Seventh Circuit Clarifies How to Meet Injury Requirement of the Computer Fraud and Abuse Act
Employers who encounter the option of pursuing a current or former employee or independent contractor under the Computer Fraud and Abuse Act have at times passed on this option due to the specific injury requirement imposed by the Act. Fortunately, the Seventh Circuit of the U.S. Court of Appeals has recently provided guidance on how to satisfy the injury requirement imposed by the Act so as to avoid the entry of an adverse summary judgment that bars the pursuit of a claim under the Computer Fraud and Abuse Act ("CFAA").
In Modrowski v. Pigatto, No. 11-1327 (7th Cir. April 8, 2013), an employee sued his former employer over events leading to and following his termination as a property manager. The plaintiff alleged that the employer defendants unlawfully withheld his wages, had him incarcerated, and took actions that barred him from accessing his personal Yahoo email account. The employee reportedly merged his personal email account with the email accounts of his employer. After obtaining a temporary restraining order to regain access to his personal emails, the employee found that his personal correspondence, spanning several years, was all gone. The employee sued the employer defendants and pled a number of state and federal law claims, including a claim that relied on the CFAA. 18 U.S.C. sec. 1030.
The trial court dismissed the employee's claim under the CFAA based on his failure to plead the occurrence of an injury of at least $5,000, as required by the Act. 18 U.S.C. sec. 1030(c)(4)(A)(i)(I); (g). The employee was granted leave to file an amended complaint and proceeded with his case. Later, the employer defendants moved for summary judgment based on the lack of evidence needed to sustain essential elements of the plaintiff's CFAA claim. While faulting the summary judgment response of employee, the Seventh Circuit provided some guidance to all parties on how to satisfy the injury element of the CFAA. One possibility the Court identified, and that the employee had not pursued, was the filing of affidavits from potential business partners who were unable to reach him while he was locked out of his email account. The court also raised the possibility of the employee providing receipts that could have detailed fees he paid to obtain duplicates of lost records on his finances and bills. The court additionally commented that the employee could have submitted an admittedly self-serving, but admissible, affidavit wherein he could have testified about the number of hours he spent to obtain his emails. The employee's failure to pursue any of the potential paths outlined by the court, combined with his decision to rely on his pleadings, led to his defeat on summary judgment, an outcome affirmed on appeal.
For employers, the significance of the Modrowski opinion is that they should consider the possibilities available to meet the monetary injury requirements of the Computer Fraud and Abuse Act carefully, and with some encouragement, given the options specified in this opinion.
Topics
Featured Insights

Press Release
Jul 15, 2026
Two Hinshaw Partners Recognized in Minnesota Monthly's 2026 Top Lawyers in Minnesota

Event
July 13-15, 2026
Hinshaw Proudly Sponsors 2026 Lavender Law Conference and Career Fair

Webinar
Jul 14, 2026
Scott Seaman Presents on Horizontal vs. Vertical Exhaustion of Insurance

Healthcare Alert
Jul 8, 2026
A New Era of Compliance Standards for California DSOs and MSOs After the Aspen Dental Settlement

Insights for Insurers Alert
Jul 7, 2026
What Insurers Need to Know About California’s FAIR Plan Assessment Recoupment Guidance

In The News
Jul 6, 2026
Francesco Palanda’s Practical Guide for Mitigating AI-Related Business Interruption Risk

Lawyers' Lawyer Newsletter
Jun 29, 2026
Beyond Malpractice: The Rising Threat of Privacy and Statutory Claims Against Lawyers

In The News
Jun 26, 2026
Brian McGrath Discusses Far-Reaching Impact of a NY Foreclosure Ruling on Mortgage Industry



