In the following guest post, Paul Ferrillo and Chris Veltsos take a look at the latest consequences that companies are now facing following a data breach – a rating agency downgrade. Paul is a shareholder in the Greenberg Traurig law firm’s Cybersecurity, Privacy, and Crisis Management Practice. Chris is a professor in the Department of Computer Information Science at Minnesota State University, Mankato where he regularly teaches Information Security and Information Warfare classes. I would like to thank Paul and Chris for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest article. Here is Paul and Chris’s article.
Continue Reading Guest Post: Rating Agency Downgrades Following Cyber Breaches — Are They the Canary in the D&O Coal Mine?

Karen Boto

As prior posts on this blog have noted (most recently here), the rise of cryptocurrencies is one of the most important and interesting recent developments in the financial arena. The rise of cryptocurrencies presents a number of challenges. Among the challenges is providing appropriate insurance solutions for cryptocurrency companies. In the following guest post, Karen Boto, a Legal Director at Clyde & Co law firm, takes a look at these cryptocurrency-related insurance issues. A version of this article was previously published as a Clyde & Co client alert. I would like to thank Karen for her willingness to allow me to publish her article as a guest post. I welcome guest post submissions from responsible authors on topics of interest to readers. Please contact me directly if you would like to submit a guest post. Here is Karen’s article.
Continue Reading Guest Post: Cryptocurrencies – To Insure or Not to insure?

home depotFor some time now, many commentators (including me) have been predicting that as a result of rising numbers of companies experiencing date breaches that there would be a resulting wave of D&O lawsuits. Indeed, there have been a small number of high profile data security-related D&O lawsuits filed. However, several of those cases – including, for example, the derivative lawsuits filed against Target (about which refer here) and Wyndham Worldwide (here) – have been dismissed.  Following these dismissals, the sole remaining recent high-profile data breach-related derivative lawsuit was the one filed against the directors and officers of Home Depot. However, the Home Depot lawsuit has now also been dismissed as well. The spate of dismissals certainly raises a question about what we may expect with respect to future cybersecurity-related D&O lawsuits. A copy of Northern District of Georgia Judge Thomas Thrash’s November 30, 2016 opinion in the Home Depot derivative lawsuit can be found here.
Continue Reading Home Depot Data Breach Derivative Lawsuit Dismissed

targetFor some time now, many commentators, including me, have been predicting that cybersecurity-related litigation could become an important part of the D&O litigation environment. And that may yet happen. For now, however, the results in the recent cybersecurity-related cases have been, from the plaintiffs’ perspective, not particularly promising. On July 7, 2016, in the latest of these cases to hit the skids, District of Minnesota Judge Paul Magnuson, in reliance on the report of the special litigation committee appointed to investigate the claims and in the absence of opposition from the plaintiff, granted the motions of the special litigation committee and of the defendants and dismissed the consolidated cybersecurity-related derivative litigation that had been filed against Target Corporation’s board. As discussed below, the plaintiffs’ track record in this type of litigation has been poor, which does raise the question whether this type of litigation will become a significant phenomenon. A copy of Judge Magnuson’s order in the Target Corp. case can be found here.
Continue Reading Target Corporation Cybersecurity-Related Derivative Litigation Dismissed

homedepotIn early 2014, when plaintiffs initiated data breach-related derivative lawsuits against the boards of Target Corp. (here) and Wyndham Worldwide (here), there was some speculation that these cases might be the first of what could become a wave of data-breach related D&O lawsuits. But then the Wyndham Worldwide case was dismissed (refer here) and no new data breach-related D&O lawsuits followed, even though there were several high profile data breaches after that time (including Sony Entertainment, Anthem and Home Depot). Although many predicted that more D&O lawsuits were to come, the suits themselves did not materialize. There were, however, some suggestions that a lawsuit against Home Depot might eventually arrive, as a plaintiff initiated a books and records action in Delaware Chancery Court against the company.

The wondering and waiting about whether or not there will be a Home Depot data breach-related D&O lawsuit is now over. A Home Depot data breach-related shareholder’s derivative lawsuit has been filed in the Northern District of Georgia. On September 2, 2015, a plaintiff shareholder filed a redacted complaint in a lawsuit against Home Depot, as nominal defendant, and twelve Home Depot directors and officers, alleging that the defendants breached “their fiduciary duties of loyalty, good faith, and due care by knowingly and in conscious disregard of their duties failing to ensure that Home Depot took reasonable measures to protect its customers’ personal and financial information.” The redacted version of the plaintiff’s complaint can be found here. (Please see below for further explanation about the timing of the filing of the plaintiff’s lawsuit and the redactions to the complaint.)
Continue Reading Data Breach-Related Derivative Lawsuit Filed against Home Depot Directors and Officers

wywoSeptember is here. Labor Day has come and gone. That can mean only one thing – time to put away the surf boards, bungee cords, fencing foils, pogo sticks, nunchuks, hula hoops, light sabers, and unicycles, and get back to work. Yes, it is time to answer all those emails and return all of those phone messages. And most important of all, it is time to catch up on what has been happening in the world of directors’ and officers’ liability and insurance. Here is what happened while you were out.
Continue Reading While You Were Out

homedepotAfter claimants filed shareholders’ data breach-related derivative suits against the boards of Target (here) and Wyndham Worldwide (here), a number of commentators (including me) asked whether we could see a wave of cybersecurity related D&O lawsuits. Interestingly, since these two lawsuits were filed more than a year ago, there have been