Category Archives: Lawsuit

lawsuit

Eleventh Circuit Vacates FTC Order against LabMD as Lacking Specificity Necessary to Protect Due Process Rights

The Court of Appeals for the Eleventh Circuit has overturned an FTC cease and desist order enjoining LabMD to install a reasonable data-security program, issued in response to the disclosure of a single computer file containing personal information regarding 9,300 customers. Agreeing with arguments from the now-defunct LabMD, the court determined “that the order is unenforceable because it does not direct LabMD to cease committing an unfair act or practice within the meaning of Section 5(a)” of the Federal Trade Commission Act (15 U.S.C. §…

Continue Reading....
471970744

FTC Settles False Representation Claim Against Mobile Phone Manufacturer

The Federal Trade Commission (FTC) has settled with BLU Products, Inc. over allegations that the unlocked mobile phone manufacturer allowed a third-party provider to collect detailed personal information about its consumers without their knowledge or consent. In 2016, BLU Products admitted that a third-party app called “Wireless Update” has been “collecting unauthorized personal data in the form of text messages, call logs and contacts from customers” on some devices. The FTC alleged that BLU Products, its co-owner, and president falsely claimed that only information needed…

Continue Reading....
iStock_000038012250_Large

Despite Recent High-Profile Dismissals, Wendy’s Shareholders Try Again with Cybersecurity-Related Derivative Lawsuit

The resilient plaintiff’s bar is not backing down from their quest to hold directors and officers personally liable for corporate misconduct that leads to cybersecurity breaches. Taking guidance from the failures which resulted in a string of dismissals of high-profile cybersecurity-related shareholder derivative lawsuits, a shareholder of the fast food-chain The Wendy’s Company is taking another shot to impose liability on corporate leadership for failing to take precautions against cyber-attacks. To be clear, these derivative cases are trying to hold the directors and officers liable…

Continue Reading....
iStock_000050437260_XXXLarge

Plaintiffs’ Monitoring Activity to Mitigate Increased Risk of Identity Theft Sufficient for Article III Standing in the Sixth Circuit

The Sixth Circuit, in a 2-1 majority decision, has reinstated a class action lawsuit against Nationwide Mutual Insurance Company, finding that the plaintiffs’ alleged “imminent, immediate and continuing increased risk” of identify fraud after hackers accessed personal data on Nationwide’s servers constituted a “cognizable injury” under Article III. The court’s unpublished decision cited a range of alleged damages from the plaintiffs’ complaint including the time and expense of monitoring their own credit, as well as a study “purporting to show that in 2011 recipients of…

Continue Reading....
lawsuit

Something to Keep an Eye On: Insurers and Insureds to Duke it Out in Data Breach Coverage Suit

A new Indiana coverage litigation regarding a CGL policy (and umbrella policy) may provide more guidance about how courts will approach data breach coverage under traditional insurance products. In National Fire Insurance Company of Hartford v. Medical Informatics Engineering, Inc. et al. (N.D. Ind., No. 16-cv-152), two CNA companies initiated a declaratory judgment action seeking a ruling they do not have the duty to defend or indemnify Medical Informatics Engineering, Inc. or NoMoreClipboard, LLC (collectively Medical Informatics) in relation to lawsuits filed against Medical Informatics. …

Continue Reading....

Recent Class Action Settlements By Target & Adobe

Adobe’s impending settlement in a class action comes just a month after Target settled claims for $10 million.  Although confirmatory discovery is ongoing according to Law360, Adobe and the named class members are expected to present their settlement proposal to District Judge Lucy Koh by the end of May.  Last year, both Adobe and Target lost motions to dismiss that challenged the plaintiffs’ Article III standing based on the U.S. Supreme Court’s 2012 decision in Clapper v. Amnesty International USA.  This may have been…

Continue Reading....

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10…

Continue Reading....

Hackers Charged with Stealing 1 Billion E-mail Addresses

The U.S. Department of Justice has unsealed indictments against three hackers for having broken into eight email service providers (ESPs), stealing 1 billion email addresses and names, and receiving $2,000,000 for the sale of products to those email addresses through a “spam” sales scheme. According to the indictments filed with the U.S. District Court for the Northern District of Georgia, Canadian David-Manuel Santos Da Silva and Viet Quoc Nguyen and Giang Hoang Vu from Vietnam used an email phishing scheme beginning in 2009 to gain…

Continue Reading....

Third Circuit Reviews FTC’s Authority To Enforce An “Unreasonable Failure” To Protect Against A Cyber Attack

Today, the Third Circuit heard oral argument in a case that may have a profound impact on the Federal Trade Commission’s enforcement authority over corporate cybersecurity.  The question presented to the Court of Appeals is whether the FTC can pursue an enforcement action against a company under Section 5 of the FTC Act if the FTC believes that a cyber-hack occurred due to the company’s “unreasonable failure” to protect consumer data. The FTC alleges that Wyndham Worldwide did not “employ reasonable and appropriate measures to…

Continue Reading....

Cyber-Attack Class Actions Are On The Rise

After a barrage of media coverage over the release of The Interview, Sony Pictures now finds itself in federal court defending against seven class action lawsuits filed less than a month after the North Korean government hacked its computer system.  Sony became aware of this “unprecedented” attack, in which it reportedly lost over 100 terabytes of data, on the morning of November 24th.  The first class action complaint, Corona v. Sony Pictures Entm’t, Inc., was filed on December 15, 2014 —…

Continue Reading....