MOXIE PEST CONTROL UTAH LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC LLC v. NIELSEN II LLC 10 (2026)

In 2019 and 2020, employees of Aptive Environmental, LLC, bribed members of a rival pest-control outfit—Moxie Pest Control (UTAH), LLC, and over a dozen other affiliates (collectively, Moxie)—to turn over Moxie's confidential sales data. That data allegedly became the secret venom in the race to recruit sales representatives for the lucrative summer sales season.

When Moxie discovered the breach, it sued Aptive and several of its employees (collectively, Aptive) for this misuse of its data. It brought claims under the Computer Fraud and Abuse Act (CFAA), 18 U.S.C. § 1030, the Racketeer Influenced and Corrupt Organizations Act (RICO), 18 U.S.C. § 1961–1968, the federal Defend Trade Secrets Act (DTSA), 18 U.S.C. §§ 1831–33, 1835–36, 1838–39, 1961, and Utah's Uniform Trade Secrets Act (UTSA), Utah Code Ann. §§ 13-24-1 to -9. The district court found each of those claims wanting. It (1) dismissed the CFAA claim as inadequately pleaded, (2) denied Moxie's motions to compel broad discovery into damages, and (3) granted Aptive summary judgment on Moxie's RICO, DTSA, and UTSA claims on causation grounds.

We take up each of these issues in Moxie's appeal. First, we reverse the dismissal of Moxie's CFAA claim. Contrary to the district court's conclusion, the CFAA does not require plaintiffs to plead loss from a technological harm, so Moxie's failure to do so was not fatal under Federal Rule of Civil Procedure 12(b)(6).

Second, we affirm the denial of Moxie's motions to compel. Moxie's discovery requests were very broad. And limiting the scope of Aptive's initial disclosures was not an abuse of discretion because the district court left the door open for Moxie to seek further discovery as to damages.

Third, we affirm in part and reverse in part the district court's summary-judgment decision in favor of Aptive. We agree that Moxie's lack of evidence of causation is fatal to Moxie's RICO claim. The same cannot be said for Moxie's DTSA and UTSA claims, however. Although the lack of causation evidence precludes Moxie from recovering unjust-enrichment damages under those statutes, Moxie also pursued other remedies: reasonable royalties and injunctive relief. Consequently, the district court should have examined the viability of Moxie's DTSA and UTSA claims in light of those remedies before granting Aptive summary judgment.

We thus remand for further proceedings on Moxie's CFAA, DTSA, and UTSA claims.

Background 1

Moxie and Aptive are competitors in the pest-control business. They hawk their services each summer using door-to-door sales representatives, typically college students, who work on commission. Each sales representative brings in tens of thousands of dollars in annual revenue. This is a volume business, so Moxie and Aptive compete to hire the most representatives for each summer sales season.

Because both companies pay commission, sales data is an important recruitment tool for predicting a representative's potential earnings. As part of its business strategy, Moxie closely guards its sales data. It uses password-protected software, called SalesRoutes, to track individual sales and maintain “leaderboards” of top sellers. And all Moxie employees who have access to SalesRoutes—including all sales representatives—must sign confidentiality agreements covering the company's “business records and data.”² App. vol. 11, 2960.

Aptive has gone to great lengths to pilfer that information. In 2019, Senior Vice President of Sales Connor Ruggio put out a call for employees to “obtain[ ] screenshots” of Moxie's sales data. App. vol. 12, 3223. After Ruggio offered a $100 reward, one employee delivered. He persuaded a friend at Moxie to send screenshots of the company's performance data and then forwarded those screenshots to his colleagues, who used the data to convince potential recruits they would make more money working for Aptive.

The next year, Ruggio upped the ante. He offered a $1,000 bounty to any Aptive employee who could get their hands on Moxie's 2020 sales data. Several people tried, but it was Aptive's Sales President, Kyle Nielsen, who managed to worm his way into Moxie's system. He gave a former Aptive employee $2,000 and a pair of Nike sneakers to join Moxie, get access to its SalesRoutes system, and turn over his username and password to Nielsen. Nielsen used those credentials to repeatedly copy confidential records from Moxie's system. He then circulated those records to his colleagues for use in recruitment.

To demonstrate the harm of Aptive's scheme, Moxie points to Zak Benson, who fielded employment offers from both Aptive and Moxie for the 2021 sales season. An Aptive employee met with Benson and showed him leaderboard information from the two companies. The leaderboards persuaded Benson he could earn more money working for Aptive, so he signed a contract with the company. He resigned before the sales season began, however.

