In the FTC’s first loss in a data breach security case, and the first such case to reach a full adjudication, an administrative law judge dismissed the agency’s complaint against LabMD, Inc. regarding two alleged cybersecurity incidents at LabMD. The ALJ held, in a lengthy Initial Decision, that the FTC did not meet its burden on the first prong of the three-part test in Section 5(n) of the FTC Act – that LabMD’s conduct caused, or is likely to cause, substantial consumer injury. Phyllis Marcus, counsel at Hunton & Williams, said the ALJ was “holding the FTC Complaint Counsel, rightfully so, to the fire. Bald allegations of substantial injury or likelihood of substantial injury” to support an unfairness claim will no longer be sufficient if the case stands. See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity” (Jul. 15, 2015).