In a blow to victims of data theft, the Ninth Circuit in United States v. Nosal held that the Computer Fraud and Abuse Act (CFAA) was not an available remedy where the alleged thief had authorized access to the computer system from which data was stolen. The Northern District Court of California’s recent decision in Oracle America, Inc. v. Service Key, LLC (No. 12-00790) may well breathe new life in the CFAA by recognizing claims against hackers who not only steal but traffic access credentials.