Donna Dinaples v. MRS BPO LLC, 934 F.3d 275 (3rd Cir. 2019). · Go Syfert
Donna Dinaples v. MRS BPO LLC, 934 F.3d 275 (3rd Cir. 2019). Cases Citing This Book View Copy Cite
75 citation events (75 in the last 25 years) across 11 distinct courts.
Strongest positive: Autumn Chamberlain, on behalf of herself and all others similarly situated v. NRA Group, LLC (pamd, 2026-03-11)
Treatment trajectory · 2020 → 2026 · click a year to view as-of
2020 2023 2026
Top citers, strongest first. 22 distinct citers. How cited ↗
discussed Cited as authority (rule) Autumn Chamberlain, on behalf of herself and all others similarly situated v. NRA Group, LLC
M.D. Penn. · 2026 · confidence medium
The bona fide error defense protects debt collectors only if they make “clerical or factual mistakes.” DiNaples v. MRS BPO, LLC, 934 F.3d 275, 283 (3d Cir. 2019) (citing Daubert v. NRA Group, LLC., 861 F.3d 382, 394 (3d Cir. 2017)).
discussed Cited as authority (rule) UZOR v. FLINK
E.D. Pa. · 2025 · confidence medium
DiNaples v. MRS BPO, LLC, 934 F.3d 275, 280 (3d Cir. 2019); see also TransUnion LLC, 594 US. at 425 (recognizing “intrusion upon seclusion” as an “intangible harm”); Lupia v. Medicredit, inc,, 8 F 4th 1184, 1191 (10th Cir. 2021) (finding that the debtor had standing to pursue a § 1692c(c) claim where the debt collector “made an unwanted call and left her a voicemail about a debt” after she disputed the debt and requested that it cease communications and noting that the debtor’s “concrete injury” bore a close relationship to the tort of intrusion upon seclusion). .
discussed Cited as authority (rule) Jamie Huber v. Simons Agency Inc
3rd Cir. · 2023 · confidence medium
She therefore suffered a concrete injury for Article III purposes, and having “assure[d] ourselves of [Huber’s] standing,” DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019), we can turn to the merits of her claim.
discussed Cited as authority (rule) DELCORE v. CUTOLO BARROS LLC
D.N.J. · 2023 · confidence medium
Mar. 11, 2022) (explaining that bona fide errors “must result from ‘clerical or factual mistakes,’ not mistakes of law” (quoting DiNaples v. MRS BPO, LLC, 934 F.3d 275, 282 (3d Cir. 2019)); see also Dautrich, 2018 WL 3201786 , at *9 (finding that an error originating from a “computer program glitch” constituted a “bona fide error”).
discussed Cited as authority (rule) NUAMAH-WILLIAMS v. FRONTLINE ASSET STRATEGIES, LLC
D.N.J. · 2023 · confidence medium
Pierre v. Retrieval-Masters Creditors Bureau, Inc., 898 F.3d 351, 355, 357-58 (3d Cir. 2018) (reiterating that disclosing an account number on an envelope creates standing); DiNaples v. MRS BPO, LLC, 934 F.3d 275, 278, 280 (3d Cir. 2019) (finding quick reference (QR) code on face of envelope containing “internal reference number” was protected information that had been made “accessible to the public”); Morales, 859 Fed.
cited Cited as authority (rule) HUBER v. SIMON'S AGENCY, INC.
E.D. Pa. · 2022 · confidence medium
And in DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019), the Third Circuit extended the holding of St.
