The Computer Fraud and Abuse Act (CFAA) is the omnibus federal computer crime statute outlawing theft and destruction of data, hacking, use of viruses, theft of passwords and extortionate threats to damage computers. 18 U.S.C. 1030. Any business or individual “who suffers damage or loss by reason of a violation of the” CFAA is entitled to sue for “compensatory damages and injunctive relief.” However, for there to be subject matter jurisdiction over most CFAA civil suits, the plaintiff must prove that the violation caused “loss to 1 or more persons during any 1-year period…aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I).
The $5,000 in loss is not general damages but specific categories of costs to the CFAA victim. Failure to allege and prove these specific categories is fatal to the court’s jurisdiction, resulting in dismissal. This article will survey the current state of the law on what “loss” means and will highlight the pitfalls to avoid in drafting and prosecuting a CFAA action.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.
For questions call 1-877-256-2472 or contact us at [email protected]
