6 UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON 7 AT SEATTLE
8 POC USA, LLC, Case No. C23-1816-RSM 9 Plaintiff, ORDER DENYING IN PART AND 10 GRANTING IN PART DEFENDANT’S MOTION TO 11 v. DISMISS EXPEDITORS INTERNATIONAL OF 12 WASHINGTON, INC.,
13 Defendant.
15 I. INTRODUCTION 16 This matter comes before the Court on Defendant Expeditors International of 17 Washington, Inc. (“Defendant”)’s Motion to Dismiss for Failure to State a Claim, Dkt. #14. 18 Plaintiff POC USA, LLC (“Plaintiff”) opposes the Motion. Dkt. #20. For the reasons set forth 19 below, the Court DENIES IN PART and GRANTS IN PART Defendant’s Motion to Dismiss. 20 II. BACKGROUND 21 The Court adopts the following facts from Plaintiff’s Complaint, Dkt. #1. 22 Defendant Expeditors “is one of the world’s largest Third Party Logistics (“3PL”) service 23 providers[.]” In March 2016, Plaintiff entered into a Distributor Services Agreement (“DSA”) 24 with Defendant, outlining that Defendant would receive shipments of products manufactured by 1 Plaintiff, warehouse the products, and ship the products to Plaintiff’s customers. Defendant would perform these duties using its own computerized distribution management system, and 2 Defendant was required to provide real-time visibility to Plaintiff of its products. 3 As part of Defendant’s service, Defendant highlighted its included Global Security Team, 4 which “manage[s] Expeditors’ systems, processes, and service providers with a consistent 5 approach that enables Expeditors to move cargo within Expeditors’ network securely.” 6 Defendant’s IT infrastructure and software was chosen and provided by Defendant. 7 In February 2022, Defendant suffered a cyberattack. Instead of paying a ransom, 8 Defendant shut down most of its operating systems. Defendant did not provide services to 9 Plaintiff for almost 90 days. Due to Plaintiff’s business involving selling and shipping seasonal 10 sporting goods, Plaintiff claims economic loss from failure to deliver products for those 90 days 11 plus the loss of customers to other seasonal sporting goods providers. 12 III. DISCUSSION 13 A. Legal Standard 14 Rule 12(b)(6) allows for dismissal of a complaint due to a plaintiff’s “failure to state a 15 claim upon which relief can be granted.” Fed. R. Civ. P. 12(b)(6). Dismissal may “be based on 16 the lack of cognizable legal theory or the absence of sufficient facts alleged under a cognizable 17 legal theory.” Balistreri v. Pacifica Police Dep’t, 901 F.2d 696, 699 (9th Cir. 1988). The 18 complaint must “contain factual matter, accepted as true, to ‘state a claim to relief that is plausible 19 on its face[,]’ requiring more than “an unadorned, the defendant-unlawfully-harmed-me 20 accusation.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 21 550 U.S. 544, 570 (2007)). 22 When considering a 12(b)(6) motion, the court takes well-pleaded factual allegations as 23 true and views them in a light most favorable to the plaintiff. See Wyler Summit P’ship v. Turner 24 1 Broad. Sys., Inc., 125 F.3d 658, 661 (9th Cir. 1998). The court does not have to take presented legal conclusions as factual allegations or accept as true “allegations that are merely conclusory, 2 unwarranted deductions of fact, or unreasonable inferences[.]” See Iqbal, 556 U.S. at 678; 3 Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001). “Dismissal without 4 prejudice and without leave to amend is not appropriate unless it is clear . . . that the complaint 5 could not be saved by amendment.” Creech v. Tewalt, 84 F.4 777, 789 (9th Cir. 2023) (quoting 6 Eminence Cap., LLC v. Aspeon, Inc., 316 F.3d 1048, 1052 (9th Cir. 2003)). 