Statutory Loss Definition

Section summaryThe CFAA defines "loss" broadly at §1030(e)(11) to cover the full economic footprint of responding to an intrusion, not only out-of-pocket damages. The breadth of the definition is intentional.

The §1030(e)(11) definition lists four categories:

  • Reasonable cost of responding to the offense.
  • Conducting a damage assessment.
  • Restoring data, programs, systems, or information to the condition before the offense.
  • Revenue lost, cost incurred, or other consequential damages from interruption of service.

Each category is independently aggregable. Internal IT-staff hours, third-party incident-response invoices, forensic-vendor retainers, and downtime revenue can all be counted toward the same loss figure for the same intrusion event.

The $5,000 Threshold

Section summaryUnder §1030(c)(4)(A)(i)(I) the loss element converts an otherwise misdemeanor §1030(a)(5) damage case into a felony with up to a ten-year statutory maximum. The threshold is jurisdictional in practice and a frequent point of pretrial litigation.

The felony predicates in §1030(c)(4)(A)(i) cover six categories. Loss of $5,000 or more is the most commonly charged. Because the threshold turns a one-year maximum into a five- or ten-year exposure, defense counsel routinely challenges the government's loss calculation as inflated, unsupported, or improperly aggregated.

The threshold is calculated event-by-event in the typical case. A single intrusion lasting hours but causing $5,000 in response costs qualifies. A pattern of intrusions, each costing under $5,000, may qualify if aggregated within a one-year window — but the aggregation must trace to the same actor or the same scheme.

Aggregation Across Victims

Section summaryThe statute permits aggregation of loss to one or more persons during any one-year period. The "one or more persons" language allows the government to combine harms across multiple victims of a single course of conduct.

Aggregation framework:

  • One or more persons — multiple victim entities can be combined.
  • One-year period — rolling window measured from any anchor date.
  • Course of conduct — the offenses must trace to the charged conduct, not unrelated incidents.
  • Same defendant — the loss must be attributable to the same actor or co-conspirators.

Counsel should scrutinize whether the government has properly tied the aggregated loss to the charged conduct. Loss from a different intrusion, even by the same defendant, may not aggregate if the conduct is separately chargeable.

Response & Restoration Costs

Section summaryResponse and restoration costs are the largest single component of most CFAA loss figures. Reasonableness is the statutory limit and the most common defense angle.

Common response-cost categories:

  • Forensic imaging and analysis vendors.
  • Incident-response retainers.
  • Internal security-staff hours at fully loaded rates.
  • Outside counsel for breach-notification analysis.
  • Replacement hardware and software licenses tied to the intrusion.
  • Credit-monitoring services for affected individuals.

The reasonableness limit is real. A victim that engages an oversized forensic team or imposes unnecessary restoration scope cannot count the excess toward the §5,000 threshold. Defense counsel routinely requests vendor invoices, staff time records, and engagement letters in discovery.

Sentencing Guideline Interplay

Section summaryAt sentencing, loss is recalculated under USSG §2B1.1, which drives offense-level increases on the loss table. The statutory and guideline loss figures will not always match.

USSG §2B1.1 loss-table mechanics:

  • Loss is the greater of actual or intended loss.
  • Loss table runs from no increase ($6,500 or less) through plus-thirty levels (more than $550 million).
  • Application notes define loss differently from the CFAA statute — particularly for intended loss.
  • Computer-related enhancements at §2B1.1(b)(18) may apply for specific conduct.

The practical consequence is that a defendant who barely crosses the $5,000 statutory threshold may face only a modest guideline increase, while a defendant well over the threshold faces escalating exposure. Counsel should prepare separate analyses for statutory loss (felony charging) and guideline loss (sentencing exposure).

Proof Issues at Trial

Section summaryLoss is an element the government must prove. Documentation, foundation, and reasonableness are the recurring trial issues. Multiplier theories — extrapolating loss from a sample — face heightened scrutiny.