discussed Cited as authority (rule) BARCLIFT v. KEYSTONE CREDIT SERVICES, LLC
E.D. Pa. · 2022 · confidence medium
See Morales, 859 F. App’x, at 626 (mailing vendor placed a barcode on the outside of the envelope that revealed the plaintiff’s personal information); DiNaples, 934 F.3d, at 278 (mailing vendor placed a scannable QR code on the outside of the envelope that revealed the plaintiff’s personal information).
discussed Cited as authority (rule) MILLER v. I.C. SYSTEM, INC.
D.N.J. · 2022 · confidence medium
Rather, bona 18 fide errors “must result from ‘clerical or factual mistakes,’ not mistakes of law.” DiNaples v. MRS BPO, LLC, 934 F.3d 275, 282 (3d Cir. 2019) (quoting NRA Grp., LLC, 861 F.3d at 394 ).
discussed Cited as authority (rule) Lueck v. The Bureaus, Inc.
N.D. Ill. · 2021 · confidence medium
Put otherwise, it is not “a core piece of information relating to the debtor’s status as such,” which, “if disclosed to the public, . . . could be used to expose her financial predicament.” See DiNaples, 934 F.3d at 279 (cleaned up).
discussed Cited as authority (rule) Foley v. Mary Washington Healthcare Services, Inc. dba ODC Recovery Services (2×) also: Cited "see"
E.D. Va. · 2021 · confidence medium
P’ship, 897 F.3d 747, 756 (6th Cir. 2018))); DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279-80 (3d Cir. 2019) (same). ° Mary Washington does not dispute that Foley qualifies as a “consumer” under the FDCPA. business the principal purpose of which is the collection of any debts, or who regularly collects or attempts to collect, directly or indirectly, debts owed or due or asserted to be owed or due another.” This includes “any creditor who, in the process of collecting his own debts, uses any name other than his own which would indicate that a third person is collecting or attempting to…
discussed Cited as authority (rule) NYANHONGO v. CREDIT COLLECTION SERVICES (2×) also: Cited "see"
E.D. Pa. · 2021 · confidence medium
Although “tangible injuries are typically easier to identify, ‘intangible injuries can nevertheless be concrete.’” DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019) (quoting Spokeo, 136 S. Ct. at 1549 ). “[B]oth history and the judgment of Congress play important roles” in determining the concreteness of an intangible injury.
discussed Cited as authority (rule) BOGNET v. BOOCKVAR
W.D. Pa. · 2020 · confidence medium
Standing “ Article III of the Constitution limits the federal courts to adjudication of ‘Cases’ and ‘Controversies.’” DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019) (quoting U.S. Const. art.
discussed Cited as authority (rule) RHEE v. CLIENT SERVICES, INC. (2×) also: Cited "see"
D.N.J. · 2020 · confidence medium
Id. (citing DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019)).
cited Cited as authority (rule) HASSINE v. SIMON'S AGENCY, INC.
D.N.J. · 2020 · confidence medium
DiNaples v. MRS BPO, LLC, 934 F.3d 275, 281 (3d Cir. 2019) (quotation omitted)).
examined Cited as authority (rule) MCROBIE v. CREDIT PROTECTION ASSOCIATION I, INC. (4×) also: Cited "see", Cited "see, e.g."
