A recent decision in the case of Walters vs Kimpton Hotel has given a green light for the plaintiffs to proceed with their suit despite the fact that their data had never been misused. In 2016, Kimpton Hotel suffered a malware infection which ultimately resulted in payment card information being accessed or stolen. Plaintiff Lee Walters consequently claimed he sustained damages as a result of his payment card information being stolen despite the fact that there was apparently no misuse of his information in the form of fraudulent chargs, etc, Walters claims that, out of great concern, he spent considerable effort in monitoring his account for theft after receiving the news. The  courts ultimately declined Kimptons motion to dismiss, finding that injuries resulting from imminent harm are sufficient enough to survive standing.   

http://www.corporatecomplianceinsights.com/data-breach-lawsuit-survives-motion-to-dismiss/