentations identified by Plaintiffs are either contained in the PSN User Agreement and/or the PSN Privacy Policy, both of which were presented to Plaintiffs after they purchased their Consoles and before registering for the PSN. This is only further supported by the fact that Plaintiffs have conceded that they purchased their Consoles before reviewing the language in either agreement. Accordingly, even though the Court must accept Plaintiffs’ allegations as true, including the fact that Mitchell “relied” on Sony’s alleged misrepresentations in purchasing her Console, Plaintiffs’ other allegations clearly contradict these conclusory allegations of reliance. See Regan v. Washtenaw Cnty. Rd. Commis., 257 Mich.App. 39, 667 N.W.2d 57, 65 (2003) (“We accept as true the allegations in the plaintiffs complaint to the extent that affidavits or other documents submitted by the movant do not specifically contradict them.”). As a result, Plaintiffs can not recover the purchase price of their Consoles, or a portion thereof, as actual damages under the MCPA.

The Court also finds Plaintiffs have failed to state a claim for actual damages relating to the brief interruption in Sony Online Services. As advanced by Sony and previously recognized by the Court, Sony Online Services were provided to Plaintiffs free of charge, Plaintiff Mitchell did not pay for premium services, and Sony clearly disclaimed any right to continuous and uninterrupted service. Thus, even though Plaintiffs correctly point out that a “frustration of a plaintiffs expectations” can constitute a “loss” under the MCPA, Mitchell’s expectation of uninterrupted service was not reasonable, nor could Mitchell have had an “expectation” of uninterrupted service. Mayhall, 341 N.W.2d at 272, (Doc. No. 94-2, Ex. A at 9) (“SNEA does not warrant that the service and content will be uninterrupted, error-free or without delays.”). As a result, Plaintiffs can not recover actual damages resulting from a brief interruption in Sony Online Services under the MCPA. Accordingly, the Court finds Plaintiffs have failed to sufficiently allege a legal entitlement to actual damages under the MCPA based on either the purchase of their Consoles or the brief interruption in Sony Online Services. Because further amendment of this claim would be futile, the Court GRANTS Sony’s motion to dismiss the MCPA claim seeking actual damages without leave to amend.

b. Declaratory and Injunctive Relief

Sony also moves to dismiss Plaintiffs’ claims for injunctive and declaratory relief on the basis that Plaintiffs have neither alleged a violation of the MCPA, nor have Plaintiffs alleged why such relief is necessary. The Court does not agree. First, under the MCPA a plaintiff can seek declaratory and/or injunctive relief in the absence of actual damages. Therefore, taking the allegations set forth in the FACC as true, to the extent Plaintiffs have alleged that Sony misrepresented the security of its network, including the fact that it utilized industry-standard encryption to secure Plaintiffs’ Personal Information, Plaintiffs have set forth a viable claim under Sections 445.903(l)(c), (e), (bb), and (cc). Moreover, Sony’s reliance on Workman v. Publishers Clearing House, 118 F.3d 457, 458 (6th Cir.1997), is misplaced. In Workmon, the Sixth Circuit affirmed the district court’s dismissal of the MCPA claim on the basis that no reasonable consumer would believe that they won a ten million dollar sweepstakes in light of admonitory language included in the flyer. Id. at 458-59 (stating that the “MCPA and Michigan case law provide no remedy for a trade practice that is confusing only to an unreasonable person”). Here, however, considering the language in the PSN User Agreement and the PSN Privacy Policy as a whole, it is entirely plausible that a reasonable consumer might have been deceived by Sony’s representations of reasonable security, industry-standard encryption, and the corresponding disclaimer of perfect security.

Accordingly, because Plaintiffs have alleged that Sony’s network security is still inadequate, the Court DENIES Sony’s motion to dismiss the injunctive and declaratory relief claims under the MCPA. (FACC ¶ 285) (“Defendants continue to misrepresent the adequacy of their security systems and will continue to so unless retained by Court order.”).

4. Missouri Merchandising Practices Act

Count 22 is brought by Plaintiff Munsterman and alleges violation of the MMPA. (FACC ¶¶ 314-328.) The MMPA was enacted “to preserve fundamental honesty, fair play, and right dealings in public transactions,” Scott v. Blue Springs Ford Sales, Inc., 215 S.W.3d 145, 160 (Mo. Ct.App.2006), and prohibits “deception, fraud, false pretense, false promise, misrepresentation, unfair practice or concealment, suppression, or omission of any material fact in connection with the sale or advertisement of any merchandise in trade or commerce.” Mo.Rev.Stat. § 407.020(1). To state a claim under the MMPA, a plaintiff must allege: (1) the purchase of merchandise; (2) for personal, family, or household purposes; and (3) an ascertainable loss of money or property as a result of an act or practice declared unlawful under the MMPA. See Hess v. Chase Manhattan Bank, USA N.A, 220 S.W.3d 758, 773 (Mo.2007); Owen v. Gen. Motors Corp., 533 F.3d 913, 922 (8th Cir.2008) (stating that the MMPA requires a casual connection between the ascertainable loss and the alleged unfair or deceptive practice). The MMPA defines merchandise as “objects, wares, goods, commodities, intangibles, real estate or services.” Edmonds v. Hough, 344 S.W.3d 219, 223 (Mo.Ct.App.2011), reh’g and/or transfer denied (May 24, 2011), transfer denied (Aug. 30, 2011); Mo.Rev.Stat. § 407.010(4).

Plaintiffs allege Sony violated the MMPA by “failing to disclose that the security of Plaintiffs’ Personal Information on Sony Online Services was inadequate,” and that Sony had a “legal duty” to disclose this information to consumers. (FACC ¶ 320-321.) Sony moves to the dismiss the MMPA claim on the basis that Plaintiffs have failed to allege: (1) an ascertainable loss of money or property caused by Sony’s alleged misconduct; (2) the purchase or lease of merchandise; (3) a deceptive or unfair practice; and (4) an entitlement to declaratory or injunctive relief. The Court disagrees.

As a general matter, Sony erroneously characterizes the MMPA claim as one based solely on affirmative misrepresentations, rather than a claim based on misrepresentations and omissions — an error fatal to most if not all of Sony’s contentions. Therefore, although Sony argues that Plaintiffs have not alleged the pro-chase of merchandise flowing from a violation of the MMPA, because Plaintiffs purchased their Consoles prior to being presented with the alleged misrepresentations, Sony’s arguments fail to account for Plaintiffs’ allegations that Sony omitted material information regarding the security of its network at the point of sale of the Consoles. Thus, the Court finds Plaintiffs have sufficiently alleged that Plaintiff Munsterman would not have purchased his Console if Sony had disclosed the truth regarding the security of its network. See Sunset Pools of St. Louis, Inc. v. Schaefer, 869 S.W.2d 883, 886 (Mo.Ct.App.1994) (“Courts of this state apply the benefit of the bargain rule to determine the damages in cases of fraud or deceit where the parties have not elected to rescind the contract and seek restitution.”).

Next, the parties dispute whether Plaintiffs have alleged an ascertainable loss of money or property as a result of an act or practice declared unlawful under the MMPA. Mo.Rev.Stat. § 407.020 (stating that an act is deemed unlawful if it is unfair or deceptive). Similar to Sony’s first contention, however, this dispute is easily dispelled. Plaintiffs’ MMPA claim is premised in part on Sony’s alleged material omissions regarding the security of its network, omissions that allegedly induced Plaintiffs to purchase their Consoles. See Owen, 533 F.3d at 922 (stating that MMPA claims can be based on material omissions); Hess, 220 S.W.3d at 774 (“Proof of omission or concealment of a material fact under the [MMPA] ... plainly requires less proof than was required to prove the comparable elements of ... common law fraud claim.”). Thus, because Plaintiffs have alleged that Sony’s omissions were deceptive and/or unfair because Sony misled consumers into believing that their Personal Information was secure, the Court finds Plaintiffs have sufficiently alleged a loss of money or property as a result of an act or practice declared unlawful under the MMPA. See, e.g., Ward v. W. Cnty. Motor Co., 403 S.W.3d 82, 84 (Mo. 2013).⁴⁶

Finally, although Sony argues that Plaintiffs may not pursue equitable relief under the MMPA because they have not suffered actual damage, as stated above, this contention lacks merit. See Mo. Ann. Stat. § 407.025; Freeman Health Sys. v. Wass, 124 S.W.3d 504, 509 (Mo.Ct.App. 2004) (stating that “only after a claimant has successfully brought suit for actual damages under section 407.025, may the court consider awarding attorney’s fees, punitive damages, and other ‘equitable relief.’ ”). Accordingly, the Court DENIES Sony’s motion to dismiss the MMPA.

5. New Hampshire Consumer Protection Act

Count 28 is brought by Plaintiff Rallad and alleges violation of the NHCPA. (FACC ¶¶ 361-370.) The NHCPA prohibits the use of “any unfair or deceptive act or practice in the conduct of any trade or commerce.” N.H.Rev.Stat. § 358-A:2. Similar to the CLRA, the NHCPA provides a non-exhaustive list of prohibited practices, including several prohibitions codifying common law unfair competition. See N.H.Rev.Stat. § 358-A:2(II) (“Causing likelihood of confusion or of misunderstanding as to the source, sponsorship, approval, or certification of goods or services”); N.H.Rev.Stat. § 358-A:2(III) (“Causing likelihood of confusion or of misunderstanding as to the source, sponsorship, approval, or certification of goods or services”); N.H.Rev.Stat. § 358-A:2(V) (“Representing that goods or services have sponsorship [or] ... approval that they do not have or that a person has a sponsorship, approval, status, affiliation, or connection that he does not have”). However, regardless of whether a practice is included in the NHCPA’s enumerated unlawful practices, conduct can violate the NHCPA if it “attaints] a level of rascality that would raise an eyebrow of someone inured to the rough and tumble of the world of commerce.” Barrows v. Boles, 141 N.H. 382, 687 A.2d 979, 986 (1996).