E.D. Pa. · 2020 · confidence medium
This disclosure “implicates a core concern animating the FDCPA—the invasion of privacy,” Douglass, 765 F.3d at 303 , and as such it is itself a “concrete harm”; McRobie “need not allege any additional harm beyond the one Congress has identified.” DiNaples, 934 F.3d at 280 (emphasis in original) (quoting Spokeo, 136 S. Ct. at 1549 ).
cited Cited as authority (rule) Anita Cagayat v. United Collection Bureau, Inc.
6th Cir. · 2020 · confidence medium
DiNaples v. MRS BPO, LLC, 934 F.3d 275, 282 (3d Cir. 2019).
cited Cited "see" MCQUEEN v. CREDIT ONE BANK, N.A.
D.N.J. · 2025 · signal: see · confidence high
See DiNaples v. MRS BPO, LLC, 934 F.3d 275, 280 (3d Cir. 2019) (invasion of 9 In thinking through standing, a court does not assess whether a plaintiff’s claim works on the merits.
cited Cited "see" OH v. COLLECTO, INC.
D.N.J. · 2021 · signal: see · confidence high
See DiNaples, 934 F.3d at 279–80 (analyzing standing in the context of the specific violation claimed); St.
examined Cited "see" Alejandro Morales v. Healthcare Revenue Recovery Gr (3×)
3rd Cir. · 2021 · signal: see · confidence high
See DiNaples, 934 F.3d at 278 n.2. 3 “additional harm beyond the one Congress has identified” is required.
discussed Cited "see" Lynne Donovan v. FirstCredit, Inc.
6th Cir. · 2020 · signal: see · confidence high
And this interest is a concrete one insofar as an invasion of privacy is a “harm that has traditionally been regarded as providing a basis for a lawsuit in English or American courts.” Spokeo, 136 S. Ct. at 1549 ; see DiNaples v. MRS BPO, LLC, 934 F.3d 275, 280 (3d Cir. 2019) (citing St.
cited Cited "see, e.g." Judicial Watch, Inc. v. Griswold
D. Colo. · 2022 · signal: see, e.g. · confidence medium
See, e.g., DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019); Trapp v. SunTrust Bank, 699 Fed.
cited Cited "see, e.g." PHYSICIANS HEALTHSOURCE, INC. v. ADVANCED DATA SYSTEMS INTERNATIONAL, LLC
D.N.J. · 2020 · signal: see, e.g. · confidence medium
See, e.g., DiNaples v. MRS BPO, LLC, 934 F.3d 275, 279 (3d Cir. 2019) (finding that a plaintiff in FDCPA case had standing to sue); Kamal v. J.
Retrieving the full opinion text from the archive…
Donna DINAPLES, on Behalf of Herself and All Others Similarly Situated
v.
MRS BPO, LLC; John Does 1-25 MRS BPO, LLC, Appellant
18-2972.
Court of Appeals for the Third Circuit.
Aug 12, 2019.
934 F.3d 275
Michael D. Alltmont [ARGUED], Bryan C. Shartle, Sessions Fishman Nathan & Israel, 3850 North Causeway Boulevard, Lakeway Two, Suite 200, Metairie, LA 70002, Andrew J. Blady, Sessions Fishman Nathan & Israel, 3682 Green Ridge Road, Furlong, PA 18925, Ross Enders, Law Offices of J. Scott Watson, 24 Regency Plaza, Glen Mills, PA 19342, Counsel for Appellant MRS BPO, LLC , Ari H. Marcus, Yitzchak Zelman [ARGUED], Marcus & Zelman, 701 Cookman Avenue, Suite 300, Asbury Park, NJ 07712, Mark G. Moynihan, Suite 1-N, 112 Washington Place, Pittsburgh, PA 15219, Counsel for Appellee Donna DiNaples
Chagares, Greenaway, Smith.
Cited by 29 opinions  |  Published
CHAGARES, Circuit Judge.

