There has been a steady drumbeat of news about high profile data breaches in the past several days, including the news about the Equifax data breach and the disclosure of the breach at the SEC. In the following guest post, John Reed Stark takes a look at these data breaches and their implications. John is … Continue Reading
In the wake of credit monitoring and reporting firm Equifax’s announcement last week that it had sustained a data breach involving 143 million U.S. customers, a wave of consumer class action lawsuits has followed. In addition, the litigation wave now also includes at least one securities class action lawsuit; more securities suits are likely to … Continue Reading
Over the last several days, I have published several posts discussing important insurance developments relating to social engineering fraud, sometimes called payment instruction fraud. In the following guest post, Peter S. Selvin of the TroyGould PC law firm takes a detailed look at one of these recent decisions, the July 2017 decision in the Southern … Continue Reading
As many readers are aware, there have been a number of recent case decisions addressing insurance coverage issues arising out of social engineering fraud, sometimes known as payment instruction fraud. The recent round of judicial decisions includes a ruling by a Canadian court. In the following guest post, Jamieson Halfnight and Anne Juntunen of the … Continue Reading
In the latest decision in which class action consumer data breach claimants have been successful in establishing the requisite standing to pursue their claims, on August 1, 2017, the D.C. Circuit held that the claimants’ risk of future harm is sufficient to meet Article III standing requirements. This decision is the latest in a growing … Continue Reading
Just days after a Southern District of New York judge ruled in the Medidata Solutions decision that the Computer Fraud section of a commercial crime policy covered losses from social engineering fraud (as I discussed in a post last week), a judge in the Eastern District of Michigan has held that a crime policy’s computer … Continue Reading
One of the more vexing threats in the current business environment is the rise of “social engineering fraud” or “payment instruction fraud.” In these schemes scammers using official-seeming email communications induce company employees to transfer company funds to the imposters’ account. Among the many issues involved when these kinds of scams occur is the question … Continue Reading
In the current world, cyber security is critical for every organization. Cyber insurance is an important part of every organization’s cybersecurity program. In the following guest post, a Senior Associate in D’Amato & Lynch, LLP’s Fidelity Bond Practice Group, examines how business can best match their cyber insurance to their cyber security needs. I would … Continue Reading
During the period 2014-2015, several companies –including Home Depot — that had experienced high-profile data breaches were hit with cybersecurity-related D&O lawsuits. All of these lawsuits, including the one against Home Depot, were dismissed. The plaintiffs in the Home Depot case filed an appeal of the dismissal. Now it appears that while the appeal was … Continue Reading
The recent news that Yahoo’s general counsel had resigned following a probe of high-profile data breaches at the company has generated a great deal of discussion and concern. In the following guest post, David Fontaine and John Reed Stark take a look at the circumstances surrounding the resignation and consider the implications of and lessons … Continue Reading
Cybersecurity is one of the most important and challenging issues of our time, one with which many organizations are struggling. In the following guest post, John Doernberg takes a look at the ways we talk about cybersecurity and asks whether the language we use may be part of the problem. John is an Area Vice … Continue Reading
I wouldn’t ordinarily write about the same company or set of circumstances two days in a row, but because of developments following in the wake of the data breaches Yahoo announced last year, the company’s name has come up again. Yesterday, I wrote about the investigation the SEC reportedly is pursuing in connection with Yahoo’s … Continue Reading
Ever since the SEC released its cyber security disclosure guidelines in October 2011, commentators (including me) have been speculating whether the agency might try to nab a company whose disclosure practices the agency might use as sort of a test case on the guidelines’ requirements. It now appears, at least based on media reports, the … Continue Reading
There is little doubt that cybersecurity is one of the most pressing issues in the contemporary corporate, political and economic arena. When, as have seen, cybersecurity has become a critical issue in the U.S. political and electoral processes, it is clear that the consequence and complications associated with cybersecurity have become both acute. Cybersecurity has … Continue Reading
Cyber-breach related D&O lawsuits have not fared particularly well. Indeed, after the shareholder derivative lawsuit against the board of Home Depot was recently dismissed, it was unclear what the future direction for cybersecurity litigation against corporate officials might be. But though the future direction of this type of litigation is unclear, it seemed unlikely despite … Continue Reading
For some time now, many commentators (including me) have been predicting that as a result of rising numbers of companies experiencing date breaches that there would be a resulting wave of D&O lawsuits. Indeed, there have been a small number of high profile data security-related D&O lawsuits filed. However, several of those cases – including, … Continue Reading
Cybersecurity has been and remains one of the hot topics in corporate governance. Several federal regulatory agencies, including the SEC, have made it clear that cybersecurity is a high priority item and at the top of their agenda. The SEC’s particular cybersecurity focus has been on consumer privacy and on corporate disclosure. But though the … Continue Reading
One of defendants’ most significant arguments in opposing data breach victims’ negligence and breach of privacy claims has been that the claimants that have not suffered actual fraud or identity theft can show no cognizable injury and therefore lack Article III standing to assert their claims. Appellate decisions in the Seventh and Ninth Circuit have previously taken … Continue Reading
For some time now, many commentators, including me, have been predicting that cybersecurity-related litigation could become an important part of the D&O litigation environment. And that may yet happen. For now, however, the results in the recent cybersecurity-related cases have been, from the plaintiffs’ perspective, not particularly promising. On July 7, 2016, in the latest … Continue Reading
As I noted in a recent post, on June 8, 2016, the SEC, in what one commentator called “the most significant SEC cybersecurity-related action to date,” announced that Morgan Stanley Smith Barney LLC had agreed to pay a $1 million penalty to settle charges that as a result of its alleged failure to adopt written … Continue Reading
Until now, the primary federal agency regulating data security has been the Federal Trade Commission. Indeed, in August 2015, the Third Circuit in the Wyndham Worldwide case affirmed the FTC’s regulatory enforcement authority against companies failing to take appropriate action to protect consumer financial information. However, other federal regulatory agencies are now increasing asserting their … Continue Reading
Cyber liability insurance is a relatively new product and many of the terms and conditions found in cyber-liability policies are as yet untested in the courts. In this guest post, Stephen O’Donnell of the Steptoe & Johnson law firm takes a look at two particular standard features of the cyber liability insurance policies, the retroactive … Continue Reading
In the following guest post, David Bergenfeld, a Senior Associate in D’Amato & Lynch, LLP’s Fidelity Bond Practice Group, takes a look at key court decisions during the first quarter of 2016 analyzing cybercrime insurance. I would like to thank David for his willingness to publish his article as a guest post on this site. … Continue Reading
There have been several very high profile news reports of significant law firm data breaches. It is not a mere coincidence that law firms increasingly are targeted in data breach attacks. Law firms have a trove of information that makes them highly attractive to cybercriminals. In the following guest post, John Reed Stark takes a look … Continue Reading
