Technology-based education firm K12, Inc., which hoped to be able to profit from the pandemic-related shift to virtual learning , has been hit with a securities class action lawsuit alleging that the company’s share price declined after school systems using its platform to address their online learning needs allegedly experienced disappointing results. A copy of the shareholder plaintiff’s November 19, 2020 complaint can be found here.
Continue Reading Online Learning Firm Hit with COVID-19-Related Securities Suit

When the news circulated in February that the Equifax data breach securities lawsuit had settled for $149 million, I wondered whether the sizeable settlement might further encourage plaintiffs’ lawyers to file more securities suits against companies that had experienced cybersecurity incidents. As it has turned out, there have been no new cybersecurity incident-related securities suits filed since then – until now. Earlier this week, a plaintiff shareholder filed a securities suit against title insurance and insurance services company First American Financial Corp., which experienced a significant cybersecurity incident in May 2019. As discussed below, the filing of this complaint is noteworthy in several respects. A copy of the complaint in the recently filed First American securities lawsuit can be found here.
Continue Reading Title Insurance Company Hit with Cybersecurity Incident-Related Securities Suit

Bill Boeck

Ransomware attacks are on the increase, putting the target organizations in the uncomfortable position of having to decide whether or not to pay the demanded ransom. As if that were not tough enough, an October 1, 2020 advisory statement by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) warns that companies paying ransoms under these circumstances may risk violating OFAC regulations and could be subject to penalties. In the following guest post, Bill Boeck takes a look at the OFAC advisory and its implications.  Bill is Lockton’s Global Cyber Product and Claims leader and U.S. Financial Lines Claims Practice Leader. A version of this article previously was published as a Lockton client alert. I would like to thank Bill for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Bill’s article.
Continue Reading Guest Post: OFAC Warns Against Paying Cyber Ransoms to Sanctioned Entities

John Reed Stark

Along with all of the other anxieties about the upcoming Presidential election, there is the concern that someone, somewhere will use some type of cyberattack to interfere with the electoral process. If that were to happen, the immediate question will “Who did it?” In the following guest post, John Reed Stark, President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, underscores the difficulties associated with identifying the actors behind any cyberattack and cautions against jumping to conclusions about who might have been involved. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Attribution on Election Cyber-Attacks: Don’t Rush to Judgment

John Reed Stark

In the following guest post, John Reed Stark President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement, takes a look at questions of confidentiality surrounding a discovery dispute between class action plaintiffs and a data breach victim company relating to forensic work conducted by Crowdstrike, Inc. in connection with a 2018 data security incident at Marriott International, Inc. As Stark notes, the issue of protecting the confidentiality of post-data breach forensic findings (when the forensic firm is typically engaged by counsel) has become of critical importance and has significant consequences. A version of this article previously was published on Cybersecurity Docket. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: More Battles Over Digital Forensic Findings

Stephen Reilly
Andrew Jones

Data breach class action lawsuits are already well-established in the United States, but are only developing elsewhere. In the following guest post, Stephen Reilly and Andrew Jones of Beale & Company Solicitors take a look at the possibilities and prospects for data breach class actions in the U.K. A version of this article previously was published as a Beale & Company client alert. I would like to thank Stephen and Andrew for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Stephen and Andrew’s guest post.
Continue Reading Guest Post: Data Breach Class Actions in the UK — What Next?

Like many others, I look forward to Warren Buffett’s annual letter to Berkshire Hathaway shareholders, and like many others, I read his annual letter closely, looking for any investment insights I can glean as well for Buffett’s now-famous homespun brand of wisdom and humor. Although Buffett latest letter to Berkshire shareholders – which was published Saturday morning – does offer readers a little under each of these headings, I think many reading Buffet’s latest letter might have come away a little disappointed, as I discuss further below. Buffett’s 2019 letter to Berkshire shareholders, published on February 22, 2020, can be found here. (Full disclosure: I own BRK.B shares, although not as many as I wish I did.)
Continue Reading A Closer Look at Warren Buffett’s Annual Letter to Berkshire Shareholders

Over the last several years, plaintiffs’ lawyers have filed a number of D&O lawsuits against companies that had been hit with a cybersecurity incident. These suits have largely been unsuccessful, with the exception of the lawsuits filed against Yahoo in the wake of that company’s data breach. While the plaintiffs’ track record in data breach-related D&O lawsuits so far has not been good, a recent development could suggest that that has changed. On February 13, 2020, the parties to the Equifax data breach-related lawsuit filed a stipulation of settlement stating that the case has been settled based on the defendants’ agreement to pay $149 million. The settlement is subject to court approval. This settlement has a number of interesting implications, as discussed below. A copy of the parties’ stipulation of settlement can be found here.
Continue Reading Equifax Data Breach-Related Securities Suit Settled for $149 Million

Paul A. Ferrillo

In the following guest post, Paul A. Ferrillo takes a look at the recent findings that the SEC Office of Compliance, Inspections and Examinations issue with respect to its cybersecurity examinations of registered investment advisers and broker dealers. The findings, Paul suggests, provides good guidance from a number of perspectives with regard to cybersecurity governance issues. Paul is a partner with McDermott, Will & Emery. I would like to thank Paul for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Paul’s article.
Continue Reading Guest Post: Avoiding Event Driven Litigation through Good Cybersecurity Governance

John Reed Stark

In the following guest post, John Reed Stark takes a look at the troubling rise of ransomware attacks, and the disturbing relationship between ransomware attacks and bitcoin. John is the President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. I would like to thank John for allowing me to publish his article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s article.
Continue Reading Guest Post: Ransomware’s Year-End Thank You Note to Bitcoin