After Moxie detected this breach, it filed an initial complaint asserting claims against Aptive and several of its employees under the CFAA and the DTSA.³ On Aptive's motion, the district court dismissed the CFAA claim “based on a failure to plausibly allege the statutory loss requirement under the CFAA,” leaving only the DTSA claim live. App. vol. 1, 177. Moxie then filed an amended complaint raising additional claims under the UTSA and RICO.

During discovery, Moxie served Aptive with requests relevant to unjust-enrichment and reasonable-royalty damages. These requests sought, among other things, information on “each Aptive sales representative hired, contracted[,] or retained for any of Aptive's 2016–2021 summer sales seasons.” App. vol. 2, 303. When Aptive refused to respond, Moxie filed motions to compel. The district court denied Moxie's motions but ordered Aptive to disclose “the identity and contact information of any person who entered into a sales[-]representative agreement with Aptive from 2019 to the present, and who was listed on the 2019 and 2020 Moxie rosters acquired by Aptive.” Id. at 513. Moxie did not seek further court-ordered discovery on that point.

The district court later granted summary judgment to Aptive on the remaining claims. It concluded that Moxie failed to provide “sufficient evidence” showing “that the alleged misappropriation of the SalesRoutes [l]eaderboards caused ill-gotten profits to Aptive.” App. vol. 15, 4039. And because causation is required to recover damages under the UTSA and DTSA—and to establish liability under RICO—the district court viewed the dearth of causation evidence as fatal to Moxie's claims.

Moxie appeals.

Analysis

Moxie challenges the district court's decisions (1) dismissing its CFAA claim under Rule 12(b)(6), (2) denying its motions to compel discovery, and (3) granting Aptive summary judgment on its RICO, DTSA, and UTSA claims. We address each of these in turn.

I. CFAA Dismissal

Moxie first argues that the district court erred in granting Aptive's Rule 12(b)(6) motion to dismiss Moxie's CFAA claim for “fail[ing] to plausibly allege the statutory loss requirement.” App. vol. 1, 177. Moxie's complaint alleged over $5,000 in costs stemming from an investigation of the Aptive breach. But the district court ruled that those investigative costs didn't satisfy the CFAA loss requirement after Van Buren v. United States, 593 U.S. 374, 141 S.Ct. 1648, 210 L.Ed.2d 26 (2021). We review that Rule 12(b)(6) ruling “de novo, accepting as true all well-ple[ade]d factual allegations and viewing them in the light most favorable to [the p]laintiff.” KT & G Corp., 535 F.3d at 1136 (cleaned up). We begin our analysis with the statute, compare Moxie's complaint with the statute's requirements, then explain the Van Buren complication.

In broad terms, the CFAA bars unauthorized access to computers. See 18 U.S.C. § 1030(a). It provides a cause of action to “[a]ny person who suffers” a “loss” of “at least $5,000” in a single year due to a § 1030 violation. Id. § 1030(c)(4)(A)(i)(I), (g). And the CFAA defines a loss as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” Id. § 1030(e)(11) (emphasis added).

Moxie's complaint seemingly ticked all the CFAA boxes by alleging that (1) Aptive violated § 1030(a) by accessing its systems without authorization; and (2) referencing over $5,000 in “costs associated with an investigation undertaken to determine the identity of and methods used by an offender and the extent of the offender's access.” App. vol. 1, 60. Importantly, at the motion-to-dismiss stage, Aptive doesn't dispute that Moxie has shown a violation of § 1030(a). And facially, the asserted investigative costs appear to easily come within the statute's broad definition of loss—“any reasonable cost to [the] victim.” § 1030(e)(11) (emphasis added). More specifically, the loss appears to come within the explicit examples in the statute—“cost[s] of responding to an offense” or “conducting a damage assessment.” Id.

Aptive nevertheless disputes this straightforward application, arguing that the Supreme Court's opinion in Van Buren, 593 U.S. 374, 141 S.Ct. 1648, 210 L.Ed.2d 26, prohibits Moxie from recovering any damages under the CFAA. Notably, in Van Buren, the Court considered an issue not present here: whether the facts presented a criminal violation of the Act. There, a police officer “ran a license-plate search in a law[-]enforcement computer database in exchange for money.” Id. at 378, 141 S.Ct. 1648. The Court concluded that, though the officer had violated department policy, he had not committed a criminal violation of the CFAA. Id. The relevant CFAA violation, the Court explained, “covers those who obtain information from particular areas in the computer ․ to which their ․ access does not extend.” Id. But the police officer used his own credentials, and the CFAA does not cover “those who, like [the police officer], have improper motives for obtaining information that is otherwise available to them.” Id. (emphasis added).

