In what is apparently the largest privacy and cybersecurity-related securities class action lawsuit settlement ever, the parties to the Alphabet Google+ user data securities suit have agreed to settle the action for $350 million. As discussed below, this massive settlement, which is subject to court approval, is significant for a number of important reasons. A copy of the parties’ February 5, 2024, Stipulation of Settlement can be found here. The plaintiffs’ February 5, 2024, motion for preliminary settlement approval can be found here.Continue Reading Alphabet Google+ User Data Privacy-Related Securities Suit Settles for $350 Million

Nelson Kefauver

In the following guest post, Nelson Kefauver, Head of Profin Underwriting at Intact Insurance, takes a look at how three frequent industry predictions from the recent past have turned out.  Nelson’s comments are specific to the private and non-profit D&O insurance space and not do not refer to the public company D&O insurance

The directors’ and officers’ liability environment is always changing, but 2023 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2024 – and possibly for years to come.  I have set out below the Top Ten D&O Stories of 2023, with a focus on future implications. Please note that on Thursday, January 11, 2024 at 11:00 AM EST, my colleagues Marissa Streckfus, Chris Bertola, and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2023. Registration for the webinar can be found here. I hope you can join us for the webinar.Continue Reading The Top Ten Stories in D&O of 2023

On July 26, 2023, a divided SEC adopted, by a 3-2 vote, final rules for cybersecurity disclosures. The final rules are based on proposed rules the agency first introduced in March 2022. The rules require companies to disclose material cybersecurity incidents they experience, and also to disclose on an annual basis material information regarding their cybersecurity risk management and governance. The rules will have a significant impact on reporting companies’ disclosure practices and could present a challenge for some companies. A copy of the final cybersecurity disclosure rules can be found here. The SEC’s July 26, 2023, press release about the final cybersecurity disclosure rules can be found here. The SEC’s two-page fact sheet about the new rules can be found here.Continue Reading SEC Adopts Final Cybersecurity Disclosure Rules

As I noted in my year-end round up of D&O related issues (here), plaintiffs’ lawyers have continued to file securities class action lawsuits following cybersecurity incidents, even though the plaintiffs’ track record in these kinds of lawsuits generally has been poor. Among the cybersecurity-related securities lawsuits filed last year was the suit against cloud-based software company Okta relating in part to the cybersecurity incident at the company earlier in the year. Consistent with the general trend, on March 31, 2023, the court presiding over the Okta securities lawsuit granted the defendants’ motion to dismiss the cybersecurity-related allegations, although the court denied the dismissal motion with respect to certain of the plaintiffs’ other unrelated allegations. The court granted the plaintiff leave to amend the dismissed allegations. The court’s March 31, 2023, order can be found here.Continue Reading Cybersecurity-Related Securities Suit Allegations Against Okta Dismissed

For several years now, one of the perennial questions in the corporate and securities arena has been the extent to which cybersecurity-related issues will contribute to D&O claims. There has never really been the volume of securities and derivative lawsuits that some observers expected, but there has been a small scattering of occasional suits filed from time to time. Now, in what is the latest cybersecurity-related D&O suit, a plaintiff shareholder has filed securities class action lawsuit against pay-TV services provider, Dish Networks, related to a network service disruption at the company caused by a cyber-security incident. A copy of the March 23, 2023, complaint can be found here.Continue Reading Dish Networks Hit with Cybersecurity-Related Securities Suit

On March 9, 2023, the SEC announced that it had settled charges that data management software company Blackbaud, Inc. had settled charges that the company’s cybersecurity disclosure policies and procedures violated the agency’s public company disclosure reporting requirements and that the company had made misleading disclosures about a 2020 ransomware attack that impacted more that 13,000 of its customers. The company, which neither admitted or denied the charges, agreed to a cease-and-desist order and to pay a $3 million penalty. The action, which follows a similar proceeding involving cybersecurity disclosures and procedures, highlights the agency’s focus on cybersecurity-related disclosures.Continue Reading SEC Charges Company Over Disclosures Concerning Ransomware Attack

The directors’ and officers’ liability environment is always changing, but 2022 was a particularly eventful year, with important consequences for the D&O insurance marketplace. The past year’s many developments also have significant implications for what may lie ahead in 2023 – and possibly for years to come.  I have set out below the Top Ten D&O Stories of 2022, with a focus on future implications. Please note that on Thursday, January 12, 2023 at 11:00 AM EST, my colleagues Marissa Streckfus, Chris Bertola, and I will be conducting a free, hour-long webinar in which we will discuss The Top Ten D&O Stories of 2022. Registration for the webinar can be found here. I hope you will please join us for the webinar.Continue Reading The Top Ten D&O Stories of 2022

Jarett Sena

As I have noted in numerous posts on this site (most recently here), plaintiffs’ lawyers seem drawn to filing D&O claims against companies that have experience cybersecurity incidents. But as I have also noted, the plaintiffs’ lawyers’ track record in these cases is not particularly good. However, as discussed in the following guest post by Jarett Sena, Director of Litigation Analysis, ISS Securities Class Action Services, the cybersecurity-related securities class action lawsuit pending against SolarWinds recently resulted in a significant  and noteworthy settlement. This article previously was published on ISS Securities Services’ ISS Insights. I would like to thank Jarett and ISS Securities Class Action Services for allowing me to publish this article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Jarett’s article.
Continue Reading Guest Post: SolarWinds Agrees to $26 Million Payout Over Massive Data Breach