The Fifth Circuit recently found that a company experiencing a data breach may be liable to injured commercial parties under a “negligence” theory. The Appellate Court recognized a potentially expansive possible tort remedy in the context of cybersecurity claims made by a commercial entity against another commercial entity. It did so by reviving claims by credit card issuers for negligence against a credit card payment processor associated with cybersecurity breaches, reversing a lower court decision that had held that such losses were limited to contract remedies. The three-judge panel held in Lone Star National Bank, N.A. v. Heartland Payment Systems, Inc. (September 3, 2013) that negligence claims were viable under New Jersey law where the defendant causes reasonably foreseeable economic loss to a class to which it owes a duty of care, and where that class does not have a contractual remedy. The court wrote that “in the absence of a tort remedy, the Issuer Banks would be left with no remedy for Heartland’s alleged negligence, defying ‘notions of fairness, common sense and morality.’” Slip op. at 8.