The Computer Fraud and Abuse Act (“CFAA”) is the omnibus federal computer crime statute outlawing theft and destruction of data, hacking, use of viruses, theft of passwords and extortionate threats to damage computers. 18 U.S.C. § 1030. Any business or individual “who suffers damage or loss by reason of a violation of the” CFAA is entitled to sue for “compensatory damages and injunctive relief.” However, for there to be subject matter jurisdiction over most CFAA civil suits the plaintiff must prove that the violation caused “loss to 1 or more persons during any 1-year period . . . aggregating at least $5,000 in value.” § 1030(c)(4)(A)(i)(I). The $5,000 in loss is not general damages but specific categories of costs to the CFAA victim. Failure to allege and prove these specific categories is fatal to the court’s jurisdiction resulting in dismissal. This article will survey the current state of the law on what “loss” means and will highlight the pitfalls to avoid in drafting and prosecuting a CFAA action.