DECISION

 

Capital One Financial Corp. v. Super Privacy Service LTD c/o Dynadot

Claim Number: FA1908001856372

 

PARTIES

Complainant is Capital One Financial Corp. ("Complainant"), represented by John Gary Maynard, Virginia, USA. Respondent is Super Privacy Service LTD c/o Dynadot ("Respondent"), California, USA.

 

REGISTRAR AND DISPUTED DOMAIN NAMES

The domain names at issue are <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com>, registered with Dynadot, LLC.

 

PANEL

The undersigned certifies that he has acted independently and impartially and to the best of his knowledge has no known conflict in serving as Panelist in this proceeding.

 

David E. Sorkin as Panelist.

 

PROCEDURAL HISTORY

Complainant submitted a Complaint to the Forum electronically on August 8, 2019; the Forum received payment on August 8, 2019.

 

On August 12, 2019, Dynadot, LLC confirmed by email to the Forum that the <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com> domain names are registered with Dynadot, LLC and that Respondent is the current registrant of the names. Dynadot, LLC has verified that Respondent is bound by the Dynadot, LLC registration agreement and has thereby agreed to resolve domain disputes brought by third parties in accordance with ICANN's Uniform Domain Name Dispute Resolution Policy (the "Policy").

 

On August 12, 2019, the Forum served the Complaint and all Annexes, including a Written Notice of the Complaint, setting a deadline of September 3, 2019 by which Respondent could file a Response to the Complaint, via email to all entities and persons listed on Respondent's registration as technical, administrative, and billing contacts, and to postmaster@capitalonehack.com, postmaster@capitalonehacked.com, postmaster@capitalonebreech.com, postmaster@capitalonedatabreech.com. Also on August 12, 2019, the Written Notice of the Complaint, notifying Respondent of the email addresses served and the deadline for a Response, was transmitted to Respondent via post and fax, to all entities and persons listed on Respondent's registration as technical, administrative, and billing contacts.

 

Having received no response from Respondent, the Forum transmitted to the parties a Notification of Respondent Default.

 

On September 4, 2019, pursuant to Complainant's request to have the dispute decided by a single-member Panel, the Forum appointed David E. Sorkin as Panelist.

 

Having reviewed the communications records, the Administrative Panel (the "Panel") finds that the Forum has discharged its responsibility under Paragraph 2(a) of the Rules for Uniform Domain Name Dispute Resolution Policy (the "Rules") "to employ reasonably available means calculated to achieve actual notice to Respondent" through submission of Electronic and Written Notices, as defined in Rule 1 and Rule 2. Therefore, the Panel may issue its decision based on the documents submitted and in accordance with the ICANN Policy, ICANN Rules, the Forum's Supplemental Rules, and any rules and principles of law that the Panel deems applicable, without the benefit of any response from Respondent.

 

RELIEF SOUGHT

Complainant requests that the domain names be transferred from Respondent to Complainant.

 

PARTIES' CONTENTIONS

A. Complainant

Complainant is a major financial institution headquartered in McLean, Virginia. Complainant was founded in 1988 and has used the CAPITAL ONE mark since its inception. Complainant and its wholly owned subsidiaries own numerous trademark registrations and pending applications for CAPITAL ONE and related marks. Complainant's CAPITAL ONE mark is registered in the United States and many other jurisdictions.

 

On July 29, 2019, it was widely reported that Complainant had suffered a cyber incident affecting more than 100 million customers. On the following day, July 30, 2019, Respondent registered the disputed domain names <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com>. Complainant states that Respondent has never been authorized to use Complainant's CAPITAL ONE mark, and is not commonly known by the disputed domain names. The disputed domain names are being used for websites consisting of "related links," most of which relate to financial services.

 

Complainant contends on the above grounds that each of the disputed domain names <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com> is confusingly similar to its CAPITAL ONE mark; that Respondent lacks rights or legitimate interests in the disputed domain names; and that the disputed domain names were registered and are being used in bad faith.

 

B. Respondent

Respondent failed to submit a Response in this proceeding.

 

FINDINGS

The Panel finds that each of the disputed domain names is confusingly similar to a mark in which Complainant has rights; that Respondent lacks rights or legitimate interests in respect of the disputed domain names; and that the disputed domain names were registered and are being used in bad faith.

 

DISCUSSION

Paragraph 15(a) of the Rules instructs this Panel to "decide a complaint on the basis of the statements and documents submitted in accordance with the Policy, these Rules and any rules and principles of law that it deems applicable."

 

Paragraph 4(a) of the Policy requires that Complainant must prove each of the following three elements to obtain an order that a domain name should be cancelled or transferred:

 

(1)  the domain name registered by Respondent is identical or confusingly similar to a trademark or service mark in which Complainant has rights; and

(2)  Respondent has no rights or legitimate interests in respect of the domain name; and

(3)  the domain name has been registered and is being used in bad faith.

