Major news outlets this week reported that merchants filed a lawsuit against Groupon (NSDQ: GRPN) for tampering with electronic contracts. The accusations are so serious that they could spell major trouble for Groupon — or for the people who are suing it.
The case turns on the contracts that Groupon signs with merchants who offer daily deals to customers. One merchant, a home renovations contractor, is accusing Groupon of adding new terms to the contract about when a businesses must redeem expired offers. The contractor, named BidMyCrib, signed the agreement in October by replying to an email and adding the word “Agree.”
What is remarkable about the accusation is not that Groupon changed the contract (companies sue over these things all the time) but the way that it changed it. Specifically, the complaint states the daily deal giant “intentionally accessed and altered” email accounts in order to fiddle with the digital version of the contract.
As proof, BidMyCrib’s owner claims to possess a print-out of the original email contract that is different from the one that now appears when he now opens his email. He says the email now contains an extra paragraph that wasn’t there before.
The owner, Morgan Jones, says Groupon should compensate him for breaching his privacy under a federal law concerning “Unlawful Access to Stored Communications.” What’s more, his lawsuit is a class action which means he wants to represent many other businesses who also suffered the same injury.
The accusations are simply astounding. If true, they would mean that Groupon engaged in a systematic hacking campaign for little gain (the contract change is fairly inconsequential). Moreover, its behavior would be considered not just shady business but a federal crime. If the accusations are untrue, Groupon could be in a position to sue for defamation.
So what’s going on? It seems that either Groupon is on a federal crime spree or BidMyCrib has some other agenda in making the accusations that have already been widely reported by Bloomberg and other major media outlets.
Adam Levitt of Chicago is one of the lawyers representing Ohio-based BidMyCrib. When asked for details about the alleged hacking, he would only say “the complaint speaks for itself.” A Groupon spokesperson stated, “We don’t comment on pending litigation and will speak through our court filings.”
There is little information online about BidMyCrib except for its website and a handful of reviews that accuse it of dishonest practices. Jones, the owner, did not reply to calls seeking comment. Yesterday afternoon, however, paidContent received an email tip that asked if we “chaps” were covering the hacking allegations. The correspondent said Groupon could have used various technological measures to change the merchants’ emails without logging into their account.
The message, which is jargon-heavy and appears to be written by someone whose first language is not English, is reproduced below as is the complaint. If any of our more tech-savvy readers have any insights, please send me a message or post your thoughts in the comments to help clear up this mystery.
From the tipster:
Are you chaps covering the current Groupon lawsuit involving email tampering? After reading complaint off the PACER system in USA I believe the Defendant may have used JAVA, or software update during an “request to update” via another email the receive after the receive the original email, or dynamic email containing a master file on their network to push changes to email accounts for specific emails containing contracts. This can be done. If Defendant wanted to secretly change terms of contract they can use one of the 3 methods listed above (other ways too) to modify contract terms remotely on emails in the Inbox of anyone who received the original email, and do it without anyone knowing it. I don’t think Plaintiff is stating Defendant had to personally login to Plaintiff’s email account and make changes. I get Defendant’s emails daily…these emails are dynamic and contain technology to allow changes after the fact.