IN THE UNITED STATES DISTRICT COURT FOR THE MIDDLE DISTRICT OF NORTH CAROLINA UNIVERSAL PRESERVACHEM, INC., ) ) Plaintiff, ) ) v. ) 1:24cv763 ) COIM USA INC., ) ) Defendant. ) MEMORANDUM OPINION AND RECOMMENDATION OF UNITED STATES MAGISTRATE JUDGE This case comes before the undersigned United States Magistrate Judge for a recommendation on “Plaintiff’s Motion to Dismiss Coim USA Inc.’s Amended Counterclaim” (Docket Entry 17 (all-cap font and emphasis omitted)) (the “instant Motion”). For the reasons that follow, the Court should deny the instant Motion as to Coim’s negligence claim (Count One) and grant the instant Motion as to Coim’s breach of contract and breach of implied covenant of good faith and fair dealing claim (Count Two). BACKGROUND Universal Preservachem, Inc. (“Universal”) “imports, packages, distributes, and sells chemical ingredients for manufacturers of various products.” (Docket Entry 14 at 7.) Coim USA, Inc. (“Coim”), “an international company that develops and produces various chemical specialties” (id.), purchased chemical products from Universal on two occasions in July and August 2021 (see id. at 8). On each occasion, Coim submitted to Universal a purchase order for the requested products and, upon delivery, Universal sent Coim an invoice requiring payment by September 18, 2021, and October 1, 2021, respectively. (See Docket Entry 1, ¶¶ 12-20; Docket Entry 14 at 8.) Universal alleges, in relevant part, that, in connection with those transactions, “Coim may have attempted to make payments to Universal” (Docket Entry 1, ¶ 27), but “Universal never received the payments Coim purports to have remitted” (id.). Specifically, Universal alleges that Coim “may have . . . engage[d] with a phishing email . . . and submitted the purported payments to a third-party hacker.” (Id., ¶ 28.) Universal further alleges that, “[s]ometime in or around June of 2021, [it] sent Coim a ‘Cyber Threat Awareness’ notice, instructing Coim to ‘not accept any email communication from Universal . . . related to any changes in wire payment instructions’ and that any such email [wa]s likely a ‘phishing attack.’” (Id., ¶ 26 (emphasis omitted).) As part of that notice, Universal also alleges that it “instructed Coim to instead reach out to its known Universal company contact to make direct payments to Universal in a secure manner.” (Id.)
Coim contests Universal’s allegations. As relevant to the instant Motion, Coim alleges the following: “After Coim received the [first] invoice, it reached out to Universal, offered to make payment on invoices via ACH transfer, and sent Universal a Vendor ACH Payment Enrollment Form (‘ACH Form’) that Universal could fill 2 out if it wanted to receive payment from Coim by ACH transfer.” (Docket Entry 14 at 8-9.) In response, “one of Universal’s accounting managers[] returned a filled-out and signed ACH Form on Universal’s behalf” (id. at 9), which “list[ed] a woman named Carla Jones as Universal’s contact person for payment-related communications and list[ed] the routing and account numbers for Universal’s bank account” (id.). “On September 23, 2021, Coim attempted to send a $99,385.00 payment to Universal’s bank account via ACH[, but] the payment bounced back to Coim because the banking information . . . was incorrect.” (Id.) After that payment bounced back, “Coim emailed Universal on September 26, 2021, at the email address ‘ap@upichem.com’ asking for corrected payment instructions” (id.). The next day, Carla Jones responded via email to provide new routing and account numbers for transmitting payment to Universal. (See id. at 9-10.) “Based on this information, Coim submitted payments totaling $180,626.35 to Universal on September 27, 2021, [and] September 30, 2021.” (Id. at 10.) Sometime after that, Universal “advised Coim that certain e-mails it received from Universal’s email accounts were sent by a
