Fedex Becomes Victim of Latest Spat of Large Scale Cyber-Related Securities Class Actions

As if anyone needed yet another reminder of the invasive effect a cybersecurity event can have on a business, we need not to look any further than the  putative securities fraud class action lawsuits filed against global logistics giant FedEx. On June 26, 2019, the first lawsuit against FedEx was filed in the Southern District of New York. The complaint generally alleges that FedEx violated federal securities laws when it made allegedly fraudulent disclosures concerning the extent of the impact caused by the NotPetya malware…
Continue reading...

What Is Modern Warfare? Ninth Circuit Rules War Exclusions Do Not Preclude Coverage for First Party Loss Caused by Hamas Rocket Attacks

On July 12, 2019, the Ninth Circuit Court of Appeals found two “war” exclusions inapplicable, under California law, to a loss caused by 2014 hostilities between Israel and Hamas. Universal Cable Productions, LLC v. Atlantic Specialty Insurance Co., No. 17-56672, 2019 WL 3049034 (July 12, 2019). In doing so, the court overturned the Central District of California’s award of summary judgment in favor of Atlantic Specialty Insurance Company. The parties’ dispute arose out of Atlantic’s refusal to indemnify Universal for costs associated with Universal’s…
Continue reading...

Internet of Things Cybersecurity Improvement Act

On January 1, 2020, California’s “Security of Connected Devices” law (Senate Bill No. 327), which was enacted in 2018, will require companies that manufacture any device that connects “directly or indirectly” to the Internet that is sold in California to incorporate within the device “a reasonable security feature or features.” What constitutes as a “reasonable security feature” is largely undefined, but if the device is capable of authentication outside of a local area network (LAN), then the security will be deemed reasonable if a preprogrammed…
Continue reading...

House Representatives Ask Facebook to Halt Moving Forward with its Cryptocurrency

In the beginning of July 2019, four members of Congress in leadership roles in various committees in the House of Representatives issued a letter to Facebook’s executives calling for Facebook “to agree to a moratorium on any movement forward” with its proposed cryptocurrency, Libra, and proposed digital wallet, Calibra, citing concerns over “privacy, trading, national security, and monetary policy[.]”    In June 2019, Facebook announced its plan, which had been in development for a year, to create a cryptocurrency backed by financial assets assembled by the…
Continue reading...

Preparing Private Companies for Politically Motivated Cyberattacks

Law firms in the midst of large and publicly reported M&A deals, accounting firms during return season, and Facebook at just about any moment, should all assume that they are being targeted by hackers. However, the Department of Homeland Security’s (DHS) announcement that Iranian regime actors and proxies have been using “wiper” attacks adds a new indicator: geopolitical importance during politically sensitive times. The director of the Cybersecurity and Infrastructure Security Agency (CISA) released a tweet late last week notifying the public that Iran is…
Continue reading...

Part 1: The California Consumer Privacy Act — What Insurers Need to Know

Assembly Bill No. 375, better known as the California Consumer Privacy Act (CCPA), is likely the most robust and sweeping privacy law in the United States. This is not surprising as California is notoriously at the forefront of passing privacy legislation, even though close to 20 other states are also taking steps to pass similar legislation. The CCPA, which becomes effective January 1, 2020, creates a number of consumer rights regarding the collection, storage, selling, and processing of personal information, as well as corresponding business…
Continue reading...

Considering Legal Privileges in the Cybersecurity Context

Any organization that is cognizant of its cybersecurity obligations faces a fundamental problem: the greater the effort to increase security, the greater the number of documents generated, memorializing those efforts. Those documents could be discoverable in the event of litigation. The law of privilege in the context of pre-breach planning, including application of the attorney-client relationship to third-party technology vendors and security engineers, remains largely uncharted. The thought leaders at The Sedona Conference are taking steps to help frame the dialogue and set the stage…
Continue reading...

Everybody’s Buying Cyber… Why Aren’t You?

A recent market survey shows companies are getting the message that purchasing cyberinsurance is a corporate imperative today. According to a recent AM Best Market Segment Report, direct premiums written for U.S. cyberinsurance policies from 2015 to 2018 have doubled to $2 billion. Three million cyberinsurance policies were in force in 2018, an increase from 2.6 million in 2017. Admittedly, premium growth has slowed to 12.6 percent in 2018, although that may be due in part to the number of companies using captives for their…
Continue reading...

Federal Court Rejects Data Breach Suit Alleging a Breach of a Privacy Policy Involving Major Airline

Even as federal courts become more lenient with affording standing in data breach lawsuits, limits remain to the type of claims courts will permit to proceed. The United States District Court for the Central District of California provided a recent example on June 18, 2019, in dismissing a suit against Delta Air Lines arising from a data breach suffered in 2017 by a vendor for Delta that supports the company’s website by providing chat services and collecting customer data.  In McGarry v. Delta Air Lines,
Continue reading...

Apple Accused of Unlawfully Disclosing Users’ iTunes Data

Drawing on public criticism of Apple Inc.’s (Apple) privacy practices, in a class action complaint filed in the Northern District of California on May 24, 2016, several Apple users have accused Apple of selling its customers’ personal information and iTunes listening history to third-parties in an effort to “supplement its revenues and enhance the formidability of its brand[.]” The named plaintiffs in the proposed class action are Leigh Wheaton, a resident of Rhode Island, and Jean and Trevor Paul, residents of Michigan. Each have alleged…
Continue reading...