Five years ago, in Douglass v. Convergent Outsourcing , 765 F.3d 299 (3d Cir. 2014), we held that a debt collector violated the Fair Debt Collection Practices Act ("FDCPA"), 15 U.S.C. §§ 1692 - 1692p, when it sent a collection letter in an envelope displaying the debtor's internal account number with the collection agency. We are now asked to decide whether the same is true when the envelope does not, on its face, show the account number but does display an unencrypted "quick response," or "QR," code that reveals the number when scanned. The District Court held that such conduct violates the FDCPA. We agree and will affirm.

I.

The facts underlying this appeal are undisputed. Donna DiNaples had a credit card through Chase Bank. Eventually, she fell behind on her payments, so Chase assigned her account to a debt collection agency called MRS BPO, LLC ("MRS"). MRS sent DiNaples a collection letter as a pressure-sealed envelope that had a QR code printed on its face. QR codes, including the one here, can be scanned by a reader downloadable as an application (better known as an "app") on a smartphone. And this QR code, when scanned with a QR-code reader, revealed the following sequence: "LU4.###1813.3683994." 1 The string "LU4.###1813" was the internal reference number associated with DiNaples's account at MRS.

DiNaples filed a class action lawsuit against MRS, alleging that the collection agency, by printing the QR code on the envelope, had violated the FDCPA, which prohibits debt collectors from "[u]sing any language or symbol, other than the debt collector's address, on any envelope when communicating with a consumer by use of the mails." 15 U.S.C. § 1692f(8). Each side eventually filed a motion for summary judgment.

The District Court granted DiNaples's motion on liability, concluding that MRS violated the FDCPA. The District Court explained that this conclusion was required by our decision in Douglass , in which we held that a debt collector violates § 1692f(8) by placing on an envelope the consumer's account number with the debt collector. 765 F.3d at 303, 306 . For the District Court, there was no meaningful difference between displaying the account number itself and displaying a QR code - scannable "by any teenager with a smartphone app" - with the number embedded. Dinaples v. MRS BPO, LLC , No. 2:15-cv-01435-MAP, 2017 WL 5593471 , at *2 (W.D. Pa. Nov. 21, 2017). The District Court further rejected MRS's contention that DiNaples had not "suffered a concrete injury," explaining that DiNaples was injured by "the disclosure of confidential information." Id. And the District Court rejected MRS's argument that it was protected by the FDCPA's "bona fide error defense." Id. at *3. The District Court also certified the proposed class.

The parties thereafter stipulated that, to the extent that there was liability, the damages would be $11,000. The District Court granted judgment for DiNaples and the class for that amount, and this timely appeal followed.

II.

We consider first a jurisdictional issue -- DiNaples's standing to sue. 2 The District Court, while it did determine that DiNaples had suffered a concrete injury, never explicitly addressed standing, seemingly assuming it was a non-issue. We, though, must assure ourselves of DiNaples's standing. Anthony v. Council , 316 F.3d 412 , 416 (3d Cir. 2003).

Article III of the Constitution limits the federal courts to adjudication of "Cases" and "Controversies." U.S. Const. art. III, § 2, cl. 1. "Courts enforce the case-or-controversy requirement" by requiring the plaintiff to have standing to sue. Toll Bros., Inc. v. Twp. of Readington , 555 F.3d 131 , 137 (3d Cir. 2009). Standing has three elements: "[t]he plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision." Spokeo, Inc. v. Robins , --- U.S. ----, 136 S. Ct. 1540 , 1547, 194 L.Ed.2d 635 (2016). An "injury in fact" is one that is "concrete and particularized." Id. at 1548 (quoting Lujan v. Defenders of Wildlife , 504 U.S. 555 , 560, 112 S.Ct. 2130 , 119 L.Ed.2d 351 (1992) ). To be concrete, the injury "must actually exist." Id. It must be "real," not "abstract." Id.

The question here is whether DiNaples suffered a concrete injury when her debt collector sent her a letter in an envelope displaying a QR code that, when scanned, revealed her account number with the debt collection agency. We conclude that she did.

Because DiNaples's injury was intangible, we begin our analysis with the Supreme Court's decision in Spokeo . There, the Court reaffirmed that, while tangible injuries are typically easier to identify, "intangible injuries can nevertheless be concrete." 136 S. Ct. at 1549 . The Court in Spokeo offered guidance for determining the concreteness of an intangible injury. The Court explained that "both history and the judgment of Congress play important roles." Id. As to history, courts should "consider whether an alleged intangible harm has a close relationship to a harm that has traditionally been regarded as providing a basis for a lawsuit in English or American courts." Id. Congress's "judgment is also instructive and important," because Congress "is well positioned to identify intangible harms that meet minimum Article III requirements." Id. Granted, just because a plaintiff asserts a congressionally created cause of action does not necessarily mean that the plaintiff has suffered a concrete injury. Id. A "bare procedural violation" will not meet the concreteness requirement. Id. But "the violation of a procedural right granted by statute can be sufficient in some circumstances to constitute injury in fact," and "a plaintiff in such a case need not allege any additional harm beyond the one Congress has identified." Id.