Here, as we've discussed, we need not decide whether the conduct Moxie alleged violates the CFAA—it does. As mentioned, Nielsen used a pilfered username and password to access Moxie's confidential sales data without authorization. Thus, unlike the police officer in Van Buren, Aptive violated § 1030(a). See § 1030(a)(2)(C) (prohibiting “intentionally access[ing and obtaining information from] a [protected] computer without authorization”). Indeed, Aptive doesn't dispute as much; it challenges only whether Moxie sustained any recoverable damages.

To do so, Aptive points out that in Van Buren, the Court bolstered its conclusion (that no violation had occurred) with dicta about the CFAA's loss definition. The Court noted that “[t]he term ‘loss’ ․ relates to costs caused by harm to computer data, programs, systems, or information services.” 593 U.S. at 391, 141 S.Ct. 1648. In other words, the Court said, “[t]he statutory definitions of ‘damage’ and ‘loss’ thus focus on technological harms—such as the corruption of files—of the type unauthorized users cause to computer systems and data.” Id. at 391–92, 141 S.Ct. 1648 (emphasis added). And that is so because the CFAA seeks to “prevent[ ] the typical consequences of hacking.” Id. (quoting Royal Truck & Trailer Sales & Serv., Inc. v. Kraft, 974 F.3d 756, 760 (6th Cir. 2020)).

Taking off from this dicta, the district court appeared to interpret Van Buren to restrict CFAA losses to technological harms, and it thus granted Aptive's motion to dismiss the CFAA claim. Under the district court's view, Moxie's alleged “costs associated with an investigation” do not qualify as CFAA losses because the investigation identified no harm to Moxie's data, programs, systems, or services.⁴ App. vol. 1, 60.

We do not agree with the district court that Van Buren’s dicta excludes Moxie's investigative costs from CFAA losses. Van Buren simply reasoned that § 1030(e)(11)’s focus on compensating plaintiffs for technological harms suggests that certain conduct—like misusing systems one is authorized to access—does not violate the CFAA. 593 U.S. at 391–92, 141 S.Ct. 1648. The Court didn't say, in dicta or otherwise, that the damages available when an individual does violate the CFAA are limited to technological harms. Indeed, Van Buren recognized that losses include costs “relate[d] to ․ harm to computer data, programs, systems, or information services,” which reasonably encompasses investigative costs. Id. at 391, 141 S.Ct. 1648 (emphasis added).

Considering at least some investigative costs as losses is likewise consistent with the CFAA statutory scheme. Under the CFAA, “loss” includes “any reasonable cost to any victim, including the cost of responding to an offense[ or] conducting a damage assessment.” § 1030(e)(11) (emphasis added). And of the dozen or so ways to violate the CFAA, only a few require actual damage to a computer. See § 1030(a)(3), (a)(5)(A)–(C), (a)(7)(C). The remainder hinge on unauthorized access, unauthorized disclosure, fraud, threats, trafficking, conspiracy, or attempt. See id. § 1030(a)(1), (a)(2)(A)–(C), (a)(4), (a)(6)(A)–(B), (a)(7)(A)–(B), (b). So it's unsurprising that three circuits have interpreted the term “loss” to cover “costs incurred as part of the response to a CFAA violation, including the investigation of an offense.” A.V. ex rel. Vanderhye v. iParadigms, LLC, 562 F.3d 630, 646 (4th Cir. 2009); see also Brown Jordan Int'l, Inc. v. Carmicle, 846 F.3d 1167, 1174–75 (11th Cir. 2017) (classifying costs of “an extensive forensic and physical review” of breached system as CFAA “losses”); Yoder & Frey Auctioneers, Inc. v. EquipmentFacts, LLC, 774 F.3d 1065, 1074 (6th Cir. 2014) (same for costs of “investigat[ing] the offense and conduct[ing] a damage assessment”).⁵ We choose to do the same.

Of course, that does not mean all investigative costs fall under § 1030(e)(11). Costs “reasonably necessary to respond to [a CFAA] offense, for example by identifying the perpetrator or the method by which the offender accessed the protected information,” would qualify. Ryanair DAC, 2024 WL 3732498, at *14 (emphasis added) (quoting United States v. Nosal, No. 08-0237, 2014 WL 121519, at *5 (N.D. Cal. Jan. 13, 2014) (unpublished)). But expenses related to business harms, “such as the costs of investigating how a competitor used protected information obtained as a result of the CFAA violation,” would not qualify. Id.

