On April 14, the Seventh Circuit held that plaintiffs had standing to sue the P.F. Chang’s restaurant chain over a data breach involving the theft of payment card data, finding that the plaintiffs had plausibly alleged future harm ‒ fraudulent charges on their cards and identity theft ‒ that was “certainly impending.” The court emphasized that the plaintiffs’ payment card data had already been stolen, and that some plaintiffs had already experienced fraudulent charges and had spent time and money trying to mitigate the risk of future charges and identity theft. But the court once again expressed skepticism as to the plaintiffs’ other theories of injury, variants of which are increasingly popular among data breach plaintiffs ‒ that they would not have dined at P.F. Chang’s if they had known of its allegedly poor data security and that the theft of the data deprived them of a property right.