Searching over 5,500,000 cases.


searching
Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

Hains v. Adams

United States District Court, E.D. Virginia, Richmond Division

November 12, 2019

MAUREEN HAINS, Plaintiff,
v.
DAWN M. ADAMS, Defendant.

          MEMORANDUM OPINION

          DAVID J. NOVAK UNITED STATES DISTRICT JUDGE

         Plaintiff Maureen Hains ("Plaintiff) brings this action against Defendant Dawn M. Adams ("Defendant"), alleging that Defendant violated federal and state law by accessing Plaintiffs personal e-mails, documents and accounts without authorization. Plaintiff further alleges that Defendant unjustly enriched herself by requiring Plaintiff to perform duties outside of her job description without compensation. This matter comes before the Court on Defendant's Motion to Dismiss or, in the Alternative with Respect to Count VI, For a More Definite Statement (ECF No. 9) ("Defendant's Motion"), moving for partial or complete dismissal of the counts in Plaintiffs Complaint for failure to state a claim pursuant to Federal Rule of Civil Procedure 12(b)(6) or, in the alternative, for a more definite statement in support of Plaintiffs unjust enrichment claim pursuant to Rule 12(e). For the reasons set forth below, the Court DENIES Defendant's Motion (ECF No. 9).[1]

         I. BACKGROUND

         In deciding a motion to dismiss pursuant to Rule 12(b)(6), the Court must accept Plaintiffs well-pleaded factual allegations as true, though the Court need not accept Plaintiffs legal conclusions. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009). Based on this standard, the Court accepts the following facts.

         A. Underlying Relationship

         Defendant has served as Delegate for the Sixty-Eighth House of Delegates District since her election in November 2017. (Compl. (ECF No. 1) ¶ 8.) Defendant first hired Plaintiff as the manager and communications director for her 2017 campaign. (Compl. ¶ 9.) Once elected, Defendant hired Plaintiff as her legislative assistant. (Compl. ¶ 10.)

         In June 2018, Defendant started Integrated Health Consulting, LLC ("IHC"), serving as its owner and chief executive officer. (Compl. ¶ 8.) In this capacity, from July 2018 until December 2018, Defendant reviewed patient charts at rehabilitation facilities operated by Laurel Health Care Company ("Laurel") and classified and coded the diagnoses, symptoms and procedures described in the charts according to the International Classification of Diseases, Tenth Revision ("ICD-10"). (Compl. ¶¶ 12-14.) Plaintiff assisted Defendant with her coding work and with obtaining medical liability and workers' compensation insurance for IHC. (Compl. ¶ 14.) As part of this work, Plaintiff corresponded with Defendant using her personal e-mail account and created files using the Google Drive features connected to that account. (Compl. ¶¶ 15-17.) Plaintiff sent e-mails to Defendant's IHC and personal e-mail addresses. (Compl. ¶ 16.) By the end of 2018, Plaintiff worked as Defendant's paid legislative assistant, unpaid medical ICD-10 coder and unpaid campaign manager and communications director. (Compl. ¶ 18.)

         B. Alleged Hacking of Plaintiffs Accounts

         In April 2019, Plaintiff experienced health issues that required her hospitalization from April 22, 2019 until April 29, 2019, during which time Plaintiff had no access to her computer or cell phone. (Compl. ¶ 19.) Before her hospitalization, Plaintiff also deleted the Facebook and Facebook Messenger applications on her cell phone. (Compl. ¶ 19.) On April 22, 2019, Defendant learned of Plaintiff s hospitalization and asked Plaintiff to inform her by May 1, 2019 if she would continue to work for Defendant or either apply for short-term disability insurance or quit her jobs. (Compl. ¶ 20.)

         On April 26, 2019, Defendant requested Plaintiffs Facebook authorization code from Plaintiffs girlfriend, representing to Plaintiffs girlfriend that she needed to remove Plaintiff as an administrator on the "Delegate Adams" Facebook page. (Compl. ¶ 21.) However, Defendant did not need Plaintiffs Facebook login credentials to remove Defendant as an administrator. (Compl. ¶ 22.) After returning home on April 29, 2019, Plaintiff logged in to her personal e-mail account and noticed an e-mail from Facebook dated April 26, 2019 at 10:27 a.m., with the subject line "Login alert for Safari on Mac OS X." (Compl. ¶ 24.) The e-mail described a login on April 26, 2019 at 10:27 a.m. from "Near Richmond, VA, United States" using "Safari on Mac OS X," and listed the internet-protocol ("IP") address for the device as 71.62.244.252.[2] (Compl. ¶¶ 24, 28.) Neither Plaintiff nor anyone with her Facebook login credentials owns or uses a device running on the Mac OS X operating system, but at the time of the login, Defendant owned an Apple MacBook. (Compl. ¶¶ 25-26.)

