Data breaches are problematic for companies in ways large and small, and yet consumers affected by these events have had difficulty establishing their claims in court. Historically, courts have dismissed data breach claims for lack of standing, the absence of a cognizable injury under state law, or the failure to satisfy the stringent requirements for class certification, among other reasons. Will this trend continue, or will the plaintiffs’ bar overcome these issues to field new and dangerous theories of liability against companies victimized by data breaches? How will the courts respond to new theories of liability, and how should companies prepare themselves for the next wave of consumer data breach litigation? In this series of three articles, we will examine these questions and offer insight about what may be just around the corner.