Plaintiffs allege Sony violated the NHCPA by misrepresenting the adequacy of Sony’s network security and by representing that PS3s, PSPs, and Sony Online Services had specific security characteristics, uses, and benefits, when Sony knew they did not. (FACC ¶¶366, 370.) Plaintiffs allege they suffered actual and statutory damages as a result of Sony’s deceptive conduct because the misrepresentations induced them to purchase their Consoles and/or register for Sony Online Services. (Id. at ¶ 367.) Plaintiffs also seek declaratory and injunctive relief under Section 358-A-.10. (Id. at ¶ 369.) Sony moves to dismiss the NHCPA claim on the basis that Plaintiffs have failed to allege: (1) actual damages under Section 358-A:10-a(I); (2) unfair conduct; (3) causation; and (4) any basis for injunctive relief. The Court discusses each in turn.

First, contrary to Sony’s contentions, the NHCPA “does not require a showing of actual damages for the claimant to be awarded the statutory minimum and attorneys’ fees.” Becksted v. Nadeau, 155 N.H. 615, 926 A.2d 819, 824 (2007); N.H.Rev.Stat. § 358-A: 10(1).⁴⁷ This principle is well established by New Hampshire’s highest courts and will not be disrupted here. See, e.g., Carter v. Lachance, 146 N.H. 11, 766 A.2d 717, 720 (2001) (stating that “[t]he statutory minimum award of $1,000 is not based upon actual damages suffered, but is a penalty imposed upon” those who violate the statute); Becksted v. Nadeau, 155 N.H. 615, 926 A.2d 819, 824 (2007) (“Contrary to the trial court’s ruling, we have previously held that RSA § A:10 does not require a showing of actual damages for the claimant to be awarded the statutory minimum and attorney’s fees.”). Accordingly, as stated below, because the Court finds Plaintiffs have stated a plausible claim under the NHCPA, the Court DENIES Sony’s motion to dismiss the NHCPA claim seeking statutory damages.

Second, Sony contends Plaintiffs have failed to allege unlawful conduct under the NHCPA. As set forth in the FACC, Plaintiffs allege Sony violated three of the fourteen enumerated unfair or deceptive practices outlined in the NHCPA. These include:

V. Representing that goods or services have sponsorship, approval, characteristics, ingredients, uses, benefits, or quantities that they do not have or that a person has a sponsorship, approval, status, affiliation, or connection that such person does not have; .

VII. Representing that goods or services are of a particular standard, quality, or grade, or that goods are of a particular style or model, if they are of another; and

IX. Advertising goods or services with intent not to sell them as advertised.

N.H.Rev.Stat. § 358-A:2(V), (VII), (IX). In addition to the enumerated provisions set forth above, Plaintiffs allege Sony’s violated the NHCPA because Sony’s conduct violated the “rascality test.” In opposition, Sony contends none of these allegations set forth a plausible claim for relief because no reasonable consumer would have been deceived by Sony’s representations regarding “reasonable security.” In addition, to the extent Plaintiffs base their NHCPA claim on acts or practices not specifically enumerated in the NHCPA, Sony contends Plaintiffs have failed to allege that the conduct “attaints] a level of rascality that would raise an eyebrow,” or that Sony had the required degree of knowledge or intent. State v. Moran, 151 N.H. 450, 861 A.2d 763, 765 (2004). At this stage in the proceeding, however, the Court does not agree.

As stated by the New Hampshire Supreme Court in Beer v. Bennett, 160 N.H. 166, 993 A.2d 765, 768 (2010) “even if [ ] individual representations could be read as literally true, [an] advertisement could still violate the [NHCPA] if it created an overall misleading impression.” In Beer, the New Hampshire Supreme Court considered whether the trial court properly awarded the plaintiff $16,197.00 in damages after the plaintiff purchased a car from a private seller. Id. at 767. The plaintiff alleged that the defendant violated the NHCPA because the defendant represented that the car had “pretty vigorous performance,” when in fact, the car was inoperable due to a number of missing parts. Id. In affirming the trial court’s ruling, the New Hampshire Supreme Court noted that the defendant’s conduct met the “rascality test, and therefore violated the NHCPA,” because the defendant “made representations [ ] knowing that he lacked sufficient knowledge to substantiate them.” Id. at 769.

Here, Plaintiffs allege Sony affirmatively represented that it would take “reasonable security measures” to protect Plaintiffs’ Personal Information, when in fact, Sony knew that its security systems were both inadequate and vulnerable to attack. Therefore, in contrast to the cases cited by Sony, which contained clear disclaimers of the alleged misrepresentations, at this stage in the proceedings, the Court cannot find that the language in the PSN User Agreement and/or the PSN Privacy Policy did not create an “overall misleading” impression as a matter of law. Beer, 993 A.2d at 768; Cf. Davis Frame Co. v. Reilly, No. CIV. 05-CV-160-SM, 2006 WL 435454, at *6-7 (D.N.H. Feb. 22, 2006) (finding no violation of the NHCPA because contract disclosed that customers might have to pay the full cost); L’Esperance v. HSBC Consumer Lending, Inc., No. 11-CV-555-LM, 2012 WL 2122164, at *21 (D.N.H. June 12, 2012) (finding no deception under the NHCPA because monthly payments were clearly disclosed in the plaintiffs loan agreements).

Third, Sony argues Plaintiffs’ class action allegations should be dismissed because Plaintiffs have not alleged an injury to unnamed class members that was “caused by” Sony’s deceptive or unlawful conduct. Sony relies on N.H.Rev. Stat. Section 358-A:10-a(I) to support this proposition. Under N.H.Rev.Stat. Section 358-A:10-a(I):

Persons entitled to bring an action under RSA 358-A:10 may, if the unlawful act or practice has caused similar injury to numerous other persons, institute an action as representative or representatives of a class of persons who are residents of this state or whose cause of action arose within this state against one or more defendants as individuals or as representatives of a class or against one or more such defendants having a principal place of business within this state, and the petition shall allege such facts as will show that these persons or the named defendants specifically named and served with process have been fairly chosen and adequately and fairly represent the whole class, to recover actual damages as provided for in RSA 358-A:10.

Based on the language of Section 358-A:10-a(I) and Section 358-A:10(I), which provide for the recovery of “actual damages or $1,000,” Sony contends statutory damages are disallowed in the absence of actual damages in the class action context. The Court agrees.

Although the New Hampshire Supreme Court has interpreted the NHCPA to allow plaintiffs to recover statutory damages in the absence of actual damages, the NHCPA still requires a named plaintiff instituting a representative action to allege that class members were personally harmed as a result of the defendant’s unlawful conduct. See Pagan v. Abbott Labs., Inc., 287 F.R.D. 139, 149 (E.D.N.Y. 2012) (“Nevertheless, the NHCPA still requires that the Plaintiffs show that the class members were personally harmed in some way by the Defendant’s unlawful conduct.”). Therefore, because Plaintiffs have failed to allege actual damages resulting from Sony’s alleged material misrepresentations, the Court GRANTS Sony’s motion to dismiss the class action allegations under the NHCPA without leave to amend. See Birdsall v. Coolidge, 93 U.S. 64, 64, 23 L.Ed. 802 (1876) (defining actual damages).⁴⁸

Finally, because the FACC seeks to enjoin Sony’s “wrongful acts and practices,” which includes Kalled’s individual allegations under the NHCPA that have not been dismissed, the Court DENIES Sony’s motion to dismiss Plaintiffs’ NHCPA claims seeking injunctive relief. N.H.Rev.Stat. § 358-A:10 (“Injunctive relief shall be available to private individuals under this chapter without bond, subject to the discretion of the court.”).

6. New York Deceptive Practices Act

Count 33 is brought by Plaintiff Whyland and alleges violation of the NYDPA.⁴⁹ (FACC ¶¶ 393-403.) In order to state a claim under the NYDPA, “a plaintiff must show: (1) that the act, practice or advertisement was consumer-oriented; (2) that the act, practice or advertisement was misleading in a material respect; and (3) that the plaintiff was injured as a result of the deceptive practice, act or advertisement.” Pelman v. McDonald’s Corp., 237 F.Supp.2d 512, 525 (S.D.N.Y.2003); see also N.Y Gen. Bus. Law § 349 (“Deceptive acts or practices in the conduct of any business, trade or commerce or in the furnishing of any service in this state are hereby declared unlawful.”). An act, practice, or advertisement is considered misleading if it is “likely to mislead a reasonable consumer acting reasonably under the circumstances.” Oswego Laborers’ Local 214 Pension Fund v. Marine Midland Bank, 85 N.Y.2d 20, 26, 623 N.Y.S.2d 529, 647 N.E.2d 741 (N.Y.1995).

Plaintiffs allege Sony violated the NYD-PA by misleading consumers into believing that their Personal Information would be safe upon transmission to Sony, when Sony knew that its security systems were woefully inadequate. (FACC ¶ 397.) Plaintiffs allege they were injured as a result of these material misrepresentations because they: (1) suffered a loss of privacy and/or a loss of value of their Personal Information; and (2) paid for PSPs, PS3s, Sony Online Services and/or registered for Sony Online Services after exposure to Sony’s materially misleading representations. (Id. at ¶ 398.) Sony moves to dismiss the NYDPA claim on the basis that Plaintiffs have not alleged: (1) actual injury caused by Sony’s material misrepresentations; (2) a deceptive act, practice, or advertisement; and (3) any basis for in-junctive relief. The Court finds Sony’s first contention dispositive and therefore does not address the remaining grounds for dismissal. See Fibemark, Inc. v. Brownville Specialty Paper Prods., Inc., 419 F.Supp.2d 225, 242 (N.D.N.Y.2005); Franklin Elec. Publishers, Inc. v. Unisonic Prods. Corp., 763 F.Supp. 1, 5 (S.D.N.Y.1991) (“[Pjlaintiff claims damages based on defendants’ alleged violation of the New York Consumer Protection Law ... but it has not alleged injury to consumers ... and thus has not stated a claim under the statute.”).

