Over the last several years, plaintiffs’ lawyers have filed a number of D&O lawsuits against companies that had been hit with a cybersecurity incident. These suits have largely been unsuccessful, with the exception of the lawsuits filed against Yahoo in the wake of that company’s data breach. While the plaintiffs’ track record in data breach-related D&O lawsuits so far has not been good, a recent development could suggest that that has changed. On February 13, 2020, the parties to the Equifax data breach-related lawsuit filed a stipulation of settlement stating that the case has been settled based on the defendants’ agreement to pay $149 million. The settlement is subject to court approval. This settlement has a number of interesting implications, as discussed below. A copy of the parties’ stipulation of settlement can be found here.
Continue Reading Equifax Data Breach-Related Securities Suit Settled for $149 Million

During 2017 and 2018, plaintiffs’ lawyers filed a number of securities class action lawsuits against companies that had experienced data breaches. Among the highest profile of these cases was the securities lawsuit filed in 2017 against the credit rating firm, Equifax, which in September 2017 announced that hackers had breached its consumer database and accessed millions of records containing personally identifiable information. On January 28, 2019, in a ruling that will be closely analyzed in connection with the several other recently filed data breach-related securities lawsuits, Northern District of Georgia Judge Thomas W. Thrash, Jr. entered an order granting in part and denying in part the defendants’ motion to dismiss. A copy of the January 28 order can be found here.
Continue Reading Equifax Data Breach-Related Securities Suit Dismissal Motion Denied in Part, Granted in Part

There has been a steady drumbeat of news about high profile data breaches in the past several days, including the news about the Equifax data breach and the disclosure of the breach at the SEC. In the following guest post, John Reed Stark takes a look at these data breaches and their implications. John is President of John Reed Stark Consulting and former Chief of the SEC’s Office of Internet Enforcement. I would like to thank John for his willingness to allow me to publish his article on this site. I welcome guest post submissions from responsible authors on topics of interest to this site’s readers. Please contact me directly if you would like to submit a guest post. Here is John’s guest post.
Continue Reading Guest Post: The Equifax and SEC Data Breaches: Takeaways, Reminders & Caveats

In the wake of credit monitoring and reporting firm Equifax’s announcement last week that it had sustained a data breach involving 143 million U.S. customers, a wave of consumer class action lawsuits has followed. In addition, the litigation wave now also includes at least one securities class action lawsuit; more securities suits are likely to follow. Although data breach-related D&O claims have not fared particularly well in the past, there are features of the Equifax situation that may put the securities suits against Equifax in a different category. An even more interesting question is the extent to which the new lawsuit portends further data breach-related securities litigation going forward.  
Continue Reading Equifax Data Breach Litigation Now Includes Securities Suit