In the second policyholder-favorable federal appellate court decision on the issue in a matter of days, the Sixth Circuit has held that the Computer Fraud provisions of a commercial crime policy cover a company’s losses from an email payment instruction fraud scheme. Just last week, the Second Circuit ruled in the Medidata case that Computer … Continue Reading
One of the most significant recent developments in the financial world has been the sudden proliferation of cryptocurrencies. The quick rise of digital currencies seemingly caught regulators by surprise; regulatory action and involvement was slow to develop. But as John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office … Continue Reading
Along with all of the other risks arising from companies’ increasing dependence on electronics communications and data storage technology has come not only the risks of a data breach caused by a hacker, but also the risk of a company’s transfer of funds by one of its employees who has been duped into believing the … Continue Reading
In a development in an enforcement action that is the first of its kind, the SEC has levied a $35 million penalty against Altaba, Inc. as successor in interest to Yahoo, for Yahoo’s two-year delay in reporting the massive data breach the company experienced in December 2014. Altaba, which neither admitted nor denied any wrongdoing, … Continue Reading
Among the many problems that have come to light in the current cryptocurrency craze have been problems relating to celebrity endorsements for initial coin offerings (ICO). In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, reviews the highest profile examples … Continue Reading
As I noted in a post at the time, on February 21, 2018, the SEC released its cybersecurity disclosure guidance for publicly traded companies. In the following guest post, David Fontaine, CEO of Kroll, Inc. and its parent, Corporate Risk Holdings, and John Reed Stark, President of John Reed Stark Consulting and former Chief of … Continue Reading
As I noted in a post at the time, on February 20, 2018, the SEC issued its guidance for cybersecurity-related disclosures. In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, has pulled together of list of 12 takeaways for corporate … Continue Reading
The astonishing bitcoin bubble may have burst over the last several days. From its intraday peak in December 2017 of $19,783, the price for bitcoin had fallen as of Saturday to $8,524, a decline of over 60%. (Price declines continued on Monday.) Bitcoin’s price has fallen before and it has generally proven to be volatile. … Continue Reading
One of the most interesting and arresting business stories of 2017 has been the astonishing proliferation of initial coin offerings (ICOs), as I discussed in a prior post (here). Readers who have been watching this story develop undoubtedly are aware that things have been moving very quickly recently on the regulatory front with respect to … Continue Reading
Commentators (including me) have long speculated about the possible future direction of data breach-related litigation. There have of course been a number of very high profile data breach-related consumer class action suits, but so far relatively few data breach related D&O lawsuits. Of course, more recently investors filed a securities class action lawsuit involving the high-profile … Continue Reading
The outrage that followed Uber’s revelation that hackers had accessed 57 million passenger and drive records was not about the breach itself. It was about the accompanying disclosure that the company had kept the news of the data breach secret after paying the hackers a ransom. The outrage at these disclosures was not lost on … Continue Reading
Cybersecurity issues are currently at the top of the agenda for corporate boards. In the following guest post, David M. Furbush and David M. Lisi of the Pillsbury law firm review what corporate directors should understand about their companies’ cybersecurity risks and how boards can go about proactively participating in decisions about what to do … Continue Reading
Anyone who reads the business pages these days has to be aware that there has been a surge of interest and activity involving cryptocurrencies, and in particular involving initial coin offerings (“ICOs”). In third quarter 2017 alone, 105 ICOs raised over $1.3 billion. This level of activity has in turn attracted regulatory scrutiny and even … Continue Reading
Although a number of high-profile data breaches have led to D&O claims, so far the plaintiffs’ track record in these kinds of cases has been poor. However, as a result of a number of recent developments, there may be good reason for corporate directors and officers to be concerned about these kinds of claims going … Continue Reading
The SEC’s disclosure that its EDGAR system had been had hacked was big news last week, as was the accompanying disclosure that the information accessed may have been used for improper trading. In the following guest post, John Reed Stark takes a look at the interesting and important legal issues that might arise if the authorities … Continue Reading
There has been a steady drumbeat of news about high profile data breaches in the past several days, including the news about the Equifax data breach and the disclosure of the breach at the SEC. In the following guest post, John Reed Stark takes a look at these data breaches and their implications. John is … Continue Reading
In the wake of credit monitoring and reporting firm Equifax’s announcement last week that it had sustained a data breach involving 143 million U.S. customers, a wave of consumer class action lawsuits has followed. In addition, the litigation wave now also includes at least one securities class action lawsuit; more securities suits are likely to … Continue Reading
Over the last several days, I have published several posts discussing important insurance developments relating to social engineering fraud, sometimes called payment instruction fraud. In the following guest post, Peter S. Selvin of the TroyGould PC law firm takes a detailed look at one of these recent decisions, the July 2017 decision in the Southern … Continue Reading
As many readers are aware, there have been a number of recent case decisions addressing insurance coverage issues arising out of social engineering fraud, sometimes known as payment instruction fraud. The recent round of judicial decisions includes a ruling by a Canadian court. In the following guest post, Jamieson Halfnight and Anne Juntunen of the … Continue Reading
In the latest decision in which class action consumer data breach claimants have been successful in establishing the requisite standing to pursue their claims, on August 1, 2017, the D.C. Circuit held that the claimants’ risk of future harm is sufficient to meet Article III standing requirements. This decision is the latest in a growing … Continue Reading
Just days after a Southern District of New York judge ruled in the Medidata Solutions decision that the Computer Fraud section of a commercial crime policy covered losses from social engineering fraud (as I discussed in a post last week), a judge in the Eastern District of Michigan has held that a crime policy’s computer … Continue Reading
One of the more vexing threats in the current business environment is the rise of “social engineering fraud” or “payment instruction fraud.” In these schemes scammers using official-seeming email communications induce company employees to transfer company funds to the imposters’ account. Among the many issues involved when these kinds of scams occur is the question … Continue Reading
In the current world, cyber security is critical for every organization. Cyber insurance is an important part of every organization’s cybersecurity program. In the following guest post, a Senior Associate in D’Amato & Lynch, LLP’s Fidelity Bond Practice Group, examines how business can best match their cyber insurance to their cyber security needs. I would … Continue Reading
During the period 2014-2015, several companies –including Home Depot — that had experienced high-profile data breaches were hit with cybersecurity-related D&O lawsuits. All of these lawsuits, including the one against Home Depot, were dismissed. The plaintiffs in the Home Depot case filed an appeal of the dismissal. Now it appears that while the appeal was … Continue Reading