The U.S. District Court for the Middle District of Tennessee has held, in Genesco Inc. v. Visa U.S.A. Inc., that Genesco may continue to litigate its state law claims against Visa over fines that Visa imposed after Genesco suffered a data breach. The fines resulted from Genesco’s alleged failure to comply with the Payment Card Industry Data Security Standards (“PCI DSS”). Companies that suffer data breaches risk enforcement actions by regulators and civil suits by public and private plaintiffs. The injured companies often settle the enforcement actions and move on. But some companies are beginning to fight back. Wyndham Hotels’ effort to dismiss an FTC complaint is the most prominent example. Genesco’s resistance to a PCI DSS fine is another.