With regard to damages, Sony contends Plaintiffs cannot state a claim under the NYDPA because they have not alleged actual injury caused by Sony’s material misrepresentations. Pursuant to Section 349(h), “any person who has been injured by reason of any violation of this section may bring an action ... to enjoin such unlawful act or practice, an action to recover his actual damages or fifty dollars, whichever is great, or both.” N.Y. Gen. Bus. Law § 349(h). New York courts interpreting this statutory language have held that even though a plaintiff need not prove justifiable reliance on the alleged deceptive conduct, a plaintiff must still allege “that the defendant engaged in a material deceptive act or practice that caused actual, although not necessarily pecuniary harm.” Oswego Laborers’ Local 211 Pension Fund, 623 N.Y.S.2d 529, 647 N.E.2d at 745; see also Bose v. Interclick, Inc., No. 10 CIV. 9183 DAB, 2011 WL 4343517, at *8-9 (S.D.N.Y. Aug. 17, 2011). Therefore, as further discussed below, although Plaintiffs attempt to plead actual injury resulting from a loss of privacy and/or allegations that they purchased their Consoles as a result of Sony’s material misrepresentations, neither is sufficient under New York law.

First, with regard to Plaintiffs’ allegations that they suffered a loss of privacy and/or a loss in value of their Personal Information, each of cases relied upon by Plaintiffs are distinguishable. None of the cases dealt with a loss of privacy resulting from a data breach and each of the cases dealt with intentional conduct on behalf of the defendant. For example, in Meyerson v. Prime Realty Sers., LLC, 7 Misc.3d 911, 796 N.Y.S.2d 848, 851 (N.Y.App.Div.2005), the court held that the plaintiff-tenant stated a viable claim against the defendant-landlord based on allegations that the landlord deceived the tenant into believing that the tenant had to disclose her Social Security Number prior to renewing her lease. Similarly, in Anonymous v. CVS Corp., 188 Misc.2d 616, 728 N.Y.S.2d 333 (N.Y.App.Div.2001), the court found that the plaintiffs had sufficiently alleged an injury under the NYDPA by alleging that the defendant pharmacy was intentionally disclosing the plaintiffs’ medical information without their consent. And finally, in Bose v. Interclick, Inc., No. 10 CIV. 9183 DAB, 2011 WL 4343517, at *2 (S.D.N.Y. Aug. 17, 2011), the court found that an advertising company potentially violated the NYDPA because it used “flash cookies” and “history sniffing” to back up a user’s previously deleted cookies to intentionally track their browsing history. Therefore, even though each of these cases holds that an underlying privacy violation can form the basis of a NYDPA claim, none of these cases holds that information unintentionally disclosed by the defendant following a data breach is sufficient to state an injury under the NYDPA.

As a result, the Court finds the cases relied upon by Plaintiffs unavailing and the data breach cases cited by Sony highly instructive. See, e.g., Pisciotta v. Old Nat. Bancorp, 499 F.3d 629, 639 (7th Cir.2007) (“Without more than allegations of increased risk of future identity theft, the plaintiffs have not suffered a harm that the law is prepared to remedy.”); Willey v. J.P. Morgan Chase, N.A., No. 09 CIV. 1397(CM), 2009 WL 1938987, at *9 (S.D.N.Y. July 7, 2009) (“The risk that plaintiffs data may be misused because it has been lost is not a cognizable harm” under the NYDPA); Shafran v. Harley-Davidson, Inc., No. 07 CIV. 01365(GBD), 2008 WL 763177, at *3 (S.D.N.Y. Mar. 20, 2008) (“Plaintiffs alleged injuries are solely the result of a perceived and speculative risk of future injury that may never occur.”); Hammond v. The Bank of N.Y. Mellon Corp., No. 08 CIV. 6060 RMB RLE, 2010 WL 2643307, at *13 (S.D.N.Y. June 25, 2010) (“Thus, it is not surprising that the United States District Courts in New York, California, Illinois and Michigan (applying state law) have each found that the increased risk of identity theft (in the future) is not a cognizable claim.”). Accordingly, although Plaintiffs allege that Pisciotta, Willey, Shafran, and Hammond are each distinguishable because they involved plaintiffs who alleged nothing more than an increased risk of identity theft rather than a loss of privacy, the Court does not agree. The plaintiffs in Pisciotta, Willey, Shafran, and Hammond each alleged a loss of privacy resulting from the disclosure of their personal information.

Second, Plaintiffs’ allegations that they were injured as a result of paying for their Consoles and/or registering for Sony Online Services are also without merit. (FACC ¶ 398.) As stated above, Plaintiffs’ misrepresentation allegations are based on representations contained within the PSN User Agreement and/or the PSN Privacy Policy, both of which were presented to Plaintiffs after they purchased their Consoles. Therefore, even though justifiable reliance is not required under the NYDPA, Plaintiffs cannot plausibly allege an injury relating to the purchase of their Consoles based on representations presented to Plaintiffs after they purchased their Consoles. See Stutman v. Chem. Bank, 95 N.Y.2d 24, 30, 709 N.Y.S.2d 892, 731 N.E.2d 608 (N.Y.2000) (requiring a causal link between the alleged injury and deceptive conduct). Moreover, even if Rule 9(b) does not apply to Plaintiffs’ NYDPA claim, Plaintiffs allegations that Sony’s conduct was deceptive must be based on Sony’s misrepresentations, and not purely on “reasonable consumer expectations.” (Doc. No. 164 at 26:9-12.) As a result, the Court finds Plaintiffs have failed to allege an injury based on the purchase price of their Consoles (no causation), or an injury based on registration for Sony Online Services (a free service that clearly disclaimed any right to uninterrupted service), and that Plaintiffs only alleged injury is the alleged deceptive conduct itself, which New York courts have consistently rejected as insufficient under the NYDPA. See Baron v. Pfizer, Inc., 42 A.D.3d 627, 840 N.Y.S.2d 445, 448 (N.Y.2007).

Accordingly, because Plaintiffs have failed to allege an injury caused by a violation of the statute, the Court GRANTS Sony’s motion to dismiss the NYDPA claim.⁵⁰ Because further amendment of this claim would be futile, the Court dismisses the claim without leave to amend. See McLaughlin v. Anderson, 962 F.2d 187, 195 (2d Cir.1992) (finding not abuse of discretion for court to dismiss without leave to amend).

7. Ohio Consumer Protection Statutes

Plaintiffs assert two consumer protection claims under Ohio law: (1) violation of the OCSPA (Count 37); and (2) violation of the ODTPA (Count 38). (FACC ¶¶421-431.) Each is discussed in turn.

a. The Ohio Consumer Sales Practices Act

The OCSPA “prohibits unfair, deceptive, and unconscionable practices in consumer sales transactions,” and permits both individual claims and representative actions. Marrone v. Philip Morris USA, Inc., 110 Ohio St.3d 5, 850 N.E.2d 31, 33 (Ohio 2006) (citing Ohio Rev.Code §§ 1345.02,1345.03); City of Findlay v. Hotels.com, 441 F.Supp.2d 855, 862 (N.D.Ohio 2006). Under Section 1345.09(B), a consumer can bring a claim on behalf of a class if “the defendant’s alleged violation of the [OCS-PA] is substantially similar to an act or practice previously declared to be deceptive by one of the methods identified in” § 1345.09(B). Marrone, 850 N.E.2d at 33. The requisite notice under Section 1345.09(B) must be in the form of: “(1) a rule adopted by the Ohio Attorney General; or (2) a judicial decision involving substantially similar conduct.” McKinney v. Bayer Corp., 744 F.Supp.2d 733, 743 (N.D.Ohio 2010). After the Court requested supplemental briefing on the OCSPA claim, Plaintiffs conceded that they were unable to locate an act “substantially similar to an act or practice previously declared to be deceptive” by the Ohio Attorney General or an Ohio state court. (Doc. No. 164 at 26:16-25.) As a result, the Court GRANTS Sony’s motion to dismiss the OCSPA claim without leave to amend,

b. Ohio Deceptive Trade Practices Act

Count 38 alleges violation of the ODTPA. (FACC ¶¶ 426-431.) Sony moves to dismiss the ODTPA claim on the basis that the statute does not grant consumers standing to sue. Sony cites In re Oreck Corp. Halo Vacuum & Air Purifiers Marketing and Sales Practices Litigation, No. 12-CV-2317, 2012 WL 6062047, at *11 (C.D.Cal. Dec. 3, 2012), and Gascho v. Global Fitness Holdings, LLC, 863 F.Supp.2d 677, 699 (S.D.Ohio 2012), to support this proposition, both of which held that only commercial entities have standing to sue under the ODTPA. Plaintiffs cite Bower v. International Business Machines, Inc., 495 F.Supp.2d 837 (S.D.Ohio 2007), in opposition.

Although the parties have presented the Court with conflicting case law, Bower represents a minority position not followed by a majority of Ohio’s intermediate appellate courts. See In re Oreck Corp., 2012 WL 6062047, at *11 (“Ohio district courts have criticized and declined to follow the decision in Bower.”). Therefore, because the Ohio Supreme Court has not addressed whether consumers have standing to bring suit under the ODTPA, and the “vast majority of federal courts and all lower state courts to address the issue have concluded that relief under the [ODTPA] is not available to consumers,” the Court finds Plaintiffs lack standing under the ODTPA. Phillips v. Philip Morris Companies, 290 F.R.D. 476, 2013 WL 1182233, at *6 (N.D.Ohio 2013 Mar. 21, 2013); see also West v. Am. Tel. & Tel. Co., 311 U.S. 223, 237, 61 S.Ct. 179, 85 L.Ed. 139 (1940) (stating that the court must consider decisions of intermediate appellate state courts unless it is convinced by other persuasive data that the highest court of the state would decide otherwise); Robins v. Global Fitness Holdings, 838 F.Supp.2d 631, 649-50 (N.D.Ohio 2012) (collecting cases and stating that the Bower opinion fails to acknowledge that Ohio courts look to the Lanham Act when adjudicating claims under the ODTPA); In re Porsche Cars N. Am., 880 F.Supp.2d 801, 874-75 (S.D.Ohio 2012) (offering four different reasons for rejecting Bower). Accordingly, the Court GRANTS Sony’s motion to dismiss the ODTPA claim without leave to amend.

