A New Jersey federal district court recently dismissed the putative class action claims of four plaintiffs against a health care defendant following the theft of two password-protected laptops allegedly containing personal information of more than 839,000 individuals. Three of the plaintiffs did not allege that they suffered identity theft, and thus failed to allege an injury in fact as required for standing under Article III of the United States Constitution. The fourth plaintiff alleged that, as a result of the data breach, thieves submitted a fraudulent income tax return on behalf of himself and his wife and stole their refund; however, the plaintiff failed to show that the injury was “fairly traceable” to the theft of the stolen laptops – which were not alleged to contain his spouse’s information, as needed to file a joint return. Further, plaintiff failed to show that his injury was “redressable,” given that he subsequently received his tax refund. See In re Horizon Healthcare Services, Inc. Data Breach Litig., No. 13-7418 (D.N.J. March 31, 2015). Are the “traceability” and “redressability” elements of standing too often overlooked in data breach cases? Can corporate defendants invoke these elements to stave off the wave of data breach class actions by the plaintiffs’ bar?