Moxie's pleadings survive these tests. Its complaint alleges that its investigation of Aptive's breach focused on “the identity of and methods used by an offender and the extent of the offender's access.” App. vol. 1, 60. That puts its losses squarely within the definition of “cost[s] of responding to an offense,” and, contrary to Aptive's cursory argument, provides sufficient detail to clear the Rule 12(b)(6) hurdle. § 1030(e)(11). No more is necessary.

II. Discovery

Next, Moxie argues that the district court abused its discretion when it declined to compel production of evidence relevant to damages. See Norton v. City of Marietta, 432 F.3d 1145, 1156 (10th Cir. 2005) (reviewing motion to compel for abuse of discretion). The discovery requests at issue sought Aptive's policies, strategies, communications, and data, including information on “each Aptive sales representative hired, contracted[,] or retained for any of Aptive's 2016–2021 summer sales seasons.” App. vol. 2, 303. We agree that some of that information may have shed light on Moxie's damages.

As Aptive points out, however, the district court did not foreclose further discovery on these topics. It simply declined to force Aptive to comply with Moxie's broad initial discovery requests. Instead, the district court ordered more tailored disclosures focused on former Moxie representatives recruited to work for Aptive. And it indicated openness to further applications once those initial disclosures were complete. Moxie was thus free to renew or revise its requests in the remaining months before the close of discovery. Any error in failing to do so cannot be attributed to the district court.

Because its ruling did not prevent Moxie from pursuing relevant discovery, the district court did not abuse its discretion when it compelled production of a narrower category of information and denied Moxie's motions to compel. Cf. United States v. Wright, 826 F.2d 938, 943 (10th Cir. 1987) (declining to reverse for abuse of discretion where appellant showed no prejudice).

III. Summary Judgment

Finally, we consider Moxie's challenge to the district court's order granting Aptive summary judgment. “We review a grant of summary judgment de novo, drawing all reasonable inferences and resolving all factual disputes in favor of the non[ ]moving party.” Birch, 812 F.3d at 1251 (quoting Yousuf v. Cohlmia, 741 F.3d 31, 37 (10th Cir. 2014)). We affirm summary judgment if “there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Id. (quoting Fed. R. Civ. P. 56(a)).

The district court rested its summary-judgment analysis on causation. It concluded that the material uncontroverted facts failed to show that Aptive's alleged trade misappropriation caused the damages Moxie sought. And without a causal link, the district court concluded Moxie could not prevail on its RICO, DTSA, and UTSA claims. Moxie contests both the district court's assessment of the record evidence on causation and how that assessment impacts the viability of its claims.

A. Evidence of Causation

Moxie says it provided ample evidence that Aptive's misconduct caused unjust enrichment. In particular, it points to undisputed evidence that:

• Aptive pursued Moxie's data in consecutive years;

• Aptive used that information in recruitment meetings;

• a side-by-side comparison of the two companies’ sales data could sway some recruits to sign with Aptive; and

• Aptive's sales force and revenue increased during the espionage.

Moxie acknowledges that the district court considered these facts but protests that the decision below analyzed them “in isolation” and not “in the light most favorable to Moxie.” Rep. Br. 3.

But as Aptive correctly notes, none of this evidence connects any Aptive revenue to Moxie's pilfered data. We can't infer, looking at Aptive's efforts to secure Moxie's data in back-to-back years, that Moxie's data translated to increased profits. The same is true of Aptive's choice to use that data in recruitment. Moxie did not link Aptive's use of side-by-side sales comparisons in recruitment meetings to Aptive's financial success. Granted, Moxie adduced survey results showing that some survey-takers would be more interested in a job with a sales company if a recruiter indicated that the company had a better track record of sales and compensation than a competitor. But we can't infer from those generic results that Aptive's side-by-side-comparison tactic was determinative for actual recruits, much less that it resulted in increased revenue. Indeed, the one recruit Moxie points to as the paradigmatic example of Aptive's scheme, Zak Benson, promptly resigned before making any sales. And Moxie points to no other recruits who chose Aptive over Moxie because of the sales data.⁶

At best, viewing the record in the light most favorable to Moxie, the evidence shows that Aptive's sales force and revenue increased while it was pilfering Moxie's data for its recruitment pitches.⁷ That's a simple temporal correlation—one factor that can support a causal link. But as any statistics student knows, correlation alone can't prove causation.