third-party hacker, which caused Coim to submit its payments to a third-party hacker.” (Id.) Coim’s investigation revealed that “the e-mail [from Carla Jones] with the fraudulent banking information had come from inside of Universal’s own e-mail system.” (Id.) Coim further alleges that “Universal’s computer systems, 3 e-mail server, or both were hacked by unknown third parties” (id. at 7) sometime “during or before June of 2021” (id.) and that Universal became aware of that fact “shortly afterward, . . . but failed to take appropriate action to ensure that the threat was resolved and that the hacker(s) could no longer access Universal’s systems” (id.) or to “warn Coim of the potential issue at any time before or after Coim submitted its first purchase order to Universal” (id. at 11). Based on Coim’s purported nonpayment, Universal sued Coim for breach of contract. (See Docket Entry 1, ¶¶ 32-26.) In response, Coim filed an Answer and Counterclaim (Docket Entry 10), which it later amended (Docket Entry 14) (the “Amended Answer and Counterclaim”), asserting claims for negligence and breach of contract (id. at 11-13). Universal thereafter filed the instant Motion, seeking dismissal of the Amended Counterclaim for failure to state a claim pursuant to Federal Rule of Civil Procedure 12(b)(6). (See Docket Entry 17 at 1.) To support the instant Motion, Universal filed a memorandum (Docket Entry 18) and exhibit (Docket Entry 18-1). In opposition, Coim filed a response (Docket
Entry 20), to which Universal replied (Docket Entry 21). STANDARD OF REVIEW A Rule 12(b)(6) motion “tests the sufficiency of a complaint,” but “does not resolve contests surrounding the facts, the merits of a claim, or the applicability of defenses.” Republican Party of 4 N.C. v. Martin, 980 F.2d 943, 952 (4th Cir. 1992). Accordingly, in reviewing a motion to dismiss, the Court must “accept the facts alleged in the complaint as true and construe them in the light most favorable to the plaintiff.” Coleman _v. Maryland Ct. of Appeals, 626 F.3d 187, 189 (4th Cir. 2010), aff’d sub nom. Coleman v. Court of Appeals of Md., 566 U.S. 30 (2012). The Court must also “draw all reasonable inferences in favor of the plaintiff.” du Pont de Nemours & Co. v. Kolon Indus., Inc., 637 F.3d 435, 440 (4th Cir. 2011) (internal quotation marks omitted). To avoid Rule 12(b) (6) dismissal, a complaint must contain sufficient factual allegations “to ‘state a claim to relief that is plausible on its face.’” Ashcroft v. Igbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). To qualify as plausible, a claim needs sufficient factual content to support a “reasonable inference that the defendant is liable for the misconduct alleged.” Id. (citing Twombly, 550 U.S. at 556). A complaint need not contain detailed factual recitations, but must provide “the defendant fair notice of what the claim is and the grounds upon which it rests.” Twombly, 550 U.S. at 555 (internal quotation marks and ellipsis omitted). “At bottom, determining whether a complaint states . . . a plausible claim for relief . . . will ‘be a context-specific task that requires the reviewing court to draw on its judicial experience and common sense.’” Francis v. Giacomelli, 588 F.3d 186, 193 (4th Cir.
2009) (quoting Iqbal, 556 U.S. at 679). As relevant here, the complaint pleading standard applies equally to counterclaims. See, e.g., E.I. du Pont, 637 F.3d at 440 (applying Rule 12(b)(6) pleading standard to counterclaim); Asilonu v. Asilonu, 550 F. Supp. 3d 282, 297 (M.D.N.C. 2021) (same). DISCUSSION A. Negligence The Amended Counterclaim’s first count alleges that “Universal owed a duty of ordinary care to Coim to ensure, among other things, that its email network was secure and could not easily be infiltrated by cyberattacks” (Docket Entry 14 at 11), and that Universal breached that duty by “failing to warm Coim about [the June 2021 cyberattacks on its network] after Universal and Coim began transacting” (id.) and by “failing to take the appropriate
remedial measures to prevent cyber attackers from using Universal’s e-mail server to pose as Universal employees and deliver fraudulent banking information to Universal’s customers” (id.). 1. Economic Loss Rule As an initial matter, Universal argues that the economic loss rule bars Coim’s negligence claim. (See Docket Entry 18 at 5.) “The economic loss rule, as it has developed in North Carolina, generally bars recovery in tort for damages arising out of a breach of contract[.]” Rountree v. Chowan Cnty., 252 N.C. App. 155, 159, 796 S.E. 2d 827, 830 (2017). This rule rests on the principle that 6 “[Ta] ‘tort action must be grounded on a violation of a duty imposed by operation of law,’ not a violation of a duty arising purely from ‘the contractual relationship of the parties.’” Legacy Data Access, Inc. v. Cadrillion, LLC, 889 F.3d 158, 164 (4th Cir. 2018) (quoting Rountree, 252 N.C. App. at 160, 796 S.E. 2d at 831). Thus, under North Carolina law, [a] tort action does not lie against a party to a contract who simply fails to properly perform the terms of the contract, even