When a company is hacked, civil litigation often follows, and the types of claims brought against hacked companies – like in the recent P.F. Chang’s case – include a host of traditional common law and statutory claims. None of these claims can succeed, however, unless plaintiffs can establish standing. This threshold issue has plagued plaintiffs in data breach cases, but a federal appeals court recently ruled in their favor by reversing the dismissal of a class action. In a guest article, Thomas Rohback and Patricia Carreiro, a partner and associate, respectively, of Axinn, Veltrop & Harkrider, analyze the progeny of standing outcomes in data breach cases, including the Lewert v. P.F. Chang’s holding, and examine what this issue and others might look like in future data breach class actions. See also “Making Sense of Conflicting Standing Decisions in Data Breach Cases” (Mar. 30, 2016).