director and officer liability for cyber breaches

wendysCyber-breach related D&O lawsuits have not fared particularly well. Indeed, after the shareholder derivative lawsuit against the board of Home Depot was recently dismissed, it was unclear what the future direction for cybersecurity litigation against corporate officials might be. But though the future direction of this type of litigation is unclear, it seemed unlikely despite the poor track record that we had seen the last of these cases. Among other things, it seemed likely that entrepreneurial plaintiffs’ lawyers would continue to try to identify their litigation opportunity for these kinds of cases. As it has now turned out, we didn’t have to wait long for confirmation that despite the dismissals we had not seen the last of the cyber breach-related D&O lawsuits. 
Continue Reading Data Breach-Related Shareholder Derivative Lawsuit Filed Against Wendy’s

home depotFor some time now, many commentators (including me) have been predicting that as a result of rising numbers of companies experiencing date breaches that there would be a resulting wave of D&O lawsuits. Indeed, there have been a small number of high profile data security-related D&O lawsuits filed. However, several of those cases – including, for example, the derivative lawsuits filed against Target (about which refer here) and Wyndham Worldwide (here) – have been dismissed.  Following these dismissals, the sole remaining recent high-profile data breach-related derivative lawsuit was the one filed against the directors and officers of Home Depot. However, the Home Depot lawsuit has now also been dismissed as well. The spate of dismissals certainly raises a question about what we may expect with respect to future cybersecurity-related D&O lawsuits. A copy of Northern District of Georgia Judge Thomas Thrash’s November 30, 2016 opinion in the Home Depot derivative lawsuit can be found here.
Continue Reading Home Depot Data Breach Derivative Lawsuit Dismissed

cyberspaceMany observers, including even this blog, have speculated whether the rising wave of data breaches and cyber security attacks will result in litigation against the directors and officers of the affected companies. Indeed, in 2014, there were two sets of lawsuits filed against the boards of companies that had experienced high-profile data breaches, Target Corp. (refer here) and Wyndham Worldwide (refer here). But the Wyndham lawsuit was dismissed in late 2014, and since that time there really have been no additional significant cyber security related D&O lawsuits filed, even though there have been a number of high profile data breaches in interim (including, for example, Home Depot, Anthem and Sony Entertainment). However, as discussed below, there have been  a couple of recent developments suggesting that the plaintiffs’ lawyers are working along the edges of this issue, and, at a minimum, looking for ways to develop D&O claims out of data breach incidents.
Continue Reading When Data Hacks Lead to D&O Lawsuits, Actual and Threatened