7 B. Analysis 8 Defendant does not challenge Plaintiff’s claim for breach of contract but argues that 9 Plaintiff’s other claims for breach of implied duty of good faith and fair dealing, negligence, 10 gross negligence, unjust enrichment, and violations of the Washington Consumer Protection Act 11 (“WCPA”) should be dismissed. See gen. Dkt. #14. The Court analyzes these claims in turn 12 below. 13 a. Implied Duty of Good Faith and Fair Dealing 14 Under Washington law, “[t]here is in every contract an implied duty of good faith and 15 fair dealing” that “obligates the parties to cooperate with each other so that each may obtain the 16 full benefit of performance.” Rekhter v. Dep’t of Soc. & Health Servs., 180 Wn.2d 102, 112, 323 17 P.3d 1036 (2014) (quoting Badgett v. Sec. State Bank, 116 Wn.2d 563, 569, 807 P.2d 356 (1991)). 18 The implied covenant of good faith and fair dealing “cannot add or contradict express contract 19 terms and does not impose a free-floating obligation of good faith on the parties.” Id. at 113. 20 Instead, “the duty arises only in connection with terms agreed to by the parties.” Id. (citations 21 omitted). The duty can arise “when the contract gives one party discretionary authority to 22 determine a contract term.” Id. (quoting Goodyear Tire & Rubber Co. v. Whiteman Tire, Inc., 23 86 Wn. App. 732, 738, 935 P.2d 628 (1997)). 24 1 Defendant argues that Plaintiff cannot bring this claim because Plaintiff “fails to, and cannot, identify a contractual provision obligating Expeditors to prevent and withstand and/or 2 mitigate the impact of a cyber-attack on its services[.]” Dkt. #14 at 10. Plaintiff contends that 3 Defendant breached this implied duty by failing to implement standard industry practices and 4 available cyber protections and an adequate business continuity plan to protect itself and 5 customers from cyber-attacks and their effects. Dkts. #1 at ¶¶ 9, 18-20, 24-31, 58; #20 at 5-9. 6 The Court finds Plaintiff has sufficiently alleged that Defendant breached its implied duty 7 of good faith and fair dealing. Defendant attempts to circumvent this by saying there is no 8 specific contractual provision obligating it to protect Plaintiff from cyber-attacks but only to 9 upkeep shipment management services. Dkt. #14 at 9. This is obtuse. Defendant chose and 10 operated the computer systems the ransomware breached. Defendant presented itself as having 11 competent security and networks for Plaintiff to rely on. Due to Defendant’s computer systems 12 allegedly being vulnerable to a cyber-attack and Defendant’s subsequent shutdown, Plaintiff 13 alleges economic harm from Defendant’s lacking security. Drawing all inferences in Plaintiff’s 14 favor at this stage, the Court finds Plaintiffs have sufficiently alleged that Defendant breached its 15 implied duty of good faith and fair dealing to upkeep a safe, reliable, and working software 16 system. 17 b. Negligence and Gross Negligence 18 Defendant argues that Plaintiff’s negligence and gross negligence claims fail because the 19 parties have no special relationship, there are no allegations of misfeasance, and Defendant owed 20 no duty to pay the ransom demand. Dkt. #14 at 12-16. Thus, Defendant argues that it cannot be 21 held liable for the criminal acts of another. Id .at 12. 22 Under Washington law, a claim for negligence must allege “(1) the existence of a duty to 23 the plaintiff, (2) a breach of that duty, (3) a resulting injury, and (4) the breach as the proximate 24 1 cause of the injury.” Degel v.
