More recent data breach-related D&O lawsuits have been filed in the form of securities class actions, one of which, the Yahoo securities class action lawsuit, recently resulted in a sizable settlement. Before that though, during the period 2014 to 2016, there was a series of data breach related suits filed in the form of shareholder derivative actions. By and large, these cases did not fare particularly well, largely resulting in dismissals. The last of these data breach-related derivative lawsuits that remained pending is the one filed against fast-food company Wendy’s. Now the Wendy’s case has also settled, albeit for a combination of cybersecurity and governance therapeutics and agreement to pay the plaintiffs’ attorneys fees. The resolution of this last remaining shareholder derivative suit again raises a question that has been much discussed, of the extent to which data breach-related issues will lead to more D&O litigation.
Continue Reading Wendy’s Settles Data Breach-Related Derivative Lawsuit
Guest Post: Breaching the Firewall: D&O Exposure from Cybersecurity Incidents
Although a number of high-profile data breaches have led to D&O claims, so far the plaintiffs’ track record in these kinds of cases has been poor. However, as a result of a number of recent developments, there may be good reason for corporate directors and officers to be concerned about these kinds of claims going forward, as discussed in the following guest post by Andrew G. Lipton and Laura Schmidt, both associates at the White & Williams law firm. I would like to thank Andrew and Laura for submitting their article for publication as a guest post. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is Andrew and Laura’s guest post.
Continue Reading Guest Post: Breaching the Firewall: D&O Exposure from Cybersecurity Incidents
Deepening Circuit Split on Data Breach Suit Standing
In the latest decision in which class action consumer data breach claimants have been successful in establishing the requisite standing to pursue their claims, on August 1, 2017, the D.C. Circuit held that the claimants’ risk of future harm is sufficient to meet Article III standing requirements. This decision is the latest in a growing number of federal circuit decisions finding that data breach claimants have satisfied standing requirements, but it also deepens a circuit split that could mean eventual U.S. Supreme Court review of the issue. The D.C. Circuit’s August 1 opinion in the Attias v. Care First case can be found here.
Continue Reading Deepening Circuit Split on Data Breach Suit Standing