We have already applied the principles set forth in Spokeo to a similar situation. In St. Pierre v. Retrieval-Masters Creditors Bureau , 898 F.3d 351 (3d Cir. 2018), we held that a debtor suffered a concrete injury when a debt collector, in violation of the FDCPA, sent him a collection letter in an envelope displaying his account number with the debt collector. Id. at 355, 358 . We explained that our earlier decision in Douglass -- though not a decision directly addressing standing -- resolved the matter. Id. at 357-58 . In Douglass , we had held that displaying a consumer's account number on an envelope was not "benign," explaining that such conduct "implicates a core concern animating the FDCPA-the invasion of privacy." 765 F.3d at 303 . That number, we emphasized in Douglass , was "a core piece of information" relating to the debtor's status as such, and, if "[d]isclosed to the public, it could be used to expose her financial predicament." Id. Thus, in St. Pierre , we concluded that the harm inflicted by exposing the debtor's account number was "a legally cognizable injury." 898 F.3d at 358 . We explained that, because the harm involves the invasion of privacy, it "is closely related to harm that has traditionally been regarded as providing a basis for a lawsuit in English and American courts." Id. (citing Douglass , 765 F.3d at 303 , and Spokeo , 136 S. Ct. at 1549 ). And therefore, per Spokeo , the plaintiff in St. Pierre had standing.

St. Pierre , to be sure, did not involve the precise situation we have here -- an account number displayed not on the face of the envelope but embedded in a QR code. And in St. Pierre we explicitly declined to address that scenario. See id. at 357 n.6 ("[W]e need not reach the question whether exposure of the 'quick response' code on the envelope, without more, would be sufficient to confer standing under the FDCPA because exposure of one's account number itself suffices."). We similarly declined to consider our QR-code issue in Douglass . See 765 F.3d at 301 n.4 ("Douglass no longer presses her argument that Convergent violated the FDCPA by including the QR Code on the envelope. ... We therefore do not decide that issue.").

Nonetheless, we conclude that the reasoning of those two cases inevitably dictates that DiNaples has suffered a concrete injury. Disclosure of the debtor's account number through a QR code, which anyone could easily scan and read, still "implicates core privacy concerns." Id. at 304 . The debt collector has "displayed core information relating to the debt collection" that is "susceptible to privacy intrusions." Id. at 305 . Whether disclosed directly on the envelope or less directly through a QR code, the protected information has been made accessible to the public. And as we concluded in St. Pierre , such an invasion of privacy "is closely related to harm that has traditionally been regarded as providing a basis for a lawsuit in English and American courts." 898 F.3d at 357-58 . It thus follows from our Douglass and St. Pierre decisions that DiNaples has suffered a sufficiently concrete harm.

MRS is incorrect to suggest that "to establish Article III standing, [DiNaples] would have to show that someone actually intercepted her mail, scanned the barcode, read the unlabeled string of numbers and determined the contents related to debt collection -- or it was imminent someone might do so." MRS Br. 16 (emphases omitted). The teaching of Douglass and St. Pierre is that the disclosure of an account number is itself the harm -- it "implicates core privacy concerns," Douglass , 765 F.3d at 304 , and therefore is sufficiently concrete under Spokeo to establish an injury-in-fact, St. Pierre , 898 F.3d at 357-58 . In other words, because the disclosure is the concrete harm here, DiNaples "need not allege any additional harm beyond the one Congress has identified." Spokeo , 136 S. Ct. at 1549 . Her evidence that she received an envelope with a QR code containing private information was enough to establish a concrete injury. 3

We hold that DiNaples has standing to sue.

III.

Satisfied that DiNaples has standing, we now consider whether the District Court correctly determined that she had a successful claim under the FDCPA. Our review is de novo . See Tundo v. Cty. of Passaic , 923 F.3d 283 , 286 (3d Cir. 2019).

A.

