Sony Cyberattack Lawsuit Settles for $8 Million and Establishes the New Mass Tort Class Action

Stacks of 20 dollars banknotes

The emergence of the cyber attack class action as the new mass tort was further evidenced when Sony, less than one year after the first class action was filed, has agreed to pay up to $8 million to reimburse current and former employees for losses, preventative measures and legal fees related to last year’s data breach. The agreement must still be approved by a federal judge in the Central District of California, but, under the proposed terms, Sony will pay “up to $10,000 a person, capped at $2.5m, to reimburse workers for identity theft losses, up to $1,000 each to cover the cost of credit-fraud protection services, capped at $2m, and up to $3.5m to cover legal fees.” According to recent court filings, the settlement was reached on September 1, 2015, a ...
Continue Reading...


On the Rise: Cyber Breach Actions Take Center Stage

iStock_000010623991_Medium Yet another class action lawsuit has been filed following a cyber attack, this time against Excellus Health Plan Inc. and Lifetime Healthcare Inc. in federal court for the Western District of New York. The lawsuit was brought by self-proclaimed “New York City’s largest personal injury and mass-tort plaintiffs’ law firm” and the former employer of New York’s disgraced Assembly Speaker Sheldon Silver, who reportedly collected about $4 million in bribes and kickbacks during his employment, Weitz & Luxenberg P.C., as co-counsel with Faraci Lange LLP. The suit claims Excellus was negligent in maintaining the security of data, failing to identify the breach and failing to take necessary steps to ensure the system was secure.  In particular, the complaint highlights the fact that hackers gained access for twenty months before Excellus detected ...
Continue Reading...

Out of Security Concerns, Navy Tells Midshipmen to Look to the Stars

US Navy The United States Navy is now requiring its midshipmen to learn a skill that seems more relevant in the 19th Century rather than the 21st century: how to navigate by the stars. The training is limited to just a few hours, but will serve a critical function. Computers aboard a ship are susceptible to cyber attacks and Navy personnel need a backup system should the computers fail. On the open ocean, this means looking to the stars. The Navy taught celestial navigation until 2006 and re-instituted classes for current ship navigators in 2011. European leaders in Russia and Germany have also implemented “low-tech” solutions to the growing threat of cyber-breach, with both nations reporting in 2014 that they would use manual typewriters in place of email for their most sensitive documents. ...
Continue Reading...

Not If, But When: Another Health Insurer Hacked

iStock_000050437260_XXXLarge This post first appeared on Goldberg Segalla’s Insurance & Reinsurance Report blog. In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus BlueCross BlueShield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack. Hackers took information on approximately 10 millions customers including seven million from Excellus and three million from associated entities. Company IT officials first discovered the intrusion on August 5, 2015 and found that the initial attack took towards the end of December in 2013. According to a news release, hackers may have gained access to the following types of information: name, address, telephone number, ...
Continue Reading...

NAIC and CSIS Host Cyber Risk Conference

iStock_000038012250_Large On September 10, 2015, the National Association of Insurance Commissioners (NAIC) and the Center for Strategic and International Studies (CSIS) hosted a conference entitled “Managing Cyber Risk and the Role of Insurance.” Over 300 individuals attended, including more than 30 insurance regulators, senior representatives from the U.S. Departments of Treasury and Homeland Security, and representatives from the private sector. The primary focus of the conference was to explore how the insurance industry can assist in mitigating the damages that result from a cyber attack. However, to do this and to offer appropriate products for mitigating this risk, the insurance industry needs to better understand the role of the insurance industry in mitigating cyber attacks and to do a better job understanding the threat and true cost of these attacks. The CSIS ...
Continue Reading...

Data Breach “Sky Is Falling”

(C) Luka Azman Much like Chicken Little, data breach vendors and pundits continue to decry that the data breach sky is falling!  But is it?  A group of researchers set out to answer this very question. “Neither size nor frequency of data breaches has increased over the past decade,” concludes a new statistical analysis by Benjamin Edwards, Steven Hofmeyr and Stephanie Forrest presented during the June 2015 Workshop on the Economics of Information Security in the Netherlands. Instead, the three argue, the increases that have attracted recent media attention can be explained by normal models. Their article, “Hype and Heavy Tails: A Closer Look at Data Breaches,” explains: Some of our results seem counter-intuitive given the current level of concern about privacy and the damage that a data breach can cause. However, some ...
Continue Reading...

PwC Issues 2015 Cybercrime Survey Results

computer crime “It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with the actual number to be even higher as many incidents remain undetected. The report identified a number of trends in seven key areas, briefly summarized below, and overall indicates that while cybersecurity risks continue to increase, businesses and organizations must remain proactive and vigilant across a number of fronts to defend ...
Continue Reading...

Military Retaliation in the Age of Cyber Warfare

iStock_000018506151_Large The Obama administration has concluded that the recent Chinese cyberattack on the Office of Personnel Management rises above the level of traditional espionage, and that retaliation is the most suitable response to the theft of 20 million American’s personal information. Exactly what the retaliation may entail and when it will come, however, are open questions. Over the past year, United States government and military computer systems have been compromised by what many believe are foreign governments, including Russian attacks on the White House, State Department and Pentagon, as well as the Chinese attack on OPM. Foreign governments have also been accused of attacking private computer networks, including the highly publicized attack on Sony last December by North Korea and the December 2014 attack on the Sands Casino by Iranians. Disrupting ...
Continue Reading...

DHS – “Privacy Problems with CISA”

Data Protection The Senate is expected to begin debate this week on S.754, the Cybersecurity Information Sharing Act (CISA) and at least one government agency is raising privacy and civil liberties concerns with respect to this legislation. Specifically, the Department of Homeland Security (DHS) is concerned that the desire to share information in real time could prevent it from scrubbing the data to erase personal identifiable information or other private information contained in the data. The primary purpose of CISA is to encourage the sharing of cyber threat indicators between federal agencies, the private sector and other governmental entities. The hope is to prevent or, at the very least mitigate, the effects of a cyber attack. An important component of this information sharing is “real time collaboration” between all of these entities. ...
Continue Reading...

Federal Cyber Legislation – Hurry Up and Wait

iStock_000050437260_XXXLarge Despite the increasing number of data breaches, legislation to address this issue at the Federal level is at a standstill (or close to it). As has been noted in a variety of venues, currently, there is no comprehensive federal law to deal with data breaches. The federal law that does exist is centered on privacy issues for specific industries, e.g., Health Information Portability and Accountability Act (HIPAA) for health information and the Gramm-Leach Bliley Act (GLB) for financial information. While most states and the District of Columbia have some legislation and/or regulation that addresses data breaches, each law is state specific and, in many cases, inconsistent from state to state. Congress is now considering H.R. 1770, the Data Breach Notification Act of 2015, in an effort to address the patchwork ...
Continue Reading...