Archives: Cyber Liability

Subscribe to Cyber Liability RSS Feed

Guest Post: Three Cybersecurity Lessons From Yahoo’s Legal Department Woes

The recent news that Yahoo’s general counsel had resigned following a probe of high-profile data breaches at the company has generated a great deal of discussion and concern. In the following guest post, David Fontaine and John Reed Stark take a look at the circumstances surrounding the resignation and consider the implications of and lessons … Continue Reading

Will Yahoo’s Data Breach Reporting Become the Test Case for the SEC’s Cyber Disclosure Guidelines?

Ever since the SEC released its cyber security disclosure guidelines in October 2011, commentators (including me) have been speculating whether the agency might try to nab a company whose disclosure practices the agency might use as sort of a test case on the guidelines’ requirements.  It now appears, at least based on media reports, the … Continue Reading

Book Review: “Take Back Control of Your Cybersecurity Now”

There is little doubt that cybersecurity is one of the most pressing issues in the contemporary corporate, political and economic arena. When, as have seen, cybersecurity has become a critical issue in the U.S. political and electoral processes, it is clear that the consequence and complications associated with cybersecurity have become both acute. Cybersecurity has … Continue Reading

Data Breach-Related Shareholder Derivative Lawsuit Filed Against Wendy’s

Cyber-breach related D&O lawsuits have not fared particularly well. Indeed, after the shareholder derivative lawsuit against the board of Home Depot was recently dismissed, it was unclear what the future direction for cybersecurity litigation against corporate officials might be. But though the future direction of this type of litigation is unclear, it seemed unlikely despite … Continue Reading

Home Depot Data Breach Derivative Lawsuit Dismissed

For some time now, many commentators (including me) have been predicting that as a result of rising numbers of companies experiencing date breaches that there would be a resulting wave of D&O lawsuits. Indeed, there have been a small number of high profile data security-related D&O lawsuits filed. However, several of those cases – including, … Continue Reading

Sixth Circuit: Data Breach Victims’ Heightened Risk of Future Harm Establishes Article III Standing

One of defendants’ most significant arguments in opposing data breach victims’ negligence and breach of privacy claims has been that the claimants that have not suffered actual fraud or identity theft can show no cognizable injury and therefore lack Article III standing to assert their claims. Appellate decisions in the Seventh and Ninth Circuit have previously taken … Continue Reading

Target Corporation Cybersecurity-Related Derivative Litigation Dismissed

For some time now, many commentators, including me, have been predicting that cybersecurity-related litigation could become an important part of the D&O litigation environment. And that may yet happen. For now, however, the results in the recent cybersecurity-related cases have been, from the plaintiffs’ perspective, not particularly promising. On July 7, 2016, in the latest … Continue Reading

Federal Agencies Joining the Data Security Enforcement Action Bandwagon

Until now, the primary federal agency regulating data security has been the Federal Trade Commission. Indeed, in August 2015, the Third Circuit in the Wyndham Worldwide case affirmed the FTC’s regulatory enforcement authority against companies failing to take appropriate action to protect consumer financial information. However, other federal regulatory agencies are now increasing asserting their … Continue Reading

Guest Post: Law Firms and Cybersecurity: A Comprehensive Guide for Law Firm Executive Committees

There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look … Continue Reading

The Growing Risk of Payment Instruction Fraud and Related Insurance Coverage Problems

There recently has been a “dramatic rise” in the incidence of business e-mail compromise (BEC) scams, according to an April 4, 2016 alert from the Federal Bureau of Investigation (here). In these schemes, which are also often referred to as “social engineering fraud” or “payment instruction fraud,” scammers using official seeming email communications induce company … Continue Reading

Guest Post: The Need for Cyber Liability Insurance – Indian Perspective

Threats to data security and privacy are among the most important emerging exposures companies face. But it is not just companies in the United States that face these threats – these threats confront companies around the world. The purchase of insurance designed to deal with the liability exposures arising from these risks is an important … Continue Reading

Guest Post: Boards of Directors and Cybersecurity: Applying Lessons Learned From 70 Years of Financial Reporting Oversight

In this day and age, the members of the boards of directors of most companies understand that cybersecurity issues are both important and should be a board-level priority. But while these issues and responsibilities are now well-recognized, many boards still struggle to translate these issues into action. In the following guest post from John Reed … Continue Reading

Senate Bill Would Require Disclosure Concerning Corporate Boards’ Cybersecurity Expertise

It is not news that cybersecurity is a serious corporate and domestic security concern. But despite continuing revelations of high-profile data breaches, cybersecurity is an area (OK, one of the many areas) where Congress has been slow to act. While there is still as yet no comprehensive Congressional attempt to tackle cybersecurity as an issue … Continue Reading

Wyndham Worldwide Settles Data Breach-Related FTC Enforcement Action

According to the company’s December 9, 2015 press release (here), Wyndham Worldwide has reached a settlement with the Federal Trade Commission in the long-running and high-profile civil action the agency filed against the company and its affiliates in connection with data breaches at the company during the period 2008-2010. Under the terms of the settlement, … Continue Reading

FTC Data Breach-Related Enforcement Action Dismissed Based on Lack of Alleged Consumer Harm

Following the Third Circuit’s August 2015 decision in which the appellate court affirmed the Federal Trade Commission’s authority to pursue an enforcement action against Wyndham Worldwide alleging that the company failed to make reasonable efforts to protect consumers’ private information, there have been concerns that other companies experiencing data breaches could be the target of … Continue Reading
LexBlog