Two Year Statute of Limitations for Computer Fraud and Abuse Act Accrued When Plaintiff “Suspected” Wrongdoing

SEE NEW POST UPDATING THIS CASE:  Computer Fraud and Abuse Act Limitations Accrued With Awareness of Unauthorized Access–Not Identity of Perpetrator

There have not been many Computer Fraud and Abuse Act cases where the statute of limitations has been a key issue in the case so there are not many cases that have analyzed the issue. A new one just came out on January 2, 2013. In the case Higgins v. NMI Enterprises, Inc., 2013 WL 27556 (E.D. La. Jan. 2, 2013), the court offers a fairly detailed analysis of the applicable two year statute of limitations and ultimately decides to grant a Motion to Dismiss based thereon.

The Computer Fraud and Abuse Act has a two year statute of limitations that runs from “the date of the act complained of or the date of the discovery of the damage.” In Higgins, the Plaintiffs claimed that, while they “suspected” some sort of wrongdoing more than two years prior to the filing of their CFAA claim, they did not “actually discover the violations or damage” until later. The court found that “the statute of limitations ‘begins when facts that would support a cause of action are or should be apparent.'” Accordingly, when the Plaintiff suspected that those acts had occurred, those facts should have been apparent for purposes of limitations and limitations began to run at that time. You can read more by pulling up the case HERE.

Should you or anyone you know need assistance in dealing with possible claims under the Computer Fraud and Abuse Act or just want to talk about the law in general, please feel free to give me a call (469.635.1335) or email me ( and I will be more than happy to talk with you!

-Shawn E. Tuma

10 thoughts on “Two Year Statute of Limitations for Computer Fraud and Abuse Act Accrued When Plaintiff “Suspected” Wrongdoing

  1. Very interesting. Why is the statute of limitations so short, as opposed to the more common 7-year limit on many charges? It would seem that short of a statute would make it VERY hard for a company to discover a breach, then gather enough evidence in order to even start proceedings towards charges.

This site uses Akismet to reduce spam. Learn how your comment data is processed.