Free access — add to your briefcase to read the full text and ask questions with AI
6 UNITED STATES DISTRICT COURT WESTERN DISTRICT OF WASHINGTON 7 AT SEATTLE
8 POC USA, LLC, Case No. C23-1816-RSM 9 Plaintiff, ORDER DENYING IN PART AND 10 GRANTING IN PART DEFENDANT’S MOTION TO 11 v. DISMISS EXPEDITORS INTERNATIONAL OF 12 WASHINGTON, INC.,
13 Defendant.
15 I. INTRODUCTION 16 This matter comes before the Court on Defendant Expeditors International of 17 Washington, Inc. (“Defendant”)’s Motion to Dismiss for Failure to State a Claim, Dkt. #14. 18 Plaintiff POC USA, LLC (“Plaintiff”) opposes the Motion. Dkt. #20. For the reasons set forth 19 below, the Court DENIES IN PART and GRANTS IN PART Defendant’s Motion to Dismiss. 20 II. BACKGROUND 21 The Court adopts the following facts from Plaintiff’s Complaint, Dkt. #1. 22 Defendant Expeditors “is one of the world’s largest Third Party Logistics (“3PL”) service 23 providers[.]” In March 2016, Plaintiff entered into a Distributor Services Agreement (“DSA”) 24 with Defendant, outlining that Defendant would receive shipments of products manufactured by 1 Plaintiff, warehouse the products, and ship the products to Plaintiff’s customers. Defendant would perform these duties using its own computerized distribution management system, and 2 Defendant was required to provide real-time visibility to Plaintiff of its products. 3 As part of Defendant’s service, Defendant highlighted its included Global Security Team, 4 which “manage[s] Expeditors’ systems, processes, and service providers with a consistent 5 approach that enables Expeditors to move cargo within Expeditors’ network securely.” 6 Defendant’s IT infrastructure and software was chosen and provided by Defendant. 7 In February 2022, Defendant suffered a cyberattack. Instead of paying a ransom, 8 Defendant shut down most of its operating systems. Defendant did not provide services to 9 Plaintiff for almost 90 days. Due to Plaintiff’s business involving selling and shipping seasonal 10 sporting goods, Plaintiff claims economic loss from failure to deliver products for those 90 days 11 plus the loss of customers to other seasonal sporting goods providers. 12 III. DISCUSSION 13 A. Legal Standard 14 Rule 12(b)(6) allows for dismissal of a complaint due to a plaintiff’s “failure to state a 15 claim upon which relief can be granted.” Fed. R. Civ. P. 12(b)(6). Dismissal may “be based on 16 the lack of cognizable legal theory or the absence of sufficient facts alleged under a cognizable 17 legal theory.” Balistreri v. Pacifica Police Dep’t, 901 F.2d 696, 699 (9th Cir. 1988). The 18 complaint must “contain factual matter, accepted as true, to ‘state a claim to relief that is plausible 19 on its face[,]’ requiring more than “an unadorned, the defendant-unlawfully-harmed-me 20 accusation.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 21 550 U.S. 544, 570 (2007)). 22 When considering a 12(b)(6) motion, the court takes well-pleaded factual allegations as 23 true and views them in a light most favorable to the plaintiff. See Wyler Summit P’ship v. Turner 24 1 Broad. Sys., Inc., 125 F.3d 658, 661 (9th Cir. 1998). The court does not have to take presented legal conclusions as factual allegations or accept as true “allegations that are merely conclusory, 2 unwarranted deductions of fact, or unreasonable inferences[.]” See Iqbal, 556 U.S. at 678; 3 Sprewell v. Golden State Warriors, 266 F.3d 979, 988 (9th Cir. 2001). “Dismissal without 4 prejudice and without leave to amend is not appropriate unless it is clear . . . that the complaint 5 could not be saved by amendment.” Creech v. Tewalt, 84 F.4 777, 789 (9th Cir. 2023) (quoting 6 Eminence Cap., LLC v. Aspeon, Inc., 316 F.3d 1048, 1052 (9th Cir. 2003)). 7 B. Analysis 8 Defendant does not challenge Plaintiff’s claim for breach of contract but argues that 9 Plaintiff’s other claims for breach of implied duty of good faith and fair dealing, negligence, 10 gross negligence, unjust enrichment, and violations of the Washington Consumer Protection Act 11 (“WCPA”) should be dismissed. See gen. Dkt. #14. The Court analyzes these claims in turn 12 below. 13 a. Implied Duty of Good Faith and Fair Dealing 14 Under Washington law, “[t]here is in every contract an implied duty of good faith and 15 fair dealing” that “obligates the parties to cooperate with each other so that each may obtain the 16 full benefit of performance.” Rekhter v. Dep’t of Soc. & Health Servs., 180 Wn.2d 102, 112, 323 17 P.3d 1036 (2014) (quoting Badgett v. Sec. State Bank, 116 Wn.2d 563, 569, 807 P.2d 356 (1991)). 18 The implied covenant of good faith and fair dealing “cannot add or contradict express contract 19 terms and does not impose a free-floating obligation of good faith on the parties.” Id. at 113. 20 Instead, “the duty arises only in connection with terms agreed to by the parties.” Id. (citations 21 omitted). The duty can arise “when the contract gives one party discretionary authority to 22 determine a contract term.” Id. (quoting Goodyear Tire & Rubber Co. v. Whiteman Tire, Inc., 23 86 Wn. App. 732, 738, 935 P.2d 628 (1997)). 24 1 Defendant argues that Plaintiff cannot bring this claim because Plaintiff “fails to, and cannot, identify a contractual provision obligating Expeditors to prevent and withstand and/or 2 mitigate the impact of a cyber-attack on its services[.]” Dkt. #14 at 10. Plaintiff contends that 3 Defendant breached this implied duty by failing to implement standard industry practices and 4 available cyber protections and an adequate business continuity plan to protect itself and 5 customers from cyber-attacks and their effects. Dkts. #1 at ¶¶ 9, 18-20, 24-31, 58; #20 at 5-9. 6 The Court finds Plaintiff has sufficiently alleged that Defendant breached its implied duty 7 of good faith and fair dealing. Defendant attempts to circumvent this by saying there is no 8 specific contractual provision obligating it to protect Plaintiff from cyber-attacks but only to 9 upkeep shipment management services. Dkt. #14 at 9. This is obtuse. Defendant chose and 10 operated the computer systems the ransomware breached. Defendant presented itself as having 11 competent security and networks for Plaintiff to rely on. Due to Defendant’s computer systems 12 allegedly being vulnerable to a cyber-attack and Defendant’s subsequent shutdown, Plaintiff 13 alleges economic harm from Defendant’s lacking security. Drawing all inferences in Plaintiff’s 14 favor at this stage, the Court finds Plaintiffs have sufficiently alleged that Defendant breached its 15 implied duty of good faith and fair dealing to upkeep a safe, reliable, and working software 16 system. 17 b. Negligence and Gross Negligence 18 Defendant argues that Plaintiff’s negligence and gross negligence claims fail because the 19 parties have no special relationship, there are no allegations of misfeasance, and Defendant owed 20 no duty to pay the ransom demand. Dkt. #14 at 12-16. Thus, Defendant argues that it cannot be 21 held liable for the criminal acts of another. Id .at 12. 22 Under Washington law, a claim for negligence must allege “(1) the existence of a duty to 23 the plaintiff, (2) a breach of that duty, (3) a resulting injury, and (4) the breach as the proximate 24 1 cause of the injury.” Degel v. Majestic Mobile Manor, 129 Wn.2d 43, 914 P. 2d 728, 731(1996). The existence of duty “is a question of law and depends on mixed considerations of logic, 2 common sense, justice, policy, and precedent.” Snyder v. Med. Serv. Corp., 145 Wn.2d 233, 35 3 P.3d 1158, 1164 (2001). “Duty in a negligence action is a threshold question” and “may be 4 predicated ‘on violation of statute or of common law principles of negligence.’” Jackson v. City 5 of Seattle, 158 Wn. App. 647, 244 P.3d 425, 428 (2010) (quoting Burg v. Shannon & Wilson, 6 Inc., 110 Wn. App. 798, 43 P.3d 526, 520 (2002)). 