In what is apparently the largest privacy and cybersecurity-related securities class action lawsuit settlement ever, the parties to the Alphabet Google+ user data securities suit have agreed to settle the action for $350 million. As discussed below, this massive settlement, which is subject to court approval, is significant for a number of important reasons. A copy of the parties’ February 5, 2024, Stipulation of Settlement can be found here. The plaintiffs’ February 5, 2024, motion for preliminary settlement approval can be found here.Continue Reading Alphabet Google+ User Data Privacy-Related Securities Suit Settles for $350 Million

I have long thought that privacy-related issues represent one of the important emerging areas of D&O liability exposure. One case that I thought represented an example of this emerging risk was the securities class action lawsuit brought against Facebook related to the Cambridge Analytica user data privacy scandal. However, when the court granted the motion to dismiss in the case, the relevance of the Cambridge Analytica case to the discussion of privacy-related issues seemed diminished. But the appellate court has now reversed in part the lower court’s dismissal, restoring the relevance of the case to the privacy-related discussion and highlighting the importance of privacy concerns as an area of emerging D&O liability risk. The Ninth Circuit’s October 18, 2023, opinion in the case can be found here.Continue Reading Ninth Circuit Revives in Part Facebook Privacy-Related Securities Suit

In a ruling last week, Delaware Vice Chancellor Travis Laster denied motions to dismiss in the shareholder derivative suit against Facebook executives for failing over the course of several years to protect users’ data privacy. The alleged privacy violations to which the lawsuit relates were the subject of a massive $5 billion penalty that Facebook agreed to pay to the FTC to settle charges that the company had violated a 2012 consent order relating to protecting users’ privacy. As discussed in a May 10, 2023, Law360 article (here), Vice Chancellor Laster made his ruling from the bench in a telephonic hearing. Vice Chancellor Laster’s ruling is also discussed in a May 10, 2023, Associated Press article (here). As discussed below, Vice Chancellor Laster’s ruling underscores the extent to which privacy-related issues represent an area of significant corporate liability exposure.Continue Reading Court Denies Dismissal Motion in Facebook User Data Privacy Derivative Suit

In the midst of its battles with Elon Musk over Musk’s attempt to walk away from his proposed takeover of the company, Twitter was rocked by the news that a whistleblower had sent Congress and federal agencies explosive reports of “major security problems” at the company. According to the news reports, the whistleblower’s disclosure not only detailed privacy and cybersecurity vulnerabilities at Twitter, but also included allegations that company management had misled its own corporate board and government regulators about the vulnerabilities. Among other things, these revelations triggered a Congressional inquiry. And now, a plaintiff shareholder has launched a securities class action lawsuit against the company and several of its executives, based on the whistleblower’s allegations. As discussed below, the complaint has several interesting features.
Continue Reading Twitter Hit with Cybersecurity-Related Securities Suit Over Whistleblower Allegations

As readers of this blog well know, since the initial U.S. coronavirus outbreak in March 2020, plaintiffs’ lawyers have filed dozens of COVID-19-related securities class action lawsuits. Even though the coronavirus-related litigation phenomenon, like the coronavirus outbreak itself, is about to enter its third year, relatively few of the coronavirus-related securities suits have yet reached the motion to dismiss stage. However, last week the federal judge presiding over the coronavirus-related lawsuit filed against Zoom Video Telecommunications entered an order granting in part and denying in part the defendants’ motion to dismiss. The Court’s February 16, 2022 order, a copy of which can be found here, also presents an interesting perspective on the ways in which privacy and security issues can lead to potential securities law liability exposures.
Continue Reading Zoom Coronavirus-Related Securities Suit Dismissal Motion Denied in Part

Peter Selvin

In an October 19, 2021 decision in Twin City Fire Insurance Co. v. Vonachen Services, Inc., the Northern District of Illinois, applying Illinois law, addressed key insurance coverage issues under the D&O and EPL coverage parts of a management liability insurance policy. In the following guest post, Peter Selvin reviews and analyzes the decision. Selvin is a partner with Los Angeles-based Ervin Cohen & Jessup. A version of this article previously was published in the LA Daily Journal. I would like to thank Peter for allowing me to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Peter’s article.
Continue Reading Guest Post: Court Addresses Biometric Claims and Insurance Issues

Peter Selvin

In the following guest post, Peter Selvin discussed the Fifth Circuit’s July 21, 2021 decision in Landry’s Incorporated v. The Insurance Company of the State of Pennsylvania (here), which considered the question of coverage under a commercial general liability policy of damages from a data breach caused by a third-party hacker. Selvin is a partner with Los Angeles-based Ervin Cohen & Jessup. A version of this article previously was published in the LA Daily Journal. I would like to thank Peter for allowing me to publish his article on my site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is Peter’s article.
Continue Reading Guest Post: CGL Coverage for Data Breaches: New Developments

When companies are hit with cybersecurity incidents, class action privacy litigation often follows. However, claimants in these kinds of cases face a threshold challenge of showing they have suffered a sufficient “injury in fact” to establish that they have standing to assert their claims. The following guest post, written by Paul Ferrillo, Kristine Argentine, Emily Dorner, and Alexandra Drury of the Seyfarth Shaw law firm, provides a survey of the current state of play for the standing requirements in this type of litigation. I would like to thank the authors for allowing me to publish their article as a guest post on this site. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is the authors’ article. 
Continue Reading Guest Post: First There was Litigation; And Then There Was Standing

On July 6, 2021, after the Wall Street Journal reported that prior to DiDi’s June 30, 2021 U.S. IPO,  government authorities had urged the Chinese ride-hailing firm to postpone the offering, but that the company, under pressure from investors, had gone ahead with the IPO anyway, it seemed that it would only be a matter of time before DiDi would be hit with a U.S. securities lawsuit. Indeed, as it turned out, the same day the Journal article appeared, an investor filed a U.S. securities class action lawsuit against the company. As discussed below, the lawsuit is based on cybersecurity and privacy concerns relating to the company’s ride-hailing app. A copy of the investor’s July 6, 2021 complaint can be found here.
Continue Reading Chinese Ride-Hailing Firm DiDi Hit With Securities Suit Related to Its Recent IPO

In a very interesting June 16, 2021 opinion, the Ninth Circuit has reversed in part the district court’s dismissal of the privacy and cybersecurity-related securities class action lawsuit filed against Google- parent Alphabet, Inc, relating the company’s discovery of and decision not to disclose a software vulnerability that exposed user data of nearly half a million users of the Google+ social media site. The appellate court’s decision, a copy of which can be found here, could represent a significant development in the evolution of cybersecurity and privacy-related securities litigation.
Continue Reading Ninth Circuit in Part Reverses Dismissal of the Google+ User Data Securities Lawsuit