if that failure to perform was due to the negligent or intentional conduct of that party, when the injury resulting from the breach is damage to the subject matter of the contract. It is the law of contract and not the law of negligence which defines the obligations and remedies of the parties in such a situation. Lord v. Customized Consulting Specialty, Inc., 182 N.C. App. 635, 639, 643 S.E. 2d 28, 30-31 (2007) (alteration and quotation marks omitted). “Accordingly, ‘North Carolina law requires’ courts ‘to limit plaintiffs’ tort claims to only those claims which are identifiable and distinct from the primary breach of contract claim.’” Legacy Data, 889 F.3d at 164 (quoting Broussard v. Meineke Disc. Muffler Shops, Inc., 155 F.3d 331, 346 (4th Cir. 1998) (quotation marks omitted)). To meet this standard, Coim must show “[a] mismatch between the terms of the [relevant] contract and the alleged tort,” Bailey v. Certain Interested Underwriters at Lloyd’s London, 701 F. Supp. 3d 296, 311 (E.D.N.C. 2023), aff’d, No. 23-1642, 2024 WL 2795187 (4th Cir. May 31, 2024); see also Cummings v. Carroll, 379
N.C. 347, 359, 866 S.E.2d 675, 685 (2021) (holding that economic loss rule did not bar negligence claim where “none of the[] allegations rel[ied] upon the relevant contractual provisions”). The Supreme Court of North Carolina has offered the following illustration: take the contract of a carpenter to repair a house, the implication of his contract is that he will bring to the service reasonable skill, good faith, and diligence. If he fails to do the work, or leaves the house incomplete, the only remedy against him is ex contractu; but suppose he, by want of care or skill, destroys or wastes material, or makes the repairs so unskillfully as to damage other portions of the house; this is tort, for which the contract only furnished the occasion. Peele v. Hartsell, 258 N.C. 680, 684, 129 S.E. 2d 97, 99 (1963). Universal contends that, because “the basic purpose of the contract[ was] to exchange goods for payment” (Docket Entry 18 at 6), “Universal’s alleged duty to warn of the cyber threat or secure its email system arises not from an independent legal obligation, but as an incidental duty tied to the contractual performance - ensuring that payment terms could be fulfilled and accepted” (id.). Coim responds that “the subject-matter of the contracts Coim has alleged between Universal and Coim were the chemicals that Coim agreed to purchase from Universal” (Docket Entry 20 at 8), and that “Coim does not allege that Universal failed to deliver the contracted-for chemicals” (id.). Rather, Coim contends, its negligence claim arises from “Universal’s negligent failure to ensure that Coim could safely and securely deliver payment by, 8 among other things, ensuring that a hacker could no longer use Universal’s e-mail system to defraud its customers[, which] is entirely unrelated to Universal’s delivery of the chemicals or the performance or non-performance of those chemicals.” (Id.) Coim compares its claim to a claim brought in a neighboring court in which the “[p]laintiff allege[d] that he informed [the defendant bank] that he wanted to pay off one of the loans he held with them [pursuant to their loan agreement] and undertook the steps necessary to do so,” Hetzel v. JPMorgan Chase Bank, N.A., No. 4:13CV236, 2017 WL 603286, at *5 (E.D.N.C. Feb. 14, 2017), but, “[w]hile handling his funds, [the bank] allegedly misapplied them” id. (See Docket Entry 20 at 9.) On a summary judgment ruling, the district court in Hetzel held that the misapplication of loan funds “[wa]s not a failure of adhering to the terms of the loan contract as much as it [wa]s a failure to exercise due care when handling plaintiff’s funds and thereby acting negligently in their handling and application.” Hetzel, 2017 WL 603286, at *5. Coim argues that its negligence claim similarly “does not arise from Universal’s failure to comply with its contract” (Docket Entry 20 at 9), but
