Anjali Das (Partner-Chicago, IL), Brian Myers (Of Counsel-Washington, DC) and Tommy Spitaletto (Partner-Dallas, TX) obtained dismissal of a data breach class action filed against a mental health care provider in the Western District of Texas. The lawsuit arose out of a cyber-attack that involved personal information that included sensitive information such as health information and Social Security numbers. In support of our client’s motion to dismiss, Wilson Elser argued that the plaintiff lacked Article III standing to sue because she failed to allege any injury-in-fact in the form of identity theft fraud, or misappropriation as a result of the breach. Instead, the plaintiff alleged that her harm consisted of (1) lost time and out-of-pocket expenses spent dealing with the data breach; (2) diminished value of her personal, health and financial information; (3) anxiety; (4) violation of privacy rights; (5) loss of the benefit of the bargain made with our client and overpayment for services intended to include data security; and (6) increased risk of future fraud and identity theft. The District Court agreed with Wilson Elser’s position that the plaintiff lacked standing to bring suit and dismissed the case on the basis that the plaintiff failed to allege any actual injury in the form of identity theft, financial fraud or misuse of personal information that could be traced to the cyber incident.