Without evidence of a causal relationship, Moxie can only “theoriz[e]” that its sales data—rather than other typical drivers of growth—led to Aptive's increased revenue. GeoMetWatch Corp. v. Behunin, 38 F.4th 1183, 1204–05 (10th Cir. 2022) (quoting Heslop v. Bear River Mut. Ins. Co., 390 P.3d 314, 321 (Utah 2017)). And “mere speculation” is not enough to create a genuine issue of material fact. Id. at 1200–01 (quoting Hasan v. AIG Prop. Cas. Co., 935 F.3d 1092, 1098 (10th Cir. 2019)). We thus agree with the district court that Moxie failed to provide evidence of causation.

B. Impact of Lack of Causation Evidence

That brings us to the question of the viability of Moxie's RICO, DTSA, and UTSA claims. Moxie doesn't dispute that a lack of causation precludes RICO liability. So we affirm summary judgment in Aptive's favor on its RICO claims. The DTSA and UTSA claims are a different story, however. Moxie argues that these claims survive summary judgment because lack of causation undercuts only its pursuit of unjust-enrichment damages, not the other relief it sought. Aptive disagrees, asserting that causation is fundamental to all forms of relief available under both statutory regimes.

To untangle this issue, we look to the DTSA and UTSA remedies provisions. Both statutes permit plaintiffs to seek (1) injunctions “to prevent ․ misappropriation” and (2) damages “caused by ․ misappropriation.” 18 U.S.C. § 1836(b)(3); accord Utah Code Ann. §§ 13-24-3(1), -4(1). Qualifying damages, in turn, may include “actual loss” and “unjust enrichment.” 18 U.S.C. § 1836(b)(3)(B)(i); accord Utah Code Ann. § 13-24-4(1). Or “in lieu of” these more traditional ways of measuring harm “caused by ․ misappropriation,” plaintiffs can use “reasonable royalt[ies]” as a proxy. 18 U.S.C. § 1836(b)(3)(B)(ii); accord Utah Code Ann. § 13-24-4(1).

This framework asks courts to consider causation on a remedy-by-remedy basis. Yes, a plaintiff seeking actual-loss or unjust-enrichment damages must establish a causal link. But injunctive relief cannot demand the same proof; it focuses on harms yet to be caused. The same goes for reasonable royalties, which serve as a fallback option when other damages are difficult to calculate. See § 1836(b)(3)(B)(ii). In that situation—say, if a trade secret was disclosed but not used—courts perform a thought experiment. They imagine “ ‘the price that would be set by a willing buyer and a willing seller’ for a license in the trade secret” and award the plaintiff that amount as reasonable royalties. Storagecraft Tech. Corp. v. Kirby, 744 F.3d 1183, 1185 (10th Cir. 2014) (quoting Restatement (Third) of Unfair Competition § 45 cmt. g (A.L.I. 1995)). Because this form of damages is inherently hypothetical, it does not depend on showing a causal relationship between the misappropriation and some realized harm. So we reject Aptive's assertion that either reasonable royalties or injunctive relief require the same proof of causation as unjust enrichment under the DTSA and UTSA. Because these remedies don't turn on causation in the way unjust enrichment does, Moxie's failure to prove causation is not fatal to its DTSA and UTSA claims.

Not so fast, says Aptive—the DTSA and UTSA claims only survive if Moxie can pursue those remedies. And according to Aptive, Moxie can't do so because the district court excluded Moxie's reasonable-royalties damages and Moxie cannot show irreparable harm needed for injunctive relief.

It's true that Moxie's reasonable-royalties theory was the subject of much debate below. After Moxie noticed a $19 million royalty calculation, Aptive moved to exclude royalty damages altogether. The district court issued an unclear order granting in part and denying in part that motion. It purported to explain that “there are language problems with the use of the term ‘royalty,’ ” and “in the traditional sense, the use of ‘royalty’ in this instance is inappropriate.” Supp. App. vol. 1, 193 (cleaned up). That said, the district court clarified that “nothing says we can't talk about licenses or damages or value or running off with something that doesn't belong to you.” Id. at 194.

Aptive construes the district court's ruling as putting an end to any quest for royalty damages. But like Moxie, we interpret it to permit such damages under a different name, “licenses.” Id. That decision, which Aptive does not challenge, also operated to reject Aptive's argument that Moxie's disclosures were inadequate. And because the district court did not conclude that reasonable royalties were unavailable, Moxie's request for them remained live at summary judgment.