7 Under Washington law, “an actor ordinarily owes no duty to protect an injured party from 8 harm caused by the criminal acts of third parties.” Parrilla v. King Cty., 138 Wn. App. 427, 157 9 P.3d 879, 884 (2007). Though the Washington Supreme Court has “not yet found a duty to 10 protect a third party from the criminal acts of another absent a special relationship[,]” it has 11 “recognized under Restatement § 302B that a duty to third parties may arise in the limited 12 circumstances that the actor’s own affirmative act creates a recognizable high degree of risk of 13 harm.” Robb v. City of Seattle, 176 Wn.2d 427, 295 P.3d 212, 216 (2013). 14 Defendant argues that Plaintiff’s claims fail because “[t]here was no legal cognizable 15 special relationship” between the parties and no affirmative act of misfeasance by Defendant 16 occurred. Dkt. #14 at 12, 14-15. Plaintiffs argue that Defendant’s “enhanced duty of care existed 17 independently of the performance of the DSA contract.” Dkt. #1 at ¶¶ 67, 82. 18 However, as described above, Plaintiff argues that Defendant’s failure to implement 19 effective security was an implied breach of the contract. Plaintiff’s argument of an independent 20 duty of care appears to be the same argument of Defendant owing Plaintiff under the contract to 21 provide an effective, safe security system through the computer software Defendant chose and 22 operated. Furthermore, “the failure to implement adequate data security measures does not 23 implicate a legal duty on its own.” Buckley v. Santander Consumer USA, Inc., 2018 WL 24 1 1532671, at *5 (W.D. Wash. Mar. 29, 2018). The Court finds that Plaintiff’s negligence arguments appear duplicative of Plaintiff’s contractual arguments. Furthermore, the Court finds 2 no misfeasance occurred to create an enhanced duty of care because Plaintiff’s allegations are, at 3 most, allegations of omissions or nonfeasance, which Defendant can only be held liable for if a 4 special relationship exists. See Veridian Credit Union v. Eddie Bauer, LLC, 295 F.Supp.3d 1140, 5 1157-58 (W.D. Wash. 2017); Guy v. Convergent Outsourcing, Inc., 2023 WL 4637318, at *3 6 (W.D. Wash. 2023). The Court finds that no special relationship existed beyond a normal duty 7 of reasonable care. Therefore, the Court dismisses Plaintiff’s negligence and gross negligence 8 claims. 9 c. Bailment 10 Under Washington law, bailment “arises generally when personalty is delivered to 11 another for some particular purpose with an express or implied contract to redeliver when the 12 purpose has been fulfilled.” Eifler v. Shurgard Capital Mgmt. Corp., 71 Wn. App. 684, 689 13 (1993) (internal quotations omitted). For a bailment of personal property to arise, “there must be 14 a change of possession and an assumption or acceptance of possession by the person claimed to 15 be a bailee.” Collins v. Boeing Co., 4 Wn. App. 705, 711 (1971). An ordinary duty of care is 16 owed unless heightened under the contract. See St. Paul Fire & Marine Ins. Co. v. Charles H. 17 Lilly Co., 48 Wash. 2d 528, 536 (1956). Parties to a mutually beneficial bailment can contract 18 to limit negligence, but “[i]t is well settled in Washington that professional bailees may not limit 19 their liability for negligence.” Am. Nursery Products, Inc., v. Indian Wells Orchards, 115 Wn.2d 20 217, 232 (1990). A professional bailee is someone “who deal[s] with the public on a uniform 21 rather than on an individual basis, including primarily owners of parcel checkrooms, owners of 22 parking places, garagemen, and warehousemen.” Id. at 231. 