Although a number of high-profile data breaches have led to D&O claims, so far the plaintiffs’ track record in these kinds of cases has been poor. However, as a result of a number of recent developments, there may be good reason for corporate directors and officers to be concerned about these kinds of claims going forward, as discussed in the following guest post by Andrew G. Lipton and Laura Schmidt, both associates at the White & Williams law firm. I would like to thank Andrew and Laura for submitting their article for publication as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Andrew and Laura’s guest post.
Continue Reading Guest Post: Breaching the Firewall: D&O Exposure from Cybersecurity Incidents
The SEC’s disclosure that its EDGAR system had been had hacked was big news last week, as was the accompanying disclosure that the information accessed may have been used for improper trading. In the following guest post, John Reed Stark takes a look at the interesting and important legal issues that might arise if the authorities were to try to pursue claims against persons trying to trade on the information stolen from the SEC. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. I would like to thank John for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.
In the wake of credit monitoring and reporting firm Equifax’s announcement last week that it had sustained a data breach involving 143 million U.S. customers, a wave of consumer class action lawsuits has followed. In addition, the litigation wave now also includes at least one securities class action lawsuit; more securities suits are likely to follow. Although data breach-related D&O claims have not fared particularly well in the past, there are features of the Equifax situation that may put the securities suits against Equifax in a different category. An even more interesting question is the extent to which the new lawsuit portends further data breach-related securities litigation going forward. 
In the latest decision in which class action consumer data breach claimants have been successful in establishing the requisite standing to pursue their claims, on August 1, 2017, the D.C. Circuit held that the claimants’ risk of future harm is sufficient to meet Article III standing requirements. This decision is the latest in a growing number of federal circuit decisions finding that data breach claimants have satisfied standing requirements, but it also deepens a circuit split that could mean eventual U.S. Supreme Court review of the issue. The D.C. Circuit’s August 1 opinion in the Attias v. Care First case can be found 
Just days after a Southern District of New York judge ruled in the Medidata Solutions decision that the Computer Fraud section of a commercial crime policy covered losses from social engineering fraud (as I discussed in a 
One of the more vexing threats in the current business environment is the rise of “social engineering fraud” or “payment instruction fraud.” In these schemes scammers using official-seeming email communications induce company employees to transfer company funds to the imposters’ account. Among the many issues involved when these kinds of scams occur is the question of insurance coverage for the loss. In many instances, insurers take the position that because the schemes do not involve a “hacking” of the company’s systems and because the actual funds transfers are voluntary, the loss of funds is not covered under commercial crime policies.
In the current world, cyber security is critical for every organization. Cyber insurance is an important part of every organization’s cybersecurity program. In the following guest post, a Senior Associate in D’Amato & Lynch, LLP’s Fidelity Bond Practice Group, examines how business can best match their cyber insurance to their cyber security needs. I would like to thank David for his willingness to allow me to publish his article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David’s guest post.