instead “arises from Universal’s failure to exercise due care when undertaking actions outside of the subject-matter of the contract” (id.). Universal attempts to distinguish Hetzel, noting that the case involved a mortgagor-mortgagee relationship, which gave rise to an independent fiduciary duty. (See Docket Entry 21 at 3-4 9 (citing Carroll v. Roundtree, 36 N.C. App. 156, 158, 243 S.E. 2d 821, 822 (1978) for proposition that mortgagor-mortgagee is “known and definite” fiduciary relationship).) However, in holding that the defendant bank owed the plaintiff a “general duty of care,” the Hetzel court made no mention of the parties’ special relationship, instead labeling the alleged wrong as “a simple negligence claim.” See Hetzel, 2017 WL 603286, at *5. Further, North Carolina law does not mandate that only certain legal duties satisfy the requirement for a legal duty independent of any contractual duty to sustain a negligence claim. See, e.g., Cummings, 379 N.C. at 359, 866 S.E.2d at 685 (holding simple negligence claim not barred by economic loss rule where “none of the[] allegations rel[ied] upon the relevant contractual provisions”). Here, Coim alleges that Universal owed Coim an independent common-law duty of care based in part on Universal’s knowledge of compromise to its email network. (See Docket Entry 14 at 11.) As in Hetzel, Universal’s alleged negligent actions involved “not a failure of adhering to the terms of the [relevant] contract [for the sale of goods] as much as [they concerned] a failure to
exercise due care,” Hetzel, 2017 WL 603286, at *5, when communicating (or failing to communicate) with Coim regarding known email security issues related to processing payments. Although Coim would not have reason to pay Universal absent their contract, as discussed below, Coim alleges no relevant contractual term that 10 would create a duty for Universal to ensure a secure payment method or otherwise warn Coim about a known cybersecurity breach. This absence does not, as Universal suggests, “reflect[] the parties’ agreement - or lack thereof - regarding th[e risk of economic losses stemming from a cyberattack]” (Docket Entry 18 at 8). Rather, the contract “only furnished the occasion,” Peele, 258 N.C. at 684, 129 S.E. 2d at 99, for the alleged negligent failure to warn Coim about a known cybersecurity threat, which caused Coim to lose money beyond what Universal claims it still owes to fulfill its own contractual duties to Universal. Accordingly, the economic loss rule should not bar Coim’s negligence claim. 2. Duty of Care Moving now to the substance of Coim’s negligence claim, “[t]o state a common law negligence claim, [Coim] must show (1) a legal duty; (2) a breach thereof; and (3) injury proximately caused by the breach.” Bridges v. Parrish, 366 N.C. 539, 541, 742 S.E.2d 794, 796 (2013) (internal quotation marks omitted). Universal’s
opening memorandum lacks any contention that Coim failed to plausibly allege any of those elements. (See Docket Entry 18.) Only in its reply brief does Universal argue that Coim failed to show that Universal possessed an independent common-law duty to exercise reasonable care to protect Coim from harm caused by known third-party criminal conduct. (See Docket Entry 21 at 6-7.) “[T]he ordinary rule in federal courts [] is that an argument 11 raised for the first time in a reply brief or memorandum will not be considered.” Whitworth v. Nationwide Mut. Ins. Co., No. 1:17CV1124, 2018 WL 4494885, at *9-10 (M.D.N.C. Sept. 19, 2018), recommendation adopted, 2018 WL 6573472 (M.D.N.C. Oct. 19, 2018). Accordingly, the Court should not consider Universal’s newly-raised negligence argument in resolving the instant Motion. As a final matter, Universal argues, without citing any case law or statutory authority, that “Coim’s negligence claim should be dismissed because the appropriate cause of action is a fraud claim against the hacker.” (Docket Entry 18 at 8 (emphasis and capitalization omitted).) Specifically, Universal asserts (A) that, inter alia, “[t]he Hacker is the true cause of Coim’s losses” (Docket Entry 18 at 9), (B) that, “if Coim were permitted to recover against Universal for negligence while also retaining its ability to pursue claims against the Hacker, it would result in impermissible double recovery” (id.), and (C) that, should the Court permit the instant negligence claim, “parties like Coim would be incentivized to pursue unwarranted claims instead of addressing the true sources and bad actors for their loss” (id. at 10). This