8. Texas Deceptive Trade Practices Act

Count 44 is brought by Plaintiff Wilson and alleges violation of the TDTPA. (FACC ¶¶ 457-466.) In order to state a claim under the TDTPA, the plaintiff must allege that: (1) he is a consumer; (2) the defendant engaged in false, misleading, or deceptive acts; and (3) that the defendant’s conduct was the producing cause of the plaintiffs damages. See Tex. Bus. & Com.Code § 17.50(a); Martin v. Ford Motor Co., 914 F.Supp. 1449 (S.D.Tex.1996).

Plaintiffs contend Sony violated the TDTPA by misrepresenting the security of Sony Online Services, advertising Sony Online Services with the intent not to sell the services as warranted, breaching express and implied warranties, and engaging in unconscionable conduct.⁵¹ (FACC ¶¶ 460, 463.) Plaintiffs allege they were injured as a result of Sony’s conduct because they purchased their Consoles and/or registered for Sony Online Services after exposure to the alleged misrepresentations. (Id. at ¶463.) Sony moves to dismiss the TDTPA claim on the basis that Plaintiffs have failed to allege: (1) an actual injury caused by Sony’s conduct; (2) that Plaintiffs are consumers as defined under the TDTPA; (3) a violation of the statute; and (4) any right to injunctive and/or declaratory relief. (Doc. No. 163 at 26-30.) The Court finds Plaintiffs have failed to allege an actual injury caused by Sony’s unlawful conduct and therefore does not address Sony’s remaining contentions.

With respect to damages, Sony contends Plaintiffs have failed to allege an actual injury caused by Sony’s unlawful conduct. To prevail under the TDTPA, a plaintiff must prove that the defendant’s misrepresentation or unlawful conduct was the “producing cause of [his] economic damages or damages for mental anguish.” Tex. Bus. & Com.Code § 17.50(a); see also Alexander v. Turbur & Assocs., 146 S.W.3d 113, 117 (Tex.2004). Texas courts interpreting the statute have held that “producing cause” language requires the defendant’s act to be both the “cause-in-fact” and a “substantial factor” in the plaintiffs alleged injuries. See, e.g., Main Place Custom Homes, Inc. v. Honaker, 192 S.W.3d 604, 616 (Tex.App.2006); Prudential Ins. Co. v. Jefferson Assocs., 896 S.W.2d 156, 161 (Tex.1995); Union Pump Co. v. Allbritton, 898 S.W.2d 773, 775 (Tex.1995). Although there may be more than one producing cause, the plaintiff must show that the defendant’s conduct was a “contributing cause” of the plaintiffs alleged injury. Main Place Custom Homes, 192 S.W.3d at 616. Where a plaintiff bases his claim on misrepresentations, the plaintiff must also allege that he relied on the defendant’s misrepresentations to his detriment. See Tex. Bus. & Com.Code § 17.50(a)(1)(B).

Here, the FACC alleges Plaintiff Wilson suffered actual injury as a result of Sony’s unlawful conduct because he purchased his Console and/or registered for Sony Online Services “after” exposure to Sony’s material misrepresentations. (FACC ¶ 463.) Plaintiffs attempted to bolster these allegations in their opposition to Sony’s supplemental brief by stating that in addition to the injuries stated above, they are also more vulnerable to cyber stalking/phishing, and lost access to Sony Online Services during the brief interruption in PSN access. However, neither of these allegations were pled in the FACC, and even if they were, they would not suffice under the TDTPA. See N. Port Firefighters’ Pension-Local Option Plan v. Temple-Inland, Inc., 936 F.Supp.2d 722, 740 (N.D.Tex.2013). As recognized by Sony and unrebutted by Plaintiffs, Texas does not allow a plaintiff to recover under the TDTPA for the mere risk of future identity theft or speculative injuries. See Martin v. Home Depot USA, Inc., 369 F.Supp.2d 887, 890 (W.D.Tex.2005) (discussing the actual injury requirement); Higbie Roth Const Co. v. Houston Shell & Concrete, 1 S.W.3d 808, 814 (Tex.App.1999) (“[plaintiff] seeks compensation for future damages, possible loss of coverage, and possible additional damages. These damages are conjectural, uncertain, and therefore not actionable under the [TDTPA].”). As a result, the Court only addresses whether Plaintiffs have sufficiently pled an actual injury stemming from the purchase of their Consoles and/or registration for Sony Online Services.

First, with respect to Plaintiffs’ allegations that they suffered an actual injury in the form of the purchase price of their Consoles, Plaintiffs are unable to satisfy the causation requirement. Throughout the FACC, Plaintiffs concede that they purchased their Consoles before registering for Sony Online Services, and that the alleged misrepresentations were contained in the PSN User Agreement and/or the PSN Privacy Policy — two agreements Plaintiffs were required to assent to before registering for the network and after purchasing their Consoles. As a result, it is factually impossible for Sony’s alleged misrepresentations to have been the “producing cause” of Plaintiffs’ decision to purchase their Consoles. See Bartlett v. Schmidt, 33 S.W.3d 35, 39 (Tex.App.2000) (stating that “the plaintiff must show that there is some unbroken causal connection between the allegedly deceptive act and the actual damages suffered”); Elliott v. Kraft Foods N. Am., Inc., 118 S.W.3d 50, 57 (Tex.App.2003) (“An act or defect that is not a producing cause cannot, as a matter of law, constitute a proximate cause.”).

Moreover, contrary to Plaintiffs’ contentions, whether a cause of action under the TDTPA is based on misrepresentations or unconscionable conduct, the plaintiff is still required to show that the defendant’s unlawful conduct was the “producing cause” of the plaintiffs injury. See Tex. Bus. & Com.Code § 17.50(a); Daugherty v. Jacobs, 187 S.W.3d 607, 616 (Tex.App.2006) (“As with false, misleading, or deceptive acts, it is not enough that consumers merely prove unconscionable action or course of action, they must also prove those actions were the producing cause of actual damages.”). Therefore, the Court finds Plaintiffs’ allegations of injury relating to the purchase of their Consoles fails as a matter of law.⁵²

Second, Wilson’s allegation that he suffered an actual injury because he registered for Sony Online Services is also without merit. As stated above, registration and use of Sony Online Services was free, and Wilson does not allege that he purchased premium PSN services. Moreover, although not alleged in the FACC, to the extent Plaintiffs allege they were injured as a result of the brief interruption in PSN access, or the inability to access Third Party Services via their Consoles, Sony clearly disclaimed any right to uninterrupted and continuous PSN access. See Robinson v. Match.com, LLC, No. 3:10-CV-2651-L, 2012 WL 5007777, at *11 (N.D.Tex. Oct. 17, 2012) aff'd sub nom. Malsom v. Match.com, LLC., 540 Fed.Appx. 412 (5th Cir.2013). Accordingly, the Court GRANTS Sony’s motion to dismiss the TDTPA claim on the basis that Plaintiffs cannot plausibly allege an actual injury.⁵³ Because further amendment would be futile Sony’s motion is granted without leave to amend. See Bittinger v. Wells Fargo Bank NA, 744 F.Supp.2d 619, 626 (S.D.Tex.2010).

G. California Database Breach Act

Plaintiffs’ fourth cause of action alleges Sony violated the California Database Breach Act (“DBA”) by failing to notify Plaintiffs of the intrusion in the most expedient manner possible and without unreasonable delay. (FACC ¶¶ 186— 195.) Plaintiffs seek injunctive relief, attorneys’ fees, and economic damages (fees incurred to obtain credit monitoring services, loss of use and value of Sony Online Services, loss of use and value of Third Party Services, and a diminution in value of them Consoles) as a result of the violation. (Id. at ¶¶ 193-195.) Sony moves to dismiss the DBA claim on the basis that Plaintiffs have failed to allege: (1) why notice of the intrusion within the 90-day safe harbor provision set forth in Section 1798.84(d) was unreasonable; (2) how Sony’s conduct was willful, intentional, and/or reckless in violation of Section 1798.83; and (3) how Plaintiffs’ economic damages flow from the purported unreasonable delay.

California Civil Code Section 1798.82 sets forth the parameters of the DBA, including what is required to state a violation of the statute. In pertinent part, Section 1798.82 states:

Any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subdivision (c), or any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

Cal. Civ.Code § 1798.82(a). Here, neither party contests that Sony conducts business in California, that Sony owns/licenses computerized data that includes Plaintiffs’ Personal Information, and that Plaintiffs’ Personal Information may have been exposed as a result of the intrusion. Therefore, in order to comply with the DBA, Sony was required to notify consumers of the intrusion “in the most expedient time possible and without unreasonable delay.” Id. Although Sony contends they complied with the DBA based on the 90-day safe harbor provision set forth in Section 1798.83(d), as correctly noted by Plaintiffs, the safe harbor provision only applies to the sale of information to marketers without disclosure, and is therefore inapplicable here. As a result, whether or not the ten-day delay was unreasonable is a factual determination not properly decided by the Court on a motion to dismiss.

