In my recent annual round-up of the top stories in the world of D&O liability, I noted that among the key D&O issues is the possibility of claims against corporate directors and officers arising out of cybersecurity incidents. One of the more interesting cybersecurity-related D&O claims in recent years is the securities class action lawsuit a plaintiff shareholder filed against FedEx in connection with the company’s disclosures concerning the “NotPetya” virus cyberattack on its European operations. What made the lawsuit interesting is that it involved not the company’s disclosures at the time of the cyber incident but rather concerned the company’s subsequent statements about the company’s recovery from the attack and the attack’s longer-term impact on its finances, operations, and business strategy. In a February 4, 2021 opinion (here), Southern District of New York Judge Ronnie Abrams granted the defendants’ motion to dismiss the FedEx NotPetya securities lawsuit, with prejudice. As I discuss below, the opinion has some interesting lessons on the importance of precautionary disclosure.
Continue Reading FedEx “NotPetya” Cyberattack Securities Suit Dismissed

One of the most watched and commented on corporate and securities litigation trends over the last several years has been the rise of management liability related lawsuits arising from cybersecurity-related incidents. While there has never been the volume of cases that some commentators expected, there have been a number of cases filed. The latest of these lawsuits is the securities class action lawsuit filed this week against FedEx, in which the plaintiff shareholder alleges the company did not fully disclose the extent of the disruption at its European operation after it was hit with the NotPetya malware virus in June 2017. A number of the allegations in the new FedEx complaint are similar to those raised in prior cybersecurity-related securities suit, suggesting some of the factors that might lead to this type of cybersecurity follow-on lawsuit. A copy of the complaint, filed in the Southern District of New York on June 26, 2019, can be found here.
Continue Reading FedEx Hit with Cyber Attack-Related Securities Suit