The FDCPA, specifically 15 U.S.C. § 1692f(8), prohibits debt collectors from:

[u]sing any language or symbol, other than the debt collector's address, on any envelope when communicating with a consumer by use of the mails or by telegram, except that a debt collector may use his business name if such name does not indicate that he is in the debt collection business.

There is no dispute that that provision plainly prohibits the QR code. Still, as other courts have observed, § 1692f(8) is rather expansive when read literally. It would seemingly prohibit including "a debtor's address and an envelope's pre-printed postage," as well as "any innocuous mark related to the post, such as 'overnight mail' and 'forwarding and address correction requested.' " Strand v. Diversified Collection Serv., Inc. , 380 F.3d 316 , 318 (8th Cir. 2004) ; see also Goswami v. Am. Collections Enter., Inc. , 377 F.3d 488 , 493 (5th Cir. 2004). To avoid these "bizarre results," Strand , 380 F.3d at 318 , many courts, as well as the Federal Trade Commission, have read a "benign language exception" into § 1692f(8), see Goswami , 377 F.3d at 493-94 . Although we have never adopted such an exception, MRS asks us to do so here and conclude that the QR code falls within it.

But once again, we return to our decision in Douglass . To repeat, Douglass involved an envelope displaying the debtor's account number with the debt collector. 765 F.3d at 300-01 . There, as here, the debt collector urged us to read a benign language exception into § 1692f(8), and like MRS, the debt collector in Douglass argued that the account number should fall within that exception. See id. at 301 . We declined to decide whether § 1692f(8) contains such an exception because, regardless, the account number was not benign. Id. at 301, 303 . That number, we explained, was "a core piece of information," the disclosure of which "implicate[d] a core concern animating the FDCPA--the invasion of privacy." Id. at 303 . We thus rejected the debt collector's contention that the "account number is a meaningless string of numbers and letters, and its disclosure has not harmed and could not possibly harm Douglass." Id. at 305-06 .

As with standing, the question is whether the analysis changes when the account number is not on the face of the envelope but is embedded in a QR code. The panel in Douglass explicitly left that question open. See id. at 301 n.4. But, keeping in mind that "the FDCPA must be broadly construed in order to give full effect to [its remedial] purposes," Caprio v. Healthcare Revenue Recovery Grp., LLC , 709 F.3d 142 , 148 (3d Cir. 2013), we agree with the District Court that the reasoning of Douglass applies fully to an account number embedded in a QR code. As explained above with respect to standing, the harm here is still the same -- the unauthorized disclosure of confidential information. And if such disclosure was not benign, disclosure via an easily readable QR code is not either. Protected information has still been compromised.

MRS argues that Douglass is distinguishable. There, the account information was on the face of the envelope, capable of being seen by all. Here, by contrast, the envelope facially displayed no connection to debt collection. It just revealed a QR code, which is facially neutral and appears on many commercial mailings. Any account information, according to MRS, is hidden from public sight and could only be seen by "unlawfully scanning" the envelope. MRS Br. 24 n.3. MRS suggests that "scanning the QR Code on an envelope addressed to another is akin to opening a letter addressed to another." MRS Br. 23.

We are not persuaded. While we do not decide here whether a benign language exception to § 1692f(8) exists, it would apply only to language truly benign relative to the purposes of the FDCPA. See Douglass , 765 F.3d at 303 ("[W]e cannot find language exempt from § 1692f(8) if its disclosure on an envelope would run counter to the very reasons Congress enacted the FDCPA."). If, as we held in Douglass , disclosure of a debtor's account number is an invasion of privacy, it follows that disclosure of a QR code embedded with that number is not benign. A QR code is still "susceptible to privacy intrusions," even if it does not facially display any "core information relating to the debt collection." 4 Id. at 305 . There is no material difference between disclosing an account number directly on the envelope and doing so via QR code --the harm is the same, especially given the ubiquity of smartphones. 5 Whether it is illegal to scan someone's mail, as MRS argues, is beside the point. The debt collector has still exposed private information to the world in violation of the FDCPA. 6

We therefore hold that a debt collector violates § 1692f(8) when it sends to a debtor an envelope displaying an unencrypted QR code that, when scanned, reveals the debtor's account number. We thus agree with the District Court that MRS, in doing so here, violated the FDCPA.