Nonetheless, even though the length of the delay is a factual question to be resolved by the trier of fact, whether Plaintiffs have sufficiently pled an entitlement to damages or injunctive relief is a legal question to be determined by the Court. With respect to the recovery of actual damages, Section 1798.84(b) states that “[a]ny customer injured by a violation of this title may institute a civil action to recover damages.” Although case law interpreting Section 1798.84(b) is limited, unreported California cases and courts in other jurisdictions analyzing statutes mirroring the DBA have held that a plaintiff must allege actual damages flowing from the unreasonable delay (and not just the intrusion itself) in order to recover actual damages. See, e.g., Boorstein v. Men’s Journal, LLC, No. CV12-771 DSF (Ex); 2012 WL 2152815, at *2 (C.D.Cal. June 14, 2012); Grigsby v. Valve Corp., No. 2:12-CV-00553-JLR, at *1-2 (Mar. 18, 2013) (“Grigsby II”).54

For example, in Grigsby II, an unreported case out of the Western District of Washington, the court concluded that the words “injured by a violation” required the plaintiff to allege that the damages flowed from the delay, and not just that the damage flowed from the intrusion.⁵⁵ (Doc. No. 146, Ex. A.) In pertinent part, the Grigsby II court stated:

Valve argues that Mr. Grigsby’s allegations concerning injury are insufficient. The court agrees. With respect to a claim under RCW 19.255.010, it is not enough for Mr. Grigsby to have been injured by the hacking incident. The statute does not penalize companies that simply suffer a security breach or fail to prevent an unauthorized third-party from acquiring their customers’ personal information; rather, the statute penalizes companies that fail to disclose such incidents in the manner prescribed by the statute to affected state residents. See RCW 19.255.010(1); see also RCW 19.255.010(10) (providing for a private right of action and injunctive relief). Thus, Mr. Grigsby must allege facts supporting the claim that he was injured due to the interval between the hacking incident and Valve’s notice of the incident and not just that he was injured by the hacking incident alone. Mr. Grigsby has failed to do so, and the court therefore finds his claim lacking in this respect as well.

(Doc. No. 146, Ex. A at 12:6-17.) The same conclusion can be reached in the instant case. Here, Plaintiffs have failed to allege how the ten-day delay caused Howe to incur expenses for credit monitoring services, when these credit monitoring services were purchased, how the loss of use and value of Sony Online Services and Third Party Services were caused by the delay (and not the intrusion); and how Plaintiffs’ Consoles diminished in value as a result of the delay.

Accordingly, the Court GRANTS Sony’s motion to dismiss the DBA claims seeking economic damages under § 1789.84(b). However, because Plaintiffs may pursue their injunctive relief claims under § 1798.84(e), which affords relief when a “business violates, proposes to violate, or has violated” the DBA, the Court DENIES Sony’s motion to dismiss the DBA claim seeking injunctive relief.

H. Violation of the Federal Fair Credit Reporting Act

Plaintiffs assert two causes of action under the federal Fair Credit Reporting Act, 15 U.S.C. § 1681 (“FCRA”). Count 49 alleges willful violation of the FCRA and Count 50 alleges negligent violation of the FCRA. (FACC ¶¶ 489^98, 499-504.) Sony moves to dismiss both claims on the basis that: (1) Defendants are not consumer reporting agencies as defined under the Section 1681a(f); and (2) Plaintiffs have failed to allege a plausible basis for relief.⁵⁶ The Court finds Sony’s first contention dispositive.

1. Consumer Reporting Agencies

First, Sony contends Plaintiffs’ FCRA claims should be dismissed because Plaintiffs have not alleged which Defendants are consumer reporting agencies or how any of the Defendants fit the definition of a consumer reporting agency. Although Plaintiffs attempt to combat Sony’s contentions by arguing that each Defendant is a consumer reporting agency because they assembled the personal information of consumers for the purpose of furnishing information to third parties, including, by and between the various Sony Defendants, Plaintiffs’ allegations stretch the statutory definition beyond its plain meaning.

Congress enacted the FCRA to regulate “consumer reporting agencies” that accumulate consumer credit histories and then regularly make that information available to third parties via “consumer reports.” Holmes v. Countrywide Fin. Corp., No. 08-CV-00205, 2012 WL 2873892, at *16 (W.D.Ky. July 12, 2012) (citing 15 U.S.C. § 1681). As defined by the FCRA, a “consumer reporting agency” is:

[A]ny person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports.

15 U.S.C. § 1681a(f). Courts construing Section 1681a(f) have restricted the definition of “consumer reporting agency” to include only those agencies that furnish “consumer reports” for “consumer purposes.” Willingham v. Global Payments, Inc., No. 1:12-CV-01157-RWS, 2013 WL 440702, at *13 (N.D.Ga. Feb. 5, 2013) (recommending dismissal of FCRA claims in a data breach case where the plaintiffs failed to demonstrate that the defendant met the definition of a “consumer reporting agency” under the statute). As a result, entities that utilize consumer reports for “business, commercial,] or professional purposes” are not considered consumer reporting agencies under the FCRA. McCready v. eBay, Inc., 453 F.3d 882, 889 (7th Cir.2006) (quoting Ippolito v. WNS, Inc., 864 F.2d 440, 452 (7th Cir.1988)); FTC v. Gill, 265 F.3d 944, 948 (9th Cir.2001) (“Consumer reporting agencies [under the FCRA] ... like Trans Union, Ex-perian, and Equifax must exercise care in accurately and completely reporting credit information.”); 15 U.S.C. § 1681a(d)(l).

Here, the FACC does not contain any allegations suggesting that Sony regularly compiles and distributes consumer reports as defined under the FCRA. Rather, Plaintiffs merely recite the language of the statute in an attempt to come within the confines of the FCRA, or stretch the statutory language beyond its intended purpose. For example, although Plaintiffs allege that Sony furnished reports to “third parties” by disseminating Plaintiffs’ Personal Information by and between the Sony Defendants, such conduct is clearly excluded under the FCRA when it occurs between entities related by common ownership. See 15 U.S.C. § 1681 a(d)(2)(ii) (excluding from the definition of “consumer report” any communication of transaction information “among persons related by common ownership or affiliated by corporate control”). Moreover, to the extent Plaintiffs attempt to allege that their Personal Information was furnished to third parties as a result of the intrusion, this argument has also been rejected.⁵⁷ See, e.g., Willingham v. Global Payments, Inc., No. 1:12-CV-01157-RWS, 2013 WL 440702, at *13 (N.D.Ga. Feb. 5, 2013); Holmes, 2012 WL 2873892, at *16 (“No coherent understanding of the words “furnished” or “transmitted” would implicate Countrywide’s action under the FCRA.”). Accordingly, the Court GRANTS Sony’s motion to dismiss both FCRA claims without leave to amend.

I. Pax-tial Performance and Breach of the Covenant of Good Faith and Fair Dealing

Plaintiffs’ final cause of action seeks partial performance and breach of the covenant of good faith and fair dealing regarding a settlement agreement (“Settlement Agreement”) allegedly entered into by and between Sony and Plaintiffs’ counsel. (FACC ¶¶ 505-515.) Plaintiffs allege the Settlement Agreement was entered into between the parties soon after the instant litigation commenced, and required the parties to negotiate attorney’s fees, costs, and expenses, in addition to including the Canadian and Israeli cases in the settlement. {Id. at ¶¶ 506, 509.) Plaintiffs allege that after the Canadian cases joined in the Settlement Agreement and Sony waived the requirement that the Israeli cases join, Sony failed to negotiate attorney’s fees, costs, and expenses with Plaintiffs and separately settled with the Canadian plaintiffs. {Id. at ¶¶ 510-512.) As a result, Plaintiffs seek partial performance of the Settlement Agreement, including attorney’s fees, costs, and expenses incurred in the litigation thus far. {Id. at ¶ 515.)

Sony moves to dismiss the claim on the basis that Plaintiffs confuse settlement discussions with an executed settlement agreement. Sony contends that because Plaintiffs do not allege facts showing that an agreement was in fact executed (and by whom), the date the agreement was allegedly executed, or that an executed agreement was ever delivered from one party to another, Plaintiffs have failed to state a viable cause of action. Moreover, to the extent that there was an actual settlement agreement executed between the parties, Sony contends the continued prosecution of this case is tantamount to an abandonment of the Settlement Agreement.⁵⁸

Based on the arguments set forth above, the crux of the disagreement between the parties focuses on whether an executed agreement actually exists, and if it does not, the extent to which an “agreement to negotiate” can form the basis of Plaintiffs’ claim. Although the Court is perplexed as to why Plaintiffs did not file a motion to enforce the Settlement Agreement (to the extent there is an executed settlement agreement between the parties), Plaintiffs’ claim could be based on an alleged breach of an “agreement to negotiate.” As explained by the California Court of Appeal in Copeland v. Baskin Robbins USA, 96 Cal.App.4th 1251, 1257, 1260, 117 Cal.Rptr.2d 875 (Cal.Ct.App.2002), which distinguished an agreement to agree (not actionable) from an agreement to negotiate (potentially actionable), a party can be liable based on an “agreement to negotiate” where the failure to reach an “ultimate agreement resulted from a breach of that party’s obligation to negotiate or to negotiate in good faith.”

Here, Plaintiffs allege that the Settlement Agreement required the parties to negotiate attorney’s fees, costs, and expenses in good faith, and that Sony failed and refused to negotiate such expenses with Plaintiffs as required under the agreement. Plaintiffs further allege that Sony separately settled with the Canadian plaintiffs in direct contravention of the Settlement Agreement. Therefore, to the extent there is an executed document requiring Sony to negotiate attorney’s fees, costs, and expenses, and Sony failed to do so, or negotiated with Plaintiffs in bad faith, Plaintiffs have stated a, claim for relief. Accordingly, at this stage in the proceedings, the Court DENIES Sony’s motion to dismiss Plaintiffs’ final cause of action alleging partial performance and breach of the implied covenant of good faith and fair dealing.

