Header graphic for print
Trading Secrets A Law Blog on Trade Secrets, Non-Competes, and Computer Fraud

Plaintiffs Retain Home Field Advantage in Email Hacking Action But Nebraska Federal Court Dismisses Computer Fraud and Abuse Act Claim

Posted in Computer Fraud, Computer Fraud and Abuse Act, Data Theft, Espionage

By Marcus Mintz

Corporate espionage in the sports industry? The owners of the Indoor Football League’s Omaha Beef recently asserted serious allegations against rival team, the Allen Wranglers, the League commissioner, and the Beef’s former coach, now coaching for the Wranglers.

In Gridiron Management Group LLC v. Allen Wranglers, No. 8:12-cv-3128, 2012 WL 5187839 (D. Neb. Oct. 18, 2012), Plaintiffs asserted that the Beef’s former coach, Defendant Patrick Pimmel, at the commissioner’s direction, hacked the Yahoo! email accounts of one of the Beef’s owners and its day-to-day manager, Plaintiff Jeffrey Sprowls. Plaintiffs filed their lawsuit in Nebraska federal court, asserting claims for violation of the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, the Stored Communications Act 18 U.S.C. §2701,  as well as for violations of Nebraska statutes and business tort claims.

Plaintiffs allege that sometime in 2011, Pimmel, at the commissioner’s direction, began using unauthorized means to gain access into the Plaintiff’s electronic accounts. They allege that this allowed Pimmel to gain unauthorized access to Plaintiff’s electronic accounts on more than one hundred separate occasions. After gaining access to Sprowls’s accounts, Pimmel allegedly viewed private electronic communications and disseminated them to the commissioner. Plaintiffs claim that the commissioner did not warn or inform Plaintiffs that those accounts had been accessed.

Texas-based Pimmel moved to dismiss the action for lack of personal jurisdiction, for improper venue, alternatively, to transfer venue, and to dismiss the CFAA count. Pimmel contended that since becoming the Wranglers’ head coach, he has not resided in or conducted business in Nebraska and has maintained little or no physical contract with the state. The court was not persuaded by Pimmel’s arguments that the action did not belong in Nebraska. It expressly found that because Pimmel was alleged to have hacked into email accounts maintained by Nebraska residents on computers located in Nebraska, he could have reasonably expected that “the brunt of the injury resulting from his actions would be felt in Nebraska” and that personal jurisdiction existed over Pimmel because he should reasonably have anticipated being haled into court in Nebraska after hacking into computers located there over 100 times. Similarly, the court held that although “[n]othing indicates that any of the Defendants were ever physically present in Nebraska,” Pimmel was alleged to have reached across state boundaries by hacking into Plaintiffs’ Nebraska-based computers. Accordingly, after taking all uncontroverted allegations in the complaint as true, the court found that venue was also appropriate in Nebraska and denied Pimmel’s motion to dismiss for improper venue and refused to transfer venue to Texas. In sum, the physical presence of Plaintiffs’ computers trumped Pimmel’s lack of physical connection with Nebraska.

Pimmel’s sole victory was obtaining dismissal, albeit without prejudice, of Plaintiffs’ claim for violation of the CFAA. The court found that although Plaintiffs pled sufficient facts to establish unauthorized access to a protected computer, Plaintiffs failed to allege facts demonstrating any damages as a result of Pimmel’s access. The court noted that, for purposes of the CFAA, “damage” does not “encompass harm from the mere disclosure of information and is not intended to expansively apply to all cases where a trade secret has been misappropriated by use of a computer.” Finding Plaintiffs’ allegations insufficient, the court dismissed the CFAA count, although without prejudice, permitting Plaintiffs another opportunity to establish damages for sustaining a claim under the CFAA.