In contrast to GameStop, the U.S. District Court for the District of Columbia dismissed a suit against health insurer CareFirst for lack of standing. The case, Attias v. CareFirst, Inc., related to a June 2014 data breach, when hackers accessed a database containing names, birth dates, email addresses, and subscriber identification numbers of approximately 1.1 million individuals. The court found the plaintiffs lacked Article III standing, stating that it would “follow the standard set by the majority of courts.... Absent facts demonstrating a substantial risk that stolen data has been or will be misused in a harmful manner, merely having one’s personal information stolen in a data breach is insufficient to establish standing to sue the entity from whom the information was taken.” This is the second suit dismissed against CareFirst related to the breach ‒ a federal court in Maryland dismissed a separate case in June for similar reasons. And it continues a trend of courts’ finding no standing where plaintiffs do not allege facts showing that other individuals have already been adversely affected by the breach or that the hackers intended to misuse the data.