CONCLUSION

For the reasons set forth above, the Court GRANTS IN PART and DENIES IN PART Defendants’ motion to dismiss the FACC. (Doc. No. 135.) Defendants are instructed to file an answer to the FACC no later than February 22, 2014, and contact Magistrate Judge Dembin’s chambers to schedule a Case Management Conference and the necessary Rule 26 requirements no later than February 4, 2014. Accordingly, the following causes of action have been dismissed without leave to amend:

1. California Negligence Claim (Count 5);

2. Florida Negligence Claim (Count ID;

3. Massachusetts Negligence Claim (Count 14);

4. Missouri Negligence Claim (Count 27);

5. Ohio Negligence Claim (Count 43);

6. Florida Negligent Misrepresentation Claim (Count 9);

7. Massachusetts Negligent Misrepresentation Claim (Count 15);

8. Michigan Negligent Misrepresentation Claim (Count 19);

9. New Hampshire Negligent Misrepresentation Claim (Count 31);

10. Ohio Negligent Misrepresentation Claim (Count 42);

11. Texas Negligent Misrepresentation Claim (Count 47);

12. Michigan Innocent Misrepresentation Claim (Count 20);

13. Missouri Negligent Omission Claim (Count 26);

14. Florida Breach of. Warranty Claim (Count 7);

15. Michigan Breach of Warranty Claim (Count 17);

16. Missouri Breach of Warranty Claim (Count 24);

17. New Hampshire Breach of Warranty Claim (Count 29);

18. New York Breach of Warranty Claim (Count 34);

19. Ohio Breach of Warranty Claims (Counts 40, 41);

20. Texas Breach of Warranty Claim (Count 45);

21. Florida Breach of Implied Warranty Claim (Count 8);

22. Michigan Breach of Implied Warranty Claim (Count 18);

23. Missouri Breach of Implied Warranty Claim (Count 25);

24. New York Implied. Warranty Claim (Count 35);

25. Massachusetts Implied Warranty Claim (Count 12);

26. New Hampshire Implied Warranty Claim (Count 30);

27. Texas' Implied Warranty Claim (Count 46);

28. Florida Unjust Enrichment Claim (Count 10);

29. Massachusetts Unjust Enrichment Claim (Count 13);

30. Michigan Unjust Enrichment Claim (Count 21);

31. Missouri Unjust Enrichment Claim (Count 23);

32. New Hampshire Unjust Enrichment Claim (Count 32);

33. New York Unjust Enrichment Claim (Count 36);

34. Ohio Unjust Enrichment Claim (Count 39);

35. Texas Unjust Enrichment Claim (Count 48);

36. UCL and FAL Claims based on misrepresentations regarding uninterrupted PSN and Internet access and Plaintiffs’ ability to seek in-junctive relief (Counts 1, 2);

37. FDUTPA Claim seeking actual damages (Count 6);

38. MCPA Claim seeking actual damages (Count 16);

39. Class Action Claims under the NHCPA (Count 28);

40. NYDPA Claim (Count 33);

41. OCSPA Claim (Count 37);

42. ODTPA Claim (Count 38);

43. TDTPA Claim (Count 44);

44. DBA Claim seeking economic damages (Count 4); and

45. FCRA Claims (Counts 49, 50).

The following causes of action have survived dismissal and may proceed:

1. UCL and FAL Claims based on misrepresentations and omissions regarding reasonable network security and industry-standard encryption and Plaintiffs’ ability to seek restitution under the statutes (Counts 1, 2);

2. CLRA Claim based on misrepresentations and omissions regarding reasonable network security and industry-standard encryption;

3. FDUTPA Claim requesting declaratory and injunctive relief (Count 6);

4. MCPA Claim requesting declaratory and injunctive relief (Count 16);

5. MMPA Claim seeking damages and equitable relief (Count 22);

6. NHCPA Claim seeking damages and injunctive relief (Count 28);

7. DBA Claim requesting injunctive relief (Count 4);

8. Partial Performance/Breach of Covenant of Good Faith and Fair Dealing (Count 51).

IT IS SO ORDERED.

1 . On September 30, 2011, Sony Network Entertainment America, Inc. ("SNEA”) merged into Sony Network Entertainment International, LLC (“SNE!”).

2 . Plaintiffs filed a response to Sony’s notice of supplemental authorities on March 20, 2013. (Doc. No. 138.) The document was struck from the record as an improper surreply. (Id.) Plaintiffs were instructed to include any opposition to Sony's notice of supplemental authorities in their opposition. (Id.) Plaintiffs did not subsequently file an opposition to these documents. Accordingly, the Court GRANTS Sony’s motion for judicial notice and considers Sony’s supplemental and foreign authorities in support of the instant motion.

3 .The Court does not specifically address Plaintiffs' submission of the Ninth Circuit's memorandum opinion in In Re Sony PS3 "Other OS" Litigation. (Doc. No. 166, Ex. A.) The Court did not rely on any language included in the district court’s decision that was subsequently overruled, nor did the Court dismiss Plaintiffs' UCL, FAL, and/or CLRA claims (the only rulings pertinent here that were reversed by the Ninth Circuit).

4 . The SOE network is an online gaming network distinct from the PSN, as the SOE network is principally accessed via a computer. (Doc. 135 at 4:17-20.) However, certain SOE games can also be played through the PSN. (Id.) As of January 25, 2011 the PSN had over 69 million users worldwide and SOE had over 24.6 million users worldwide. (FACC ¶¶41, 43.)

5 . Plaintiffs allege that all user Personal Information was stored and maintained by Sony in perpetuity, regardless of whether the user deactivates or terminates their account, and that Sony continually monitors and records users' PSN activities, purchases, and usage. (FACC ¶¶ 50, 51.)

6 . The FACC adds five additional named Plaintiffs and forty-four additional causes of action. (Compare Doc. No. 78 and Doc. No. 128.)

7 . See also Cent. Delta Water Agency v. United States, 306 F.3d 938, 947-48 (9th Cir.2002) (holding that "the possibility of future injury may be sufficient to confer standing on plaintiffs” and concluding that the suit could proceed when the plaintiffs demonstrated a factual issue about "whether they suffer a substantial risk of harm”).

8 . Although only persuasive, courts in other circuits have also held that a plaintiff can establish an "injury-in-fact” by alleging a threat of future harm. See, e.g., Denney v. Deutsche Bank AG, 443 F.3d 253, 264-65 (2d Cir.2006) (stating that exposure to toxic substances creates a cognizable injury for standing purposes "even though exposure alone may not provide sufficient ground for a claim under state tort law”); Sutton v. St. Jude Med. S.C., Inc., 419 F.3d 568, 574-75 (6th Cir.2005) (holding that Article III standing was satisfied where a defective medical implement presented an increased risk of future health problems); Friends of the Earth, Inc. v. Gaston Copper Recycling Corp., 204 F.3d 149, 160 (4th Cir.2000) (en banc) (“Threats or increased risk thus constitutes cognizable harm.”); Pisciotta v. Old Nat. Bancorp, 499 F.3d 629, 634 (7th Cir.2007) ("[T]he injuiy-in-fact requirement can be satisfied by a threat of future harm or by an act which harms the plaintiff only by increasing the risk of future harm that the plaintiff would have otherwise faced, absent the defendant's actions.”).

9 . Krottner 628 F.3d at 1143 (finding an “injury-in-fact” when plaintiffs pled an increased risk of harm following the theft of a laptop that contained their personal data); Doe 1, 719 F.Supp.2d at 1109-11 (holding that plaintiffs were injured by defendant’s collection and publication of "highly sensitive personal information,” including credit card numbers, social security numbers, financial account numbers and information regarding plaintiffs’ personal issues, including sexuality, mental illness, alcoholism, incest, rape, and domestic violence).

10 .Notwithstanding controlling case law in this circuit, and the Court’s previous order Sony again directs the Court to consider the Third Circuit's reasoning in Reilly v. Ceridian Corporation, 664 F.3d 38 (3rd Cir.2011), wherein the Third Circuit affirmed the trial courts dismissal based on lack of Article I standing. Although the Court acknowledges the Third Circuit’s holding in Reilly, the Court once again reiterates that Reilly is only persuasive authority.

11 . See, e.g., Paz v. Cal., 22 Cal.4th 550, 93 Cal.Rptr.2d 703, 994 P.2d 975, 980-81 (2000); Meyers v. City of Jacksonville, 754 So.2d 198, 202 (Fla.2000); Jupin v. Kask, 447 Mass. 141, 849 N.E.2d 829, 834-35 (Mass.2006); Am. Mortg. Inv. Co. v. Hardin-Stockton Corp., 671 S.W.2d 283, 292 (Mo. 1984); Mussivand v. David, 45 Ohio St.3d 314, 544 N.E.2d 265, 270 (Oh.1989).

12 . Neither party addressed the Court's tentative ruling at oral argument, which stated that each negligence claim was subject to dismissal without leave to amend based on Plaintiffs’ failure to allege a cognizable injury and/or based on the economic loss doctrine.

13 . The California negligence claim also alleges a special relationship between Sony and the California Class. (FACC ¶¶ 204-210.)

14 . Plaintiffs fail to allege when Howe or Bova purchased credit monitoring services, whether Howe and Bova were aware of Sony’s Welcome Back Package offering free credit monitoring services, or whether Howe and Bova purchased credit monitoring services on account of Sony’s alleged untimely delay.

15 . Although Paragraph 270 alleges Bova suffered a cognizable injury in the form of loss of use and value of Third Party Services, Paragraph 18 does not allege Bova subscribed to and/or accessed any Third Party Services via Sony Online Services.

16 . The rationale behind the doctrine is that a "commercial user can protect himself by seeking express contractual assurances concerning the product (and thereby perhaps paying more for the product) or by obtaining insurance against losses.” Bay State-Spray & Provincetown S.S., Inc. v. Caterpillar Tractor Co., 404 Mass. 103, 533 N.E.2d 1350, 1354-55 (1989).

17 . The Court only addresses the J’Aire exception because this was the only exception cited by Plaintiffs.

18 . Plaintiff Johnson does not allege he purchased credit monitoring services.

19 . "Under the medical monitoring cases, individuals who have been exposed to potentially harmful substances but have no presently detectable illnesses may recover the costs of future medical surveillance by showing 'through reliable expert testimony,' (1) the 'significance and extent of exposure,’ (2) the 'toxicity of [the contaminant], [and] the seriousness of the [harm]_for which the individuals are at risk,' and (3) the 'relative increase in the chance of _ [the harm] in those exposed,’ such that (4) ‘monitor[ing] the effects of exposure_is reasonable and necessary.' " Stollenwerk, 254 Fed.Appx. at 666 (quoting Burns v. Jaquays Mining Corp., 156 Ariz. 375, 752 P.2d 28, 33 (Ariz.Ct.App.1987)).