Trial proof issues:

  • Foundation for vendor invoices and staff-time records.
  • Reasonableness testimony — typically from a victim witness or forensic expert.
  • Causation — distinguishing intrusion-caused loss from preexisting remediation.
  • Multiplier extrapolation — projecting per-victim cost across a victim class.
  • Hearsay objections to summary loss exhibits.

The defense playbook focuses on three points: scoping the response, separating necessary from gold-plated remediation, and demanding contemporaneous documentation rather than after-the-fact estimates.

Need defense counsel?

L&L Law Group, PLLC handles Computer Crimes Defense cases throughout DFW. Initial consultations are free.

Call (972) 370-5060 →

Forensic Foundation

CFAA Loss Calculation and the $5,000 Threshold cases turn on digital-forensic evidence: device images, file metadata, network logs, cloud-account records, malware reverse engineering, and attribution analysis. Counsel handling a CFAA loss calculation must engage with the forensic record at a technical level, not just legal level.

The defense's threshold task is review of the government's forensic methodology. Was the device imaged using accepted procedures? Was the image hash-verified against the original? Did the examiner have appropriate certifications? Did the analysis follow the examiner's lab's standard operating procedures? Each step in the chain produces potential challenges at hearing and trial.

Where the case turns on contested forensic findings, the defense should retain an independent examiner. The defense expert reviews the government's work, performs parallel analysis where possible, and is available to testify if needed. Funding for defense experts is available in federal cases under the Criminal Justice Act (18 U.S.C. §3006A) and in Texas indigent cases under Code of Criminal Procedure Article 26.05.

Van Buren and Authorization Screen

The Supreme Court's decision in Van Buren v. United States, 593 U.S. 374 (2021), reshaped the CFAA "exceeds authorized access" analysis. The Court held that the statute applies only where the defendant accessed an area of a computer system they were not entitled to enter at all — not where they had credentials but used them for an improper purpose. The "gates-up-or-down" inquiry asks whether the user could or could not access the specific area, not why they accessed it.

For a CFAA loss calculation (where authorization is in issue), the defense must screen the indictment against the post-Van Buren framework. Cases built on theories that the defendant misused authorized access — rather than entering a system they had no right to enter — should be evaluated for dismissal under Van Buren. Many CFAA charges filed before 2021 survived only because the law had not yet been clarified; charges filed since must satisfy the gates-up-or-down standard.

The defense should also consider whether parallel state charges (Texas Penal Code §33.02) provide the same protection. Texas "effective consent" analysis under Chapter 1 of the Penal Code is broad. A defendant who had colorable authorization — an unrevoked password, a shared account, an implied license — has a defense to the access element under state law that runs parallel to the federal Van Buren analysis.

The CFAA Loss Definition

The CFAA defines "loss" broadly at 18 U.S.C. §1030(e)(11). The definition includes any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, restoring data, programs, systems, or information to its prior condition, and any revenue lost, cost incurred, or other consequential damages from interruption of service.

The breadth of the loss definition produces significant litigation. What costs count as response costs? What restoration is necessary versus discretionary? When does revenue loss qualify as consequential damages? Each question produces case-specific analysis.

Defense workflow examines each category of claimed loss. The defense should require the government to document each cost with specific evidence and to establish the connection between the cost and the alleged offense.

The $5,000 Threshold Application

The $5,000 loss threshold appears in three different places in the CFAA: as a felony enhancement for §1030(a)(2); as a civil-action jurisdictional threshold under §1030(g); and as part of the damage element under §1030(a)(5)(B). Each application has slightly different considerations.

For criminal cases, the threshold elevates the offense from misdemeanor to felony. Where the government cannot prove loss exceeding $5,000, the case must proceed as a misdemeanor with substantially lower exposure. Defense workflow may focus on attacking the loss calculation to defeat the felony enhancement.

For civil cases, the threshold establishes federal jurisdiction. Without $5,000 in loss, the civil action cannot proceed in federal court. The threshold has produced significant federal-court litigation about what counts.

Disputed Loss Categories

Several loss categories produce recurring disputes. In-house IT staff time spent responding to the incident generally counts, but the calculation method varies. Hourly rates, allocations of overhead, and similar issues affect the calculation.