23 24 1 Plaintiff asserts that “Expeditors is a professional bailee” who engaged in an “unfair and/or deceptive practice . . . to limit its liability under the DSA . . . when it knew and should 2 have known it is a professional bailee . . . prohibited as a matter of public policy from limiting 3 their liability.” Dkt. #1 at ¶¶ 92, 93, 96, 115-16. Defendant argues that it is not a professional 4 bailee because the services offered to Plaintiff were particularized and the alleged bailment was 5 incident to the performance of services for which Defendant received compensation. Dkt. #14 6 at 18. 7 According to the DSA, “Expeditors offers distribution services” and “agree[d] to provide 8 customized distribution services” to Plaintiff. Dkt. #1-1. Defendant’s services to Plaintiff, per 9 the contract, appear to be particularized and not those of a professional bailee. Id. Plaintiff also 10 states in its Complaint that Defendant’s obligations to Plaintiff “were special and unique[.]” Dkt. 11 #1 at ¶ 23. Furthermore, at least one other court found in a different instance that Defendant was 12 not a bailee, leading this Court to construe Defendant not as an entity presenting itself to the 13 public as a professional bailee. See Certain Underwriters at Lloyd’s v. Expeditors Int’l of 14 Washington, Inc., 584 F. Supp. 3d 860, 874 (C.D. Cal. 2022). The Court concludes that 15 Defendant is not a professional bailee. 16 The Court also concludes that Plaintiff’s bailment claim is duplicative of other claims. 17 Any bailee/bailor relationship between the parties was created by the DSA. Though Plaintiff 18 argues that the DSA does not address the situation at hand, i.e., what happens when Defendant 19 fails to protect it against the impacts of cyberattacks, Plaintiff argues that this protection is part 20 of the DSA through Defendant’s providing of the software and security systems. See gen. Dkt.1; 21 Dkt. #20 at 20-23. If not contractual, Plaintiff argues for unjust enrichment in the alternative. 22 Dkt. #1 at ¶ 104-12. The terms of the DSA govern the bailment duties here over the common- 23 law bailment duties and principles. See Pollok v. Vanguard Grp, Inc., 774 Fed. App’x 407, 408 24 1 (9th Cir. 2019) (citing Dan b. Dobbs, et al., The Law of Torts § 68 (2d ed. 2019). Defendant owed a normal duty of reasonable care under the contract as the bailee, and Defendant’s alleged 2 breach to provide sufficient services in the wake of cyberattacks is duplicative of other claims. 3 The Court concludes that Defendant is not a professional bailee, and Plaintiff’s bailment claim 4 should be dismissed. 5 d. WCPA 6 Defendant moves to dismiss Plaintiff’s claims under the WCPA because they are based 7 on Defendant’s “deceptive” practices as a professional bailee, which Defendant is not. Dkt. #14 8 at 23. The Court agrees that Plaintiff’s claims based on Defendant’s alleged deceptive practice 9 of attempting to unlawfully limit its liability as a professional bailee fail. However, the Court 10 finds that Plaintiff has sufficiently alleged WCPA violations to survive Defendant’s Motion. See 11 Dkts. #1 at ¶¶ 113-24, #20 at 26. 12 For a private WCPA action, “a plaintiff must establish five distinct elements: (1) unfair 13 or deceptive act or practice; (2) occurring in trade or commerce; (3) public interest impact; (4) 14 injury to plaintiff in his or her business or property; (5) causation.” Hangman Ridge Training 15 Stables, Inc. v. Safeco Title Ins. Co., 105 Wn.2d 778, 780 (1986). “Furthermore, as a more 16 general matter, federal courts applying Washington law have consistently found that a ‘failure to 17 employ adequate data security measures’ that ‘result in harm to thousands of customers’ is 18 sufficient to constitute an ‘unfair’ act under the WCPA.” In re Accellion, Inc. Data Breach 19 Litigation, 2024 WL333893, at *18 (N.D. Cal. Jan. 29, 2024) (citing Veridian, 295 F. Supp. 3d 20 at 1162 (W.D. Wash. 2017), Krefting v. Kaye-Smith Enterprises Inc., 2023 WL 4846850, at *8 21 (W.D. Wash. July 28, 2023), Guy v. Convergent Outsourcing, Inc., 2023 WL 4637318, at *8 22 (W.D. Wash. July 20, 2023), and Buckley, 2018 WL 1532671, at *4 (W.D. Wash. Mar. 29, 2018). 