20 .See, e.g., Kahle, 486 F.Supp.2d at 713 (stating that "without direct evidence that the information was accessed or specific evidence of identity fraud” credit monitoring costs are not recoverable in negligence); Forbes v. Wells Fargo Bank, N.A., 420 F.Supp.2d 1018, 1021 (D.Minn.2006) (granting summary judgment for the defendant because the plaintiff failed to establish the damages element, stating that credit monitoring fees in the absence of a present threat of identity theft did not suffice); Shafran v. Harley-Davidson, Inc., No. 07 CIV. 01365(GBD), 2008 WL 763177, at *3 (S.D.N.Y. Mar. 20, 2008) ("Courts have uniformly ruled that the time and expense of credit monitoring to combat an increased risk of future identity theft is not, in itself, an injury that the law is prepared to remedy.”); Resnick v. AvMed, Inc., 693 F.3d 1317, 1326 (11th Cir.2012) (finding that the plaintiffs' allegations of identify theft crossed the line from “possible to probable” because the plaintiffs alleged that prior to the data breach they had never experienced any instances of identity theft, and always took the utmost precautions to kept their confidential information private); Pinero v. Jackson Hewitt Tax Serv. Inc., 594 F.Supp.2d 710, 718 (E.D.La.2009) ("Numerous courts have held that expenses related to credit monitoring to guard against future identity theft are not compensa-ble damages.”); Giordano v. Wachovia Sec., LLC, No. 06-476 JBS, 2006 WL 2177036, at *3 (D.N.J. July 31, 2006) ("In all three cases, the district courts has held that, because the plaintiff's injuries were solely the result of a perceived risk of future injury, plaintiff had failed to show a present injury or reasonably certain future injury to support damages for any alleged increased risk of harm.”); Holmes v. Countrywide Fin. Corp., No. 5:08-CV-00205-R, 2012 WL 2873892, at *14 (W.D.Ky. July 12, 2012) ("Oregon’s highest court held that credit monitoring expenses did not fall within the meaning of 'ascertainable loss’ since 'the expenditure [was] not based on any present harm to plaintiffs' economic interests.' ”) (internal citations and quotations omitted). Although these cases are only persuasive, the elements required to state a claim for negligence are similar regardless of the jurisdiction.

21 .See, e.g., Baggett v. Electricians Local 915 Credit Union, 620 So.2d 784, 786 (Fla.Dist.Ct. App.1993) (Florida negligent misrepresentation claim); O’Connor v. Merrimack Mut. Fire Ins. Co., 73 Mass.App.Ct. 205, 897 N.E.2d 593, 600 (2008) (Massachusetts negligent misrepresentation claim); MacDonald v. Thomas M. Cooley Law Sch., 880 F.Supp.2d 785, 799 (W.D.Mich.2012) aff'd, 724 F.3d 654 (6th Cir.2013) (Michigan negligent misrepresentation claim); State-William P’ship v. Gale, 169 Mich.App. 170, 425 N.W.2d 756, 761 (1988) (Michigan innocent misrepresentation claim); Snierson v. Scruton, 145 N.H. 73, 761 A.2d 1046, 1049-50 (2000) (New Hampshire negligent misrepresentation claim); Smith v. Til-ton, 3 S.W.3d 77, 86 (Tex.1999) (Texas negligent misrepresentation claim).

22 . Neither party addressed the Court’s tentative ruling at oral argument, which stated that each of the misrepresentation and omission claims were subject to dismissal without leave to amend based on Plaintiffs failure to allege a cognizable injury and/or because the Ohio claim does not apply to consumer transactions. (Doc. No. 157.)

23 . Doe v. SexSearch.com, 551 F.3d 412, 418 (6th Cir.2008); Thornton v. State Farm Mut. Auto Ins. Co., No. 1:06-cv-00018, 2006 WL 3359448, at *16 (N.D.Ohio Nov. 17, 2006).

24 . Moore v. U.S. Bank, N.A., No. 4:07CV205 HEA, 2008 WL 3164936, at *7 (E.D.Mo. Aug. 4, 2008); Lowdermilk v. Vescovo Bldg. & Realty Co., 91 S.W.3d 617, 630 (Mo.Ct.App.2002) (“Plaintiffs have not cited any authority that establishes a cause of action for negligent omission.”).

25 . Only Sony addressed the Court’s tentative ruling at oral argument, requesting that each warranty claim be dismissed without leave to amend.

26 . Lieberman v. Sony Computer Entm’t Am. LLC, et al., No. 11-cv-1920 AJB-MDD, originally filed on May 4, 2011 in the Northern District of California as Case No.: 11-cv-2197; Schucher v. Sony Computer Entm’t Am. LLC, et al, No. 11-cv-1105 AJB-MDD, originally filed on May 19, 2011 in the Southern District of California; Rebecca Mitchell v. Sony Computer Entm’t Am. LLC, et al., No. 11-cv-1785 AJB-MDD, originally filed on April 27, 2011 in the Central District of California as Case No.: 11-cv-3601; Munsterman v. Sony Computer Entm't Am. LLC, et al., 11-cv-1179 AJB-MDD, originally filed on May 31, 2011 in the Southern District of California; McKewon et al. v. Sony Network Entm’t Am. LLC, et al. No. 11-cv-1911 AJB-MDD, originally filed on May 3, 2011 in the Northern District of California. Plaintiffs Whyland, Rallad, and Wright were all added as Plaintiffs for the first time at the filing of the FACC on December 10, 2012. (Doc. No. 128.)

27 . See, e.g., Williams v. Beechnut Nutrition Corp., 185 Cal.App.3d 135, 142, 229 Cal.Rptr. 605 (Cal.Ct.App.1986); Cal. Uniform Commercial Code § 2313; Dunham-Bush, Inc. v. Thermo-Air Serv., Inc., 351 So.2d 351, 353 (Fla.Dist.Ct.App.1977); Kenkel v. Stanley Works, 256 Mich.App. 548, 665 N.W.2d 490, 496 (Mich.2003); Renaissance Leasing, LLC v. Vermeer Mfg. Co., 322 S.W.3d 112, 122 (Mo. 2010); Haag v. Hyundai Motor Am., No. 12-CV-6521L, 2013 WL 4812344, at *2 (W.D.N.Y. Sept. 10, 2013); Kelleher v. Marvin Lumber & Cedar Co., 152 N.H. 813, 853, 891 A.2d 477 (N.H.2005); Abele v. Bayliner Marine Corp., 11 F.Supp.2d 955, 961 (N.D.Ohio 1997); Morris v. Adolph Coors Co., 735 S.W.2d 578, 587 (Tex.App.1987).

28 . See, e.g., Pollard v. Saxe & Yolles Dev. Co., 12 Cal.3d 374, 380, 115 Cal.Rptr. 648, 525 P.2d 88 (Cal.1974) (“The requirement of notice of breach is ... designed to allow the defendant opportunity for repairing the defective item, reducing damages, avoiding defective products in the future, and negotiating settlements.”); Moss v. Walgreen Co., 765 F.Supp.2d 1363, 1368 (S.D.Fla.2011) (requiring that the buyer provide the seller with pre-suit notice of the breach); Am. Bumper & Mfg. Co. v. Transtechnology Corp., 252 Mich.App. 340, 652 N.W.2d 252, 255 (2002) (same); Renaissance Leasing, LLC, 322 S.W.3d at 122 (same); Quinn v. Walgreen Co., 958 F.Supp.2d 533, 544 (S.D.N.Y.2013) (same); Hooksett Sch. Dist. v. W.R. Grace & Co., 617 F.Supp. 126, 132 (D.N.H.1984) (same); Radford v. Daimler Chrysler Corp., 168 F.Supp.2d 751, 754 (N.D.Ohio 2001) (same); U.S. Tire-Tech, Inc. v. Boeran, B.V., 110 S.W.3d 194, 199 (Tex.App.2003) (same).

29 . Sony argued in its reply brief that Plaintiffs' implied warranty claims were also subject to dismissal based on the choice-of-law provision in the PSN User Agreement. However, because Sony's motion to dismiss did not present this contention the argument is not properly before the Court. See United States v. Romm, 455 F.3d 990, 997 (9th Cir.2006).

30 . Neither party addressed the Court's tentative ruling at oral argument, which stated that the implied warranty claims were subject to dismissal without leave to amend based on the disclaimer in the PSN User Agreement. (Doc. No. 157.)

31 .See, e.g., Belle Plaza Condo. Ass’n, Inc. v. B.C.E. Dev., Inc., 543 So.2d 239, 240 (Fla. Dist.Ct.App.1989) ("Moreover, it is equally clear that B.C.E. properly disclaimed by a bold and conspicuous disclaimer any and all express or implied warranties.”); Rokicsak v. Colony Marine Sales & Serv., Inc., 219 F.Supp.2d 810, 815 (E.D.Mich.2002) (stating that Michigan law allows for the disclaimer of implied warranties); Am. Auto. Ins. Co. v. Omega Flex, Inc., No. 4:11CV00305 AGF, 2013 WL 2628658, at *16 (E.D.Mo. June 11, 2013) (same); Kraft v. Staten Island Boat Sales, Inc., 715 F.Supp.2d 464, 473 (S.D.N.Y. 2010) (same); N.H.Rev.Stat. Ann. § 382-A:2-316, comments (“[Section 2-316] ... seeks to protect a buyer from unexpected and un-bar-gained language of disclaimer by denying effect to such language when inconsistent with language of express warranty and permitting the exclusion of implied warranties only by conspicuous language or other circumstances which protect the buyer from surprise.”); Tex. Bus. & Com.Code Ann. § 2.316 (same).

