In March, three putative class actions stemming from data security breaches were dismissed, either due to lack of standing or to plaintiffs' inability to state a valid claim. In the first, filed against national payroll service Paytime, Inc. in the wake of an unauthorized access to the company's computer networks, the court dismissed the case for lack of standing, finding that plaintiffs had alleged no actual misuse of the personal information that was accessed. See Storm v. Paytime, Inc., No. 14-CV-1138, 2015 WL 1119724 (M.D. Pa. Mar. 13, 2015). In the second, filed in the Western District of Washington against national restaurant chain P.F. Chang's, the court concluded that the plaintiff had not stated plausible claims for relief, holding among other things that the restaurant chain did not contract with the plaintiff to provide a specific level of security and that therefore the plaintiff could not advance a breach of implied contract claim. The court also held that compliance with certain cybersecurity standards is unlikely to be material to plaintiff's decision about whether to shop or dine with a particular retailer, and thus the plaintiff lacked a basis for a claim for deceptive practices. See Lovell v. P.F. Chang's China Bistro, Inc., No. C14-1152RSL (W.D. Wash. Mar. 27, 2015). In the third case, the federal District Court for the District of New Jersey dismissed a putative class action against Horizon Blue Cross Blue Shield of New Jersey stemming from the theft of two password-protected laptops, holding the plaintiffs lacked standing because they could not show they had sustained any actual injuries that could be connected to the laptop theft. See In re Horizon Healthcare Services, Inc. Data Breach Litigation, No. 13-7418 (CCC) (D.N.J. March 31, 2015).1 These cases demonstrate the difficulties plaintiffs continue to face in asserting claims based on data security breaches in the absence of actual misuse of their data.