Court’s Local Rules provide that a party’s argument as presented in their brief “shall refer to all statutes, rules and authorities relied upon.” M.D.N.C. L.R. 7.2(a)(4). As Universal failed to reference any authority for this final argument, the Court should deny the instant Motion as to Count One. See, e.g., Hill v. 12 Carvana, LLC, No. 1:22CV37, 2022 WL 1625020, at *5 (M.D.N.C. May 23, 2022) (noting that “[c]onclusory assertions[ and] opinions . . . are not helpful” to the Court); Fairchild v. Kubota Tractor Corp., No. 1:18CV69, 2018 WL 4038126, at *6 (W.D.N.C. Aug. 23, 2018) (denying motion to dismiss where defendant “fail[ed] to cite any case law or statutory authority to support its argument”). B. Breach of Contract and Breach of Implied Covenant of Good Faith and Fair Dealing Turning now to Coim’s breach of contract claim, Coim alleges that “[i]mplied in any sales contract is the duty of the seller to provide the necessary information and instructions to facilitate payment for the sale of goods” (Docket Entry 14 at 12), that “[e]nsuring secure and reliable means for payment is a necessary part of the seller’s performance under a sales contract” (id.), and therefore, “[a]s a result of its contractual relationship with Coim, Universal had an implied duty to facilitate payment for the sale of certain raw materials and to ensure the payment terms could be securely fulfilled and accepted by Coim” (id. at 13). Coim further alleges that Universal breached that implied duty by “fail[ing] to secure its email network, to facilitate Coim’s payment to Universal, or to otherwise ensure a secure and reliable means for payment for Coim to use to pay Universal.” (Id.) To begin, “[u]nder North Carolina law, a claim for breach of contract requires a plaintiff to allege ‘the existence of a contract between [the] plaintiff and [the] defendant, the specific 13 provisions breached, the facts constituting the breach, and the amount of damages resulting to [the] plaintiff from such breach.’” Dillon v. Leazer Grp., Inc., 374 F. Supp. 3d 547, 555 (E.D.N.C. 2019) (brackets omitted) (quoting Cantrell v. Woodhill Enters., Inc., 273 N.C. 490, 497, 160 S.E.2d 476 (1968)). Universal disputes neither the existence of a valid contract nor of damages suffered by Coim from wiring money to the alleged third-party hacker. (See Docket Entry 18 at 10-14.) Instead, Universal argues that the Court should dismiss the claim because “Coim’s Amended Counterclaim fails to identify any particular provision of the contract that Universal allegedly breached” (id. at 11). Coim counters that its “Amended Counterclaim sufficiently pleads that Universal has breached several implied obligations of its contract with Coim.” (Docket Entry 20 at 12; see also Docket Entry 14 at 13 (alleging that Universal “breache[d] the implied duties [it] owed to Coim under their contracts”).) To that end, “[i]n every contract there is an implied covenant of good faith and fair dealing that neither party will do anything which injures the right of the other to receive the benefits of the
agreement.” Bicycle Transit Auth., Inc. v. Bell, 314 N.C. 219, 228, 333 S.E.2d 299, 305 (1985) (internal quotation marks omitted). Universal contends that Coim cannot bring a claim for breach of an implied contractual term absent a claim for breach of an express contractual term. (See Docket Entry 18 at 10-11.) In relevant 14 part, Universal contends that “‘where a party’s claim for breach of the implied covenant of good faith and fair dealing is based upon the same acts as its claim for breach of contract, [North Carolina courts] treat the former claim as part and parcel of the latter.’” (Id. at 10 (quoting Cordaro v. Harrington Bank, FSB, 260 N.C. App. 26, 38-39, 817 S.E. 2d 247, 256 (2018) (internal quotation marks omitted)).) Therefore, Universal argues, “if a court rejects a breach of contract claim, it likewise must reject any claim for breach of an implied covenant of good faith and fair dealing contained in the same contract.” (Id. at 11 (citing Suntrust Bank v. Bryant/Sutphin Props., LLC, 222 N.C. App. 821, 833, 732 S.E. 2d 594, 603 (2012)).) Although “there is North Carolina law that suggests [Universal’s] conclusion,” Nadendla v. WakeMed, 24 F.4th 299, 307 (4th Cir. 2022) (citing Cordaro, 260 N.C. App. at 38-39, 817 S.E. 2d at 256), as Coim notes in response, “a claim for a breach of the implied covenant of good faith and fair dealing is separate from a claim for breach of contract,” id. at 308 (citing Richardson v. Bank of Am., N.A., 182 N.C. App. 531, 556, 643 S.E. 2d 410, 426 (2007), and Governors Club, Inc. v. Governors Club Ltd. P’ship, 152 N.C. App. 240, 251, 567 S.E. 2d 781, 788-89 (2002)). Thus, “it is not subsumed into the latter when the express terms of the contract do not preclude the implied terms which the plaintiff claims were breached.” Id. Accordingly, Coim may assert a claim for breach of