32 . Massachusetts is an exception to this general rule, enacting a provision that renders void any attempt to disclaim an implied warranty of merchantability or fitness for a particular purpose with regard to consumer goods. See Mass. Gen. Laws § 2-316A; Jacobs v. Yamaha Motor Corp., USA, 420 Mass. 323, 649 N.E.2d 758, 761 (1995) (“An language by which a manufacturer of consumer goods seeks to exclude or modify an implied warranty of merchantability or of fitness for a particular purpose, or to limit the consumer's remedies for breach o those warranties, is unenforceable.”). Plaintiffs did not specifically address Sony’s contentions that the common law claims could be waived.

33 . The Court does not consider the SOE User Agreement and SOE Privacy Policy because Plaintiffs did not bring an implied warranty claim under Ohio law.

34 . As stated by Sony, and never once rebutted by Plaintiffs, the PSN is a free service and none of the Plaintiffs allege that they purchased premium PSN services.

35 . Neither party addressed the Court’s tentative ruling at oral argument, which stated that each unjust enrichment claim was subject to dismissal without leave to amend based on the existence of a valid contract between the parties. (Doc. No. 157.)

36 . See, e.g., Diamond "S" Dev. Corp. v. Mercantile Bank, 989 So.2d 696, 697 (Fla.Dist.Ct. App.2008) (stating that an “unjust enrichment claim is precluded by the existence of an express contract concerning the same subject matter”); Flatten v. HG Bermuda Exempted Ltd., 437 F.3d 118, 130 (1st Cir.2006) (“Massachusetts law does not allow litigants to override an express contract by arguing unjust enrichment.”); Belle Isle Grill Corp. v. City of Detroit, 256 Mich.App. 463, 666 N.W.2d 271, 280 (2003) (same); Howard v. Turnbull, 316 S.W.3d 431, 436 (Mo.Ct.App.2010) (same); Wilcox Indus. Corp. v. Hansen, 870 F.Supp.2d 296, 308 & n. 3 (D.N.H.2012) (same); Metro. Elec. Mfg. Co. v. Herbert Constr. Co., 183 A.D.2d 758, 583 N.Y.S.2d 497, 498 (N.Y.App.Div.1992) (same); Randolph v. Hew England Mut. Life Ins. Co., 526 F.2d 1383, 1387 (6th Cir.1975) (applying Ohio law).

37 .An unjust enrichment claim may only be pled in the alternative to a breach of contract claim where one party asserts that the contract governing the dispute is invalid or the contract does not cover the subject matter at issue. See, e.g., In re Managed Care Litig., 185 F.Supp.2d 1310, 1337-38 (S.D.Fla.2002); Newman & Schwartz v. Asplundh Tree Expert Co., 102 F.3d 660, 663 (2d Cir.1996) (allowing unjust enrichment claim to be pled in the alternative to a breach of contract claim under New York law because the defendant disputed whether plaintiff, a non-party to the contract, was an intended third-party beneficiary of the contract); Ajuba Int’l, LLC v. Saharia, 871 F.Supp.2d 671, 692 (E.D.Mich. 2012) (allowing alternative pleading under Michigan law because it was unclear if any of the contracts covered the subject matter at issue and the defendants contested the validity of the contract); Miami Valley Mobile Health Servs., Inc. v. ExamOne Worldwide, Inc., 852 F.Supp.2d 925, 939 (S.D.Ohio 2012) (allowing alternative pleading under Ohio law because tire validity of the contract was not conceded by defendants and it was possible that the court could later find one or more of the contracts invalid); Manicini Enters., Inc. v. Am. Exp. Co., 236 F.R.D. 695, 699 (S.D.Fla.2006) (allowing alternative pleading under Florida law because the existence of an express contract between the parties had not yet been established)'. • -

38 . The FACC alleges that Sony represented and/or omitted material information regarding the security of the PSN at the time Plaintiffs purchased or otherwise acquired their Consoles. (FACC ¶¶ 18-28, 29; Doc. No. 146 at 19-20.) Plaintiffs further allege that had they known that Sony did not utilize reasonable, adequate, or industry-standard security measures to protect Plaintiffs' Personal Information transmitted to Sony before registering for the PSN, Plaintiffs, acting as reasonable consumers, would not have purchased their PS3s, would not have paid the same amount for their PS3s, and/or would not have provided their Personal Information to Sony. (FACC ¶ 29; Doc. No. 146 at 19:12-18.) Plaintiffs support these contentions by alleging that access to the PSN, although a free service, was a key feature of PS3s, and a major factor in Plaintiffs’ decision to purchase a PS3. (FACC ¶¶ 40, 41, 167.)

39 . Plaintiffs allege Sony violated the following enumerated sections of the CLRA §§ 1770(a)(5), (7), (9), (14), and (16). (FACC ¶ 176.)

40 . At the October 18, 2013 motion hearing, Plaintiffs contended that not all of their California consumer protection claims sounded in fraud. The Court does not agree. Each of Plaintiffs’ consumer protection claims alleges that Sony omitted or misrepresented material facts regarding the adequacy of its network security, and that Sony was aware that its network security was inadequate. Moreover, as stated in the Coürt's prior order Plaintiffs previously agreed with Sony that their consumer claims were subject to Rune 9(b)'s particularity requirements. (Doc. No. 120 at 25:8-13.)

41 . See http://us.playstation.com/ps3/features/ ps3featuresnetwork.html and http://us. playstation.com/ps3/features/ps_ps3_ connectivity.html.

42 . Section 501.211(a) states: "In any action brought by a person who has suffered a loss as a result of a violation of this part, such person may recover actual damages, plus attorney's fees and court costs as provided in s. 501.2105. However, damages, Tees, or costs are not recoverable under this section against a retailer who has in good faith, engaged in the dissemination of claims of a manufacturer or wholesaler without actual knowledge that it violated this part.”

43 . Plaintiffs did not address Sony's third contention and it appears these statutes were erroneously included in the FACC.

44 . This is true even though the PSN Privacy Policy states that "we cannot ensure or warrant the security of any information transmitted to us through [the PSN] ...(Doc. No. 94-2, Ex. B at 6.)

45 .The Court also finds Sony’s contentions regarding the interpretations of the FTC unavailing. The FACC properly alleges numerous and systematic vulnerabilities that Sony was allegedly aware of before the intrusion. Therefore, taking Plaintiffs’ allegations as true, which the Court must on a motion to dismiss, Plaintiffs have sufficiently alleged deceptive or unfair conduct under the FDUTPA.

46 . Sony reliance on Padberg v. DISH Network LLC, No. 11-04035-CV-C-NKL, 2012 WL 2120765 (W.D.Mo. June 11, 2012) is unavailing. The court in Padberg found no causation because the deception was remedied by express terms in the contract. Padberg, 2012 WL 2120765, at :f5-6. Here however, the language of the PSN User Agreement is potentially deceptive because Sony warranted “reasonable security” and “industry-standard encryption.” To the extent Sony did not utilize reasonable security the disclaimer of "perfect disclaimer” is potentially deceptive.

47 . “Any person injured by another's use of any method, act or practice declared unlawful under this chapter may bring an action for damages and for such equitable relief, including an injunction, as the court deems necessary and proper.” N.H.Rev.Stat. § 358-A: 10(1).

48 . Plaintiffs have failed to allege actual damages under the NHCPA because they have not alleged material misrepresentations at or pri- or to the purchase of their Consoles, have not alleged actual instances of identify theft or unauthorized charges, and cannot recover damages relating to a brief interruption in PSN access because uninterrupted service was clearly disclaimed in the PSN User Agreement. (Doc. No. 94-2, Ex. A at 9.)

49 . Count 33 only alleges a violation of Section 349 (Deceptive Acts and Practices) and not Section 350 (False Advertising).

50 . Plaintiffs did not address Sony’s contentions that injunctive relief under the NYDPA is disallowed in the absence of actual injury.

51 . Plaintiffs’ opposition to Sony's supplemental brief represented that their TDTPA claims were based only on misrepresentations and unconscionable conduct, and not on breach of warranty.

52 . Plaintiffs' reliance on Pirozzi v. Apple, Inc., No. 12-CV-01529-JST, 2013 WL 4029067, at *6 (N.D.Cal. Aug. 5, 2013) is similarly unavailing. The plaintiff in Pirozzi asserted claims under the UCL, FAL, CLRA only after having read the defendant's alleged misrepresentations.

53 . Injunctive and declaratory relief are only available in the event the plaintiff prevails. Tex. Bus. & Com.Code § 17.50(b)(2) ("In a suit filed under this section, each consumer who prevails may obtain ... an order enjoining such acts or failure to act”).

54 . In Boorstein v. Men’s Journal, the plaintiff brought a claim under the DBA alleging that the defendant failed to provide him with the required disclosures when it sold him a magazine. 2012 WL 2152815, at *1-5. The court dismissed the claim for failure to allege that the plaintiff suffered an injury as a result of the violation. Id. Grigsby II is an unreported case attached as Exhibit A to Doc. No. 146.

55 . The Washington statute mirrors the DBA.

56 . Neither party, addressed the Court's tentative ruling at oral argument, which stated that both FCRA claims were subject to dismissal without leave to amend because none of the Defendants are "consumer reporting agencies" as defined under Section 1681 a(f). (Doc. No. 157.)

57 . The two cases cited by Plaintiffs are distinguishable. See, e.g., Rowe v. UniCare Life & Health Ins. Co., No. 09 C 2286, 2010 WL 86391, at *2-4 (N.D.Ill. Jan. 5, 2010) (stating that whether or not the defendant was a consumer reporting agency was not at issue); Ori v. Fifth Third Bank, 674 F.Supp.2d 1095, 1097-98 (E.D.Wis.2009) (finding that the defendant reseller was a consumer reporting agency under the FCRA based on a specific provision in the statute applying to resellers).

58 . Neither party addressed the Court’s tentative ruling at oral argument which stated that Plaintiffs' partial performance/breach of the covenant of good faith and fair dealing claim was subject to dismissal with leave to amend. (Doc. No. 157.)