         After logging in to her Facebook account, Defendant reviewed more information on the unusual login described in the alert e-mail. (Compl. ¶ 28.) The information provided by Facebook showed that the suspicious device logged out of Plaintiff s Facebook account at 10:39 a.m. on April 26, 2019. (Compl. ¶ 29.) Plaintiff became concerned, because she used the same login credentials for Facebook as her other accounts, including her personal e-mail, Google Drive and Wells Fargo online banking accounts. (Compl. ¶ 30.) Plaintiff also used the same login credentials to create Defendant's website through the website host Wix.com. (Compl. ¶ 31.) Defendant had access to Plaintiffs login credentials for Wix.com. (Compl. ¶ 31.)

         While checking her personal e-mail on April 29, 2019, Plaintiff also noticed an e-mail from Google dated April 22, 2019 at 3:02 p.m. with the subject line "Security alert." (Compl. ¶ 32.) The e-mail advised that a Mac device had logged in to Plaintiffs Google account. (Compl. ¶ 32.) After reviewing the information collected by Google regarding the suspicious login, Plaintiff noticed that the login occurred at 3:02 p.m. on April 22, 2019, from a Mac device with the IP address 71.62.244.252, which matched the address of the device that had logged in to Plaintiffs Facebook account. (Compl. ¶¶ 33-35.) Subsequently, Plaintiff changed the passwords for her online accounts. (Compl. ¶ 36.)

         Suspecting that Defendant was the source of the suspicious logins, Plaintiff checked the source code for e-mails sent from Defendant's personal e-mail address and discovered that those e-mails originated from a device with the same IP address as the device used to log in to Plaintiffs Facebook and Google accounts. (Compl. ¶¶ 38-39.) Upon further investigation, Plaintiff also discovered that nearly all of the e-mails in her Google account regarding her ICD- 10 coding work had been deleted, including the folder she had created for IHC-related e-mails. (Compl. ¶ 41.) In total, Plaintiffs review of the past activity on her Google account revealed the following: (1) a search for Defendant's personal e-mail address at 3:02 p.m. on April 22, 2019; (2) a search for "got print" at 3:03 p.m. on April 22, 2019; (3) a visit to "Sign in to the Admin console - G Suite Admin Help" at 1:57 p.m. on April 23, 2019; (4) a search for "ihc" at 5:21 p.m. on April 25, 2019; (5) the movement of thirty-one items to the trash folder in Plaintiffs Google Drive account, including billing sheets for Defendant and IHC's work for Laurel, at 5:20 p.m. on April 25, 2019; (6) the deletion of the e-mail folder named "Integrated Health Care" at 5:29 p.m. on April 25, 2019; (7) the movement of two additional documents to the trash folder in Plaintiffs Google Drive account, including a spreadsheet named "Campaign donor mail 5.xlt" and a logo that Plaintiff had created in 2015 and that did not relate to her work for Defendant, at 4:12 p.m. on April 26, 2019; and, (8) the permanent deletion of the items in Plaintiffs Google Drive trash folder. (Compl. ¶ 42.)

         After discovering the above information, Plaintiff began consulting with an attorney regarding a possible separation of her employment with Defendant. (Compl. ¶ 44.) Plaintiff used her Google e-mail address to correspond with the attorney, believing that by changing her password she had secured the account. (Compl. ¶ 44.) On May 3, 2019, Plaintiff received an e-mail with the subject line "Your Wells Fargo Online access has been suspended." (Compl. ¶ 45.) The e-mail advised Plaintiff that her Wells Fargo access had been suspended due to "a possible unauthorized attempt to sign on to [Plaintiffs] account." (Compl. ¶ 45 (internal quotations omitted).)

         Soon thereafter, on May 6, 2019, Plaintiff checked her Google e-mail account settings and noticed that someone had designated Defendant's campaign e-mail address to receive automatic forwards of any e-mails sent to Plaintiffs Google account. (Compl. ¶ 48.) The campaign address awaited verification to enable the forwarding. (Compl. ¶ 48.) Plaintiffs e-mail settings also designated Plaintiffs work e-mail address to receive automatic forwards. (Compl. ¶ 49.) During Plaintiffs hospital stay, Defendant had removed Plaintiffs authorization for her work e-mail address, preventing Plaintiff from viewing the e-mails that were automatically forwarded to that account. (Compl. ¶ 50.)