the implied covenant of good faith and fair dealing. See id.; see also Beatty v. PruittHealth, Inc., No. 1:21CV818, 2022 WL 3681918, at *9 (M.D.N.C. Aug. 25, 2022) (stating that the plaintiff could assert claims for both breach of contract and breach of implied duty of good faith and fair dealing). Universal, in reply, does not contest this interpretation of North Carolina law, but argues instead that the Court should dismiss Coim’s claim for breach of an implied contractual duty because “[n]o recognized implied contractual duty requires a party to guarantee protection against all third-party cyber threats” (Docket Entry 21 at 8) and “[t]he harm Coim suffered was not caused by Universal but by the fraudulent actions of an unauthorized third party” (id. (emphasis omitted)). Coim appears to argue that, because no express contractual provision precludes its good faith and fair dealing claim, this claim should move forward. (See Docket Entry 20 at 14-15.) Although “the implied covenant can never produce a result contrary to, or inconsistent with, the express language used in the agreement,” Sutherland v. Domer, No. 1:17CV769, 2018 WL 4398259, at *5 (M.D.N.C. Sept. 14, 2018) (citing
Lane v. Scarborough, 284 N.C. 407, 200 S.E.2d 622, 624-25 (1975)), to state a claim for breach of the covenant of good faith and fair dealing, Coim must plausibly allege that Universal “took action ‘which injured [Coim’s] right . . . to receive the benefits of the agreement,’ thus ‘depriving [Coim] of the fruits of the bargain.’” 16 Conleys Creek Ltd. P’ship v. Smoky Mountain Country Club Prop. Owners Ass’n, Inc., 255 N.C. App. 236, 253, 805 S.E. 2d 147, 158 (2017) (brackets omitted) (quoting Bicycle Transit, 314 N.C. at 228-29, 333 S.E. 2d at 305). The implied covenant “requires a contracting party ‘to make reasonable efforts to perform [its] obligations under the agreement,’” Village at Motts Landing Homeowners’ Ass’n v. Aftew Props., LLC, No. 22 CVS 1693, 2023 WL 5211061, at *5 (N.C. Super. Aug. 14, 2023) (quoting Weyerhaeuser Co. v. Godwin Bldg. Supply Co., 40 N.C. App. 743, 746, 253 S.E. 2d 625, 627 (1979)), and a breach “only arises where a party to a contract performs its contractual obligations in bad faith,” Lemon v. Myers Bigel, P.A., No. 5:18-CV-200, 2019 WL 1117911, at *22 (E.D.N.C. Mar. 11, 2019), aff’d, 985 F.3d 392 (4th Cir. 2021). Regarding the substance of Coim’s allegations as to breach of the implied covenant of good faith and fair dealing, beyond noting the parties’ general agreement “whereby Universal agreed to sell [] raw ingredients to Coim in exchange for Coim agreeing to pay Universal the agreed-upon purchase prices” (Docket Entry 20 at 12 (quoting Docket Entry 14 at 12)), Coim cites no legal authority or
factual support for the proposition that such an agreement includes an implied obligation to “facilitate payment for the sale of [the] raw materials and to ensure the payment terms could be securely fulfilled and accepted” (Docket Entry 14 at 13). Nor does Coim allege that Universal “perform[ed] its contractual obligations in 17 bad faith,” Lemon, 2019 WL 1117911, at *22. Instead, Coim argues that “Universal’s positions with respect to Coim’s breach of contract and negligence counterclaims directly contradict each other” (Docket Entry 20 at 17), and thus the Court should conclude that “Universal admit[ted] that it had [the implied duties Coim alleged]” (id. at 19) because North Carolina’s “mend-the-hold doctrine precludes [Universal] from asserting [such] inconsistent litigation positions” (id.). The mend-the-hold doctrine “precludes the assertion of inconsistent litigation positions, usually concerning the meaning of a contract, within the context of a single lawsuit.” Whitacre P’ship v. Biosignia, Inc., 358 N.C. 1, 24, 591 S.E. 2d 870, 886 (2004). Put differently, “‘[w]here a party gives a reason for his conduct and decision touching any thing involved in a controversy, he cannot, after litigation has begun, change his ground, and put his conduct upon another and a different consideration. He is not permitted thus to mend his hold.’” McAden v. Craig, 222 N.C. 497, 499, 24 S.E. 2d 1, 3 (1943) (quoting Ohio & Miss. Ry. Co. v. McCarthy, 96 U.S. 258, 267-68 (1877)). North Carolina courts
generally apply the doctrine in situations where “a party change[d] his position with respect to a material matter in the course of litigation.” Whitacre, 358 N.C. at 25-26, 591 S.E. 2d at 886-87 (internal quotation marks omitted) (collecting cases).
