The United States District Court for the District of Minnesota has dismissed a class action against retail grocery chain SuperValu, Inc. over two 2014 data breaches that resulted in the “potential theft” of payment card information.  The court found that the fact that plaintiffs had alleged only a single instance of a fraudulent credit card charge a year and a half after a breach that affected more than 1,000 grocery stores indicated that the risk of future harm was too speculative to meet the “certainly impending” standard set by the Supreme Court in Clapper v. Amnesty International USA.  It also rejected other theories of injury that have become increasingly common in data breach cases, such as a diminution in the value of the plaintiff’s personal information and “lost benefit of the bargain.”  This case demonstrates the continuing difficulty plaintiffs are having in establishing standing even in massive breach cases.