         C. Plaintiffs Complaint

         Based on the above allegations, on July 11, 2019, Plaintiff filed a Complaint setting forth six counts for relief. (Compl. ¶¶ 56-106.) In Count I, Plaintiff seeks relief pursuant to the Stored Communications Act ("SCA") - specifically, 18 U.S.C. §§ 2701(a) and 2707 - alleging that Defendant knowingly, intentionally and without authorization accessed electronically stored e-mails, including delivered and opened e-mails, in Plaintiffs personal e-mail account. (Compl. ¶¶ 56-60.) Plaintiff further alleges that Defendant altered her e-mails by deleting nearly all of the e-mails relating to Plaintiffs work for IHC, thereby preventing Plaintiff from accessing those e-mails in the future. (Compl. ¶ 60.)

         In Count II, Plaintiff seeks relief under the Computer Fraud and Abuse Act ("CFAA") - namely, 18 U.S.C. §§ 1030(a)(2)(C), 1030(a)(5)(B)-(C) and 1030(g) - alleging that Defendant intentionally accessed or attempted to access the computer data associated with Plaintiffs Facebook, Google and Wells Fargo accounts without authorization. (Compl. ¶¶ 65-69.) Plaintiff alleges that this unauthorized access and attempted access caused her to sustain a "loss" as defined by the CFAA, because the unauthorized access resulted in at least $5, 000 in aggregated losses during a one-year period and actual or potential modification or impairment of her medical conditions, treatment and care, including the need for counseling and therapy. (Compl. ¶¶ 73-74.)

         In Count III, Plaintiff alleges that Defendant's conduct violated the Virginia Computer Crimes Act ("VCCA"). (Compl. ¶¶ 76-85.) Specifically, Plaintiff alleges that Defendant violated Virginia Code § 18.2-152.3 by: using Plaintiffs password without authorization to access Plaintiffs Google accounts under false pretenses; obtaining Plaintiffs property, including her e-mails and files; and, deleting some of Plaintiff s e-mails and files. (Compl. ¶¶ 79-82.) From this violation, Plaintiff seeks damages pursuant to Virginia Code § 18.2-152.12(A). (Compl. ¶ 77.) Relatedly, in Count IV, Plaintiff seeks relief under § 18.2-152.4 of the VCCA, which prohibits the removal, copying or disablement of data from a computer or computer network. (Compl. ¶¶ 86-90.) And, in Count V, Plaintiff alleges that Defendant violated § 18.2-152.5 of the VCCA by using a computer to intentionally examine Plaintiffs financial, employment and identifying information without authorization. (Compl. ¶¶ 91-95.)

         Finally, in Count VI, Plaintiff raises a claim for unjust enrichment under Virginia common law, alleging that she provided benefits to Defendant by: (1) performing unpaid or underpaid work for IHC and Defendant's campaigns; (2) paying to store yard signs from Defendant's campaign for delegate for over a year without reimbursement; (3) paying for materials and supplies for Defendant's campaign without reimbursement; and, (4) performing personal tasks for Defendant. (Compl. ¶¶ 98-102.) Plaintiff asserts that she had a reasonable expectation of payment for these services and materials, all of which she claims exceeded the scope of her duties as Defendant's legislative assistant and campaign manager. (Compl. ¶ 103.) Plaintiff further asserts that Defendant knew or had reason to know of the benefits that Plaintiff provided and Plaintiffs expectation of payment, adding that it would be inequitable to allow Defendant to retain those benefits without payment. (Compl. ¶¶ 104-05.)

         Based on the above counts, Plaintiff seeks a declaratory judgment that Defendant's conduct violated the SCA, compensatory and punitive damages, attorneys' fees and costs, and pre- and post-judgment interest. (Compl. at 19.)

         D. Defendant's Motion to Dismiss

         On August 30, 2019, Defendant filed her Motion to Dismiss, moving for partial or complete dismissal of the counts in Plaintiffs Complaint for failure to state a claim pursuant to Federal Rule of Civil Procedure 12(b)(6) or, in the alternative, for a more definite statement in support of Plaintiff s unjust enrichment claim pursuant to Rule 12(e). (Mot. to Dismiss (ECF No. 9) at 1.) Specifically, in response to Count I, Defendant argues that Plaintiff fails to allege sufficient facts to state a plausible claim as to Defendant's attempted access to Plaintiffs Wells Fargo account. (Br. in Supp. of Mot. to Dismiss ("Def.'s Mem.") (ECF No. 10) at 5.) Defendant contends that a failed attempt to access an online account ...


Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.