Moxie then vigorously pursued these damages at summary judgment. When Aptive asserted that the prior ruling took reasonable royalties off the table, Moxie disputed that interpretation in its briefing and at oral argument. The district court could have used its summary-judgment order to clarify that its prior ruling barred Moxie from pursuing reasonable royalties. Yet given a second chance to swat away this damages theory, the district court said nothing about it. If nothing else, then, reasonable-royalty damages were available under the UTSA and DTSA, and summary judgment on those claims was inappropriate.

Moxie's injunctive-relief theory survives for similar reasons. The district court likewise overlooked the availability of an injunction when it granted Aptive summary judgment. Aptive acknowledges as much when it urges us to reach alternative arguments for affirmance. But we decline to do so. See Lowe v. Town of Fairland, 143 F.3d 1378, 1381 (10th Cir. 1998) (“As a general rule an appellate court does not consider an issue not passed upon below.”). And to correct this oversight, Moxie's DTSA and UTSA claims must return to the district court to consider the company's reasonable-royalty and injunctive-relief remedies in the first instance. See United States v. Suggs, 998 F.3d 1125, 1141 (10th Cir. 2021) (noting that “we are ‘a court of review, not of first view’ ” (quoting Cutter v. Wilkinson, 544 U.S. 709, 718 n.7, 125 S.Ct. 2113, 161 L.Ed.2d 1020 (2005))).

Conclusion

We reverse the dismissal of Moxie's CFAA claim; affirm the district court's discovery order; affirm its summary-judgment decision in favor of Aptive on the RICO claims; affirm in part and reverse in part the summary-judgment decision on the DTSA and UTSA claims; and remand for further proceedings consistent with this opinion.

FOOTNOTES

2.   We refer to sales representatives as Moxie employees for simplicity. In practice, sales representatives sign independent-contractor agreements with third-party companies, and those third-party companies then contract with Moxie affiliates. Nevertheless, Moxie is a third-party beneficiary of the independent-contractor agreements, and Aptive does not dispute that Moxie has the right to enforce the confidentiality provisions.

3.   Moxie also brought a claim under the Utah Unfair Competition Act, Utah Code Ann. §§ 13-5a-101 to -103, but that claim was dismissed after Moxie voluntarily withdrew it.

4.   The district court is not entirely alone in that assessment. See, e.g., hiQ Labs, Inc. v. LinkedIn Corp., 31 F.4th 1180, 1195 n.12 (9th Cir. 2022) (interpreting Van Buren to require CFAA plaintiffs to show technological harm); X Corp. v. Ctr. for Countering Digit. Hate, Inc., 724 F. Supp. 3d 948, 983 (N.D. Cal. 2024) (explaining that “losses [incurred] in connection with attempting to conduct internal investigations in efforts to ascertain the nature and scope of [the defendant's] unauthorized access to the [plaintiff's] data, are not technological in nature” and thus do not satisfy § 1030(e)(11)’s definition of loss (cleaned up)).

5.   Although these cases predate Van Buren, courts have continued to take this position in its aftermath. See, e.g., Vox Mktg. Grp. v. Prodigy Promos, 556 F. Supp. 3d 1280, 1288–89 (D. Utah 2021) (concluding that evidence that plaintiff “audit[ed] its computers to determine how [d]efendants obtained access to them and whether they were compromised in any[ ]way” was sufficient to survive summary judgment, even though record indicated defendants accessed plaintiff's systems via loophole without causing damage); Ryanair DAC v. Booking Holdings, Inc., No. 20-1101, 2024 WL 3732498, at *13 (D. Del. June 17, 2024) (unpublished) (“[T]he term ‘loss’ is best understood to include the cost of an investigation following a CFAA violation, even in instances in which the violation has not resulted in actual impairment of the protected computer or loss of data.”).

6.   Relatedly, as we discussed, Moxie was free to seek additional discovery on causation but didn't.

7.   In the sales years before (2019), during (2020–2021), and after (2022) this corporate espionage, Aptive's revenue did grow. But it increased by less each year, even as its sales force grew and then shrank. For example, in 2020, Aptive had about 2,600 sales representatives, and its revenue increased about $37 million; in 2021, it had about 3,300 sales representatives, and its revenue increased about $31 million; and in 2022, it had fewer sales representatives and a smaller increase in revenue than in either of the two preceding years.

MORITZ, Circuit Judge.