 

In view of Respondent's failure to submit a response, the Panel shall decide this administrative proceeding on the basis of Complainant's undisputed representations pursuant to paragraphs 5(f), 14(a), and 15(a) of the Rules and draw such inferences it considers appropriate pursuant to paragraph 14(b) of the Rules. The Panel is entitled to accept all reasonable allegations set forth in a complaint; however, the Panel may deny relief where a complaint contains mere conclusory or unsubstantiated arguments. See WIPO Overview of WIPO Panel Views on Selected UDRP Questions, 4.3 (3d ed. 2017), available at http://www.wipo.int/amc/en/domains/search/overview3.0/; see also eGalaxy Multimedia Inc. v. ON HOLD By Owner Ready To Expire, FA 157287 (Forum June 26, 2003) (dismissing complaint where complainant failed to "produce clear evidence to support its subjective allegations").

 

Identical and/or Confusingly Similar

Each of the disputed domain names <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com> incorporates Complainant's registered CAPITAL ONE trademark, with the space omitted, and adds a generic term and the ".com" top-level domain. These alterations do not substantially diminish the similarity between the domain names and Complainant's mark. See, e.g., Capital One Financial Corp. v. AWT / Joe M, FA 1855882 (Forum Sept. 2, 2019) (finding <capitalonedatabreach.com> confusingly similar to CAPITAL ONE); Equifax Inc. v. Domain Administrator, China Capital Investment Ltd., D2017-1880 (WIPO Nov. 7, 2017) (finding <equifaxhackchecker.com>, <equifaxbreech2017.com>, and similar domain names confusingly similar to EQUIFAX); Microsoft Corp. v. Noori net, FA 1343632 (Forum Oct. 12, 2010) (finding <msnhack.com> confusingly similar to MSN). The Panel considers the disputed domain names to be confusingly similar to a mark in which Complainant has rights.

 

Rights or Legitimate Interests

Under the Policy, the Complainant must first make a prima facie case that the Respondent lacks rights and legitimate interests in the disputed domain names, and then the burden shifts to the Respondent to come forward with concrete evidence of such rights or legitimate interests. See Hanna-Barbera Productions, Inc. v. Entertainment Commentaries, FA 741828 (Forum Aug. 18, 2006).

 

The disputed domain names incorporate Complainant's registered mark without authorization, and their sole apparent use has been to display web pages consisting of links to competitors of Complainant. Such use does not give rise to rights or legitimate interests under the Policy. See, e.g., State Farm Mutual Automobile Insurance Co. v. Moser, Troy, FA 1829743 (Forum Mar. 14, 2019) (finding lack of rights or interests in similar circumstances).

 

Complainant has made a prima facie case that Respondent lacks rights and legitimate interests in the disputed domain names, and Respondent has failed to come forward with any evidence of such rights or interests. Accordingly, the Panel finds that Complainant has sustained its burden of proving that Respondent lacks rights or legitimate interests in respect of the disputed domain names.

 

Registration and Use in Bad Faith

Finally, Complainant must show that the disputed domain names were registered and are being used in bad faith. Under paragraph 4(b)(iii) of the Policy, bad faith may be shown by evidence that Respondent registered the disputed domain name "primarily for the purpose of disrupting the business of a competitor." Under paragraph 4(b)(iv), bad faith may be shown by evidence that "by using the domain name, [Respondent] intentionally attempted to attract, for commercial gain, Internet users to [Respondent's] web site or other on-line location, by creating a likelihood of confusion with the complainant's mark as to the source, sponsorship, affiliation, or endorsement of [Respondent's] web site or location or of a product or service on [Respondent's] web site or location."

 

Respondent registered four domain names that incorporate Complainant's well-known mark, and their only apparent use is for pages consisting of advertising links. Such conduct is indicative of bad faith under the Policy. See, e.g., State Farm Mutual Automobile Insurance Co. v. Moser, Troy, supra (finding bad faith in similar circumstances). In addition, the domain names were registered just after Complainant's data breach had begun to receive widespread media attention, further suggesting that Respondent intended to profit from confusion with Complainant. See, e.g., Equifax Inc. v. Domain Administrator, China Capital Investment Ltd., supra (finding bad faith in similar circumstances). The Panel finds that the disputed domain names were registered and are being used in bad faith.

 

DECISION

Having considered the three elements required under the ICANN Policy, the Panel concludes that relief shall be GRANTED.

 

Accordingly, it is Ordered that the <capitalonehack.com>, <capitalonehacked.com>, <capitalonebreech.com>, and <capitalonedatabreech.com> domain names be TRANSFERRED from Respondent to Complainant.

 

 

David E. Sorkin, Panelist

Dated: September 7, 2019

 

 

Click Here to return to the main Domain Decisions Page.

Click Here to return to our Home Page