Outside counsel and consultant costs are disputed. Some courts allow these as response costs; others limit them to direct technical costs. The defense should examine the specific costs and brief the controlling precedent.

Lost productivity from employees whose access was disabled or whose work was disrupted is disputed. Some courts allow productivity losses; others limit them where they are speculative or hard to quantify.

Security upgrades after the incident are generally not includable. Forward-looking improvements unrelated to remediation of the specific incident do not count as response costs.

Reputation harm and lost business are generally not includable as loss. These are too speculative and too removed from the technical conduct.

Loss at Sentencing Under USSG §2B1.1

Beyond the $5,000 threshold, loss continues to drive federal sentencing under USSG §2B1.1. The guideline's loss table adds offense levels based on loss amounts, with the additions becoming substantial at higher loss figures.

The sentencing loss analysis differs from the threshold analysis. For sentencing, the court considers the loss intended by the defendant, not just the actual loss. Where the defendant intended greater loss than actually occurred, the higher intended loss may apply.

Defense workflow at sentencing involves contesting both the actual and intended loss figures. The government must prove the loss by preponderance at sentencing. The defense can challenge specific categories, document inflated calculations, and propose lower loss figures.

The difference between contested loss figures can be substantial in sentencing impact. The guideline adds two levels for loss $6,500-$15,000, six levels for $40,000-$95,000, sixteen levels for $1.5-3.5 million. Even small loss disputes can produce significant sentencing differences.

Frequently Asked Questions

Does the $5,000 figure include lost employee productivity?
Sometimes. Reasonable internal IT-staff hours spent responding to the offense are within §1030(e)(11). Generalized productivity loss across the workforce is harder for the government to prove and more vulnerable to a reasonableness challenge.
Can the government aggregate loss from before the charged conduct?
Only if the prior loss traces to the same defendant and same course of conduct within a one-year window. Loss from unrelated incidents, even by the same defendant, does not aggregate. Defense counsel should demand a temporal-and-causal nexus showing.
Why does statutory loss differ from guideline loss?
The two definitions serve different purposes. The statute defines what makes the offense a felony; the guidelines define what drives the sentencing range. The guideline definition includes intended loss and applies its own application-note framework, which can produce a higher or lower figure than the statutory calculation.
Is credit-monitoring for affected consumers includable?
Generally yes, where the monitoring is a reasonable response to the intrusion and the cost is documented. The defense should test whether the monitoring scope is proportionate to the actual exposure.
How is loss calculated in a denial-of-service case?
Lost revenue and other consequential damages from interruption of service are explicitly covered by §1030(e)(11). Documentation of typical revenue, the duration of the outage, and the proximate causal link are the proof points.
Part of a larger guide

Read the full Texas Computer Crimes Defense Guide

This article is one section of our comprehensive Texas Computer Crimes Defense Guide. The pillar guide covers recent developments, official resources, and the complete framework with deeper analysis.

Read the Pillar Guide →
⚖️
Texas Bar
Licensed
Bar Nos. 24043266 · 24043514
🏆
40+
Years Combined
Criminal Defense Experience
📞
Free
Consultation
Direct to Attorney
🔓
24/7
Jail Release
Available 7 Days a Week

Next Steps

If you are facing a situation described here, consult counsel promptly. Many issues in this area run on strict deadlines.

Reggie London & Njeri London

Co-Founding Partners · L&L Law Group, PLLC

Reggie London (Tex. Bar #24043514) and Njeri London (Tex. Bar #24043266) co-founded L&L Law Group in Frisco, Texas.

This guide was reviewed by Reggie London on May 30, 2026.

Cite this guide

Bluebook: Reggie London & Njeri London, CFAA Loss Calculation & the $5,000 Threshold, L&L Law Group (May 30, 2026), https://landllawgroup.com/insights/cfaa-loss-calculation-threshold/.

APA: London, R., & London, N. (2026, May 30). CFAA Loss Calculation & the $5,000 Threshold. L&L Law Group.