18 Coim asserts that Universal contradicted itself by arguing “that its contract with Coim lacked any implied duty to ensure that Coim safely and reliably remit payment to Universal” (Docket Entry 20 at 17-18 (citing Docket Entry 18 at 12)) while also maintaining, in opposition to Coim’s negligence claim, that: (1) “‘[i]mplicit in any sales contract is the expectation that the seller will provide necessary information and instructions to facilitate payment for goods’” (id. at 18 (quoting Docket Entry 18 at 6)); (2) “‘Universal[ bore an] alleged duty to warn of the cyber threat or secure its email system arises . . . as an incidental duty tied to the contractual performance - ensuring that payment terms could be fulfilled and accepted’” (id. (ellipsis in original) (quoting Docket Entry 18 at 6)); and (3) “[e]nsuring secure and reliable means for payment is a necessary part of the seller’s performance” (id. (quoting Docket Entry 18 at 7)). Taking those statements in context, Universal essentially argues that no duty exists in tort or in contract to provide a secure payment method, but - if such a duty does exist - it arises from the parties’ contractual relationship. (See Docket Entry 18 at 6-8.) Such an argument does
not constitute a reversal in position; rather, just as the Federal Rules of Civil Procedure permit Coim to allege alternative theories of relief, see Fed. R. Civ. P. 8(d), Universal may rebut those theories without the Court construing its reference to any “alleged duties” as an admission that such duties exist. Accordingly, the 19 mend-the-hold doctrine does not preclude Universal’s argument that no contractual duty to secure its email network existed. As the Court should not apply the mend-the-hold doctrine to conclude that Universal admitted it possessed an implied contractual duty to facilitate secure payment, and Coim fails to provide any other basis upon which the Court could conclude that Universal “took action which injure[d Coim’s] right . . . to receive the benefits of the agreement, thus depriv[ing Coim] of the fruits of [the] bargain,” Conleys Creek, 255 N.C. App. at 253, 805 S.E. 2d at 158 (internal brackets and quotation marks omitted), the Court should grant the instant Motion as to Count Two.1 CONCLUSION The economic loss rule does not bar Coim’s negligence claim and Universal has not properly developed any other basis for dismissal of that claim. Conversely, the Court should not apply the mend-the-hold doctrine to construe Universal’s legal arguments as an admission that it possessed an implied contractual duty to
1 Universal additionally argues that, to the extent an implied duty to ensure a safe and reliable means of payment does exist, Universal adhered to that duty by providing an invoice that “explicitly instructed Coim to remit payment by physically mailing a check along with a copy of the invoice to a designated physical address, which was a secure method of payment.” (Docket Entry 21 at 8.) Coim objects to the Court’s consideration of the invoices as evidence of any binding contractual terms between the parties, but does not contest their authenticity or that its counterclaim explicitly references both documents. (See Docket Entry 20 at 15-16.) Because this claim fails as a matter of law without considering the invoices, the Court need not address this aspect of the parties’ dispute. 20 ensure a secure payment method. Absent plausible allegations that any such implied contractual duty existed, Coim’s breach of contract and breach of implied covenant of good faith and fair dealing claim fails as a matter of law. IT IS THEREFORE RECOMMENDED that the instant Motion (Docket Entry 17) be granted in part and denied in part as follows: the Motion should be denied as to Count One and granted as to Count Two. This 4th day of September, 2025. /s/ L. Patrick Auld L. Patrick Auld United States Magistrate Judge