23 Given this consistent interpretation, construing all interpretations in Plaintiff’s favor at this stage, 24 1 the Court finds that Plaintiff has sufficiently alleged an “unfair” act by Defendant’s failure to upkeep adequate software and security systems to safeguard Plaintiff’s business operations. 2 e. Unjust Enrichment 3 The Court also concludes that Plaintiff sufficiently alleges a claim for unjust enrichment. 4 As both parties agree, unjust enrichment exists as a remedy when no contract exists but a quasi- 5 contract implied in law “arises from an implied duty of the parties not based on a contract, or on 6 any consent or agreement.” Heaton v. Imus, 93 Wn.2d 249, 252 (1980); Dkts. #14 at 21, #20 at 7 23. “Unjust enrichment is the method of recovery for the value of the benefit retained absent any 8 contractual relationship because notions of fairness and justice require it.” Young v. Young, 164 9 Wn.2d 477, 484 (2008). To establish a claim for unjust enrichment, a plaintiff must show that: 10 (1) a benefit was conferred on the defendant; (2) the defendant had knowledge or appreciation of 11 the benefit; and (3) the defendant’s retainment of the benefit without payment of its value is 12 inequitable under the circumstances. Id. at 484-85. 13 Plaintiff argues that its claim for unjust enrichment is plausible “because nothing in the 14 contract expressly addresses what happens in the event of a cyberattack.” Dkt. #20 at 24. 15 Defendant argues that “[i]t is undisputed that [the parties’] relationship is governed by an express 16 contract.” Dkt. #14 at 22. However, Defendant also argues that no contractual provision under 17 the DSA existed to prevent or protect Plaintiff from cyberattacks. Dkt. #14 at 9-11. Therefore, 18 “there is a fundamental dispute between the parties concerning the scope of that contractual 19 relationship and whether it definitively defines [Defendant’s] obligation with respect to 20 protecting Plaintiff[.]” In re Cap. One Consumer Data Sec. Breach Litig., 488 F. Supp. 3d 374, 21 412 (E.D. Va. 2020) (considering claims under Washington law). While the Court is skeptical 22 that the value of Defendant’s benefit is measured by the cost of the avoided ransom, the Court 23 finds plausible that the benefit conferred was the costs charged by Defendant for Plaintiff’s 24 1 business during the time of the shutdown. See Dkt. #1 at ¶ 108. The Court concludes that, as an alternative to its express breach of contract claim, Plaintiff has plausibly alleged that if its 2 “express contractual relationship does not govern [Plaintiff’s] rights with respect to the 3 protection” from cyberattacks and secure software, Plaintiff has a claim for unjust enrichment. 4 Id. 5 CONCLUSION 6 Having reviewed the relevant briefing and the remainder of the record, the Court hereby 7 finds and ORDERS that Defendant Expeditors’ Motion to Dismiss for Failure to State a Claim, 8 Dkt. #14, is DENIED IN PART and GRANTED IN PART. Plaintiff’s claims for breach of 9 contract, breach of implied covenant of good faith and fair dealing, Washington Consumer 10 Protection Act violations, and unjust enrichment STAND. All other claims (for negligence, gross 11 negligence, and bailment) are DISMISSED. 12
13 DATED this 11th day of April, 2024. 14 15 A 16 RICARDO S. MARTINEZ UNITED STATES DISTRICT JUDGE 17
20 21 22 23 24