B.

MRS argues that, even if its conduct violated the FDCPA, it is subject to the bona fide error defense. We disagree.

The FDCPA's bona fide error defense is found in 15 U.S.C. § 1692k(c), which provides:

[a] debt collector may not be held liable in any action brought under this subchapter if the debt collector shows by a preponderance of evidence that the violation was not intentional and resulted from a bona fide error notwithstanding the maintenance of procedures reasonably adapted to avoid any such error.

In Jerman v. Carlisle, McNellie, Rini, Kramer & Ulrich L.P.A. , 559 U.S. 573 , 130 S.Ct. 1605 , 176 L.Ed.2d 519 (2010), the Supreme Court held "that the bona fide error defense in § 1692k(c) does not apply to a violation of the FDCPA resulting from a debt collector's incorrect interpretation of the requirements of that statute." Id. at 604-05 , 130 S.Ct. 1605 . Put differently, "FDCPA violations forgivable under § 1692k(c) must result from 'clerical or factual mistakes,' not mistakes of law." Daubert v. NRA Grp., LLC , 861 F.3d 382 , 394 (3d Cir. 2017) (quoting Jerman , 559 U.S. at 587 , 130 S.Ct. 1605 ).

MRS contends that it committed a mistake of fact. It argues that it "erred by using industry standards for processing return mail and appreciating that no person has ever used a QR Code to determine a letter concerned debt collection." MRS Br. 26. MRS insists that it "did not mistakenly interpret the FDCPA." MRS Br. 26. But that is precisely what it did. While MRS tries to characterize its error as one of fact, MRS ultimately just misunderstood its obligations under the FDCPA. Indeed, MRS all but admits that point when it argues that it "mistakenly believed that its conduct could not conceivably violate the FDCPA." MRS Br. 31. That is not a mistake of fact; it is a mistake of law. Had MRS's printing of the QR code been the result of a clerical mistake, accidentally included contrary to the agency's normal procedures, then it could conceivably avail itself of the bona fide error defense. See Jerman , 559 U.S. at 587 , 130 S.Ct. 1605 . But that is not MRS's argument; indeed, MRS explains that using QR codes is "the industry standard." MRS Br. 34. MRS may not have intended "to disclose that the contents of the envelope pertain to debt collection," MRS Br. 27, but the bona fide error defense does not protect every well-intentioned act, see Jerman , 559 U.S. at 584-85 , 130 S.Ct. 1605 . It applies only to clerical or factual mistakes. See Daubert , 861 F.3d at 394 . The bona fide error defense is therefore inapplicable here.

IV.

For the foregoing reasons, we will affirm the judgment of the District Court.

1

Pursuant to Federal Rule of Civil Procedure 5.2(a)(4), MRS and DiNaples omitted the first three digits of her account number from their summary-judgment filings.

2

As long as DiNaples has standing, the District Court had jurisdiction under 28 U.S.C. § 1331 . We have appellate jurisdiction under 28 U.S.C. § 1291 .

3

For this reason, MRS's attempt to distinguish St. Pierre as involving a motion to dismiss, and hence a lower evidentiary standard, falls flat. Though the motion here is for summary judgment, DiNaples has offered sufficient evidence of her concrete injury, namely the envelope's displaying a QR code embedded with her account number.

4

We do not consider whether a debt collector violates § 1692f(8) by including on an envelope a QR code that does not contain a consumer's account number.

5

For this reason, it also does not matter where on the envelope the QR code is printed, which MRS suggests makes a difference. The account number has still been disclosed, regardless of its location on the envelope.

6

And contrary to MRS's contentions, there is a difference between scanning a letter and opening it. The former can be done surreptitiously without leaving any evidence of tampering. Not so when a letter is physically opened.