Is a $5k loss required for each defendant under Computer Fraud and Abuse Act?

Posted byShawn E. Tuma 3 Comments on Is a $5k loss required for each defendant under Computer Fraud and Abuse Act?

Two federal district courts in Texas have faced this issue and both refused to find that plaintiffs, to assert a civil Computer Fraud and Abuse Act claim, must meet the $5,000 loss threshold separately as to each defendant.

Regular readers of this blog know I often write about the $5,000 jurisdictional loss requirement for asserting a civil claim under the Computer Fraud and Abuse Act. Its importance is demonstrated by the many legitimate CFAA claims that have been dismissed because the jurisdictional loss requirement was not satisfied even though it possibly could have been with a little better strategic planning from the outset.

The statutory language of section 1030(g) of the Computer Fraud and Abuse Act provides that multiple plaintiffs can aggregate their losses to meet the jurisdictional threshold. But, does that mean that the plaintiffs must have a separate $5,000 loss for each defendant? The statutory language of the CFAA does not explicitly answer this question.

Two Federal district courts in Texas have recently faced this issue–in the same case. Neither court found there must be a separate $5,000 loss for each defendant in the lawsuit. The defendants in the case M-1 LLC v. Argus Green LLC, 2011 WL 3813286 (S.D. Tex. Aug. 26, 2011), have raised this issue before the United States District Court for the Eastern District of Texas as well as the court rendering this opinion, the United States District Court for the Southern District of Texas (case transferred from the former). The Eastern District Court denied the defendants’ motion to dismiss, finding that the plaintiffs were not required to have a separate $5,000 loss for each defendant. The Southern District Court, in this opinion, refused to disturb the ruling in the absence of compelling proof that it should.

At least these two federal district courts in Texas have refused to find that plaintiffs, to assert a civil Computer Fraud and Abuse Act claim, must meet the $5,000 loss threshold separately as to each defendant. Given what we know about the unpredictability of the CFAA, whether others courts will find the same way remains to be seen.

Related articles

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Join the Conversation

3 Comments

  1. Pingback: Hacking a car? Yes, really…and you thought I was kidding! « Shawn E. Tuma
  2. Pingback: My Appearance on Capital Thinking Radio Show « Shawn E. Tuma
  3. Pingback: Kate Gosselin Sues Jon Gosselin for Violating the Computer Fraud and Abuse Act–Did She Adequately Plead a “Loss”? | Shawn E. Tuma

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading