Facebook Moves to Dismiss Derivative Action Arising Out of Cambridge Analytica Scandal

On September 28, 2018, Facebook and its board of directors moved to dismiss a derivative action filed by Karen Sbriglio, a Facebook investor, alleging breach of a fiduciary duty.  The lawsuit, filed after revelations of the Cambridge Analytica scandal, claims the failure of Facebook’s leadership and governance in permitting the misappropriation of Facebook users’ data subjected it to public scrutiny, billions of dollars of lost market value, and significant fines and costs.  The basis of Facebook’s motion was that the company’s board, rather than…
Continue reading...

SEC’s First Cybersecurity Enforcement Has Many Lessons

The Securities and Exchange Commission recently announced its first ever cyber-related enforcement action in a case that all companies should look at as a refresher on cybersecurity hygiene. In the Matter of Voya Financial Advisors, Inc. was brought against the publicly traded company that manages over $500 billion after a security breach through several of its brokers acting as independent contractors for the company. These brokers typically accessed Voya clients’ PII through a password protected web portal while using their own IT equipment and networks.…
Continue reading...

Judge Rules No Standing to Pursue Fear Of “Hacker Harm”

Last week a judge in the Southern District of Illinois trimmed several claims from a class action complaint made against Chrysler and Harman International Industries stemming from a 2015 WIRED magazine article. The July 21, 2015 WIRED article described the author’s experience of being a “digital crash-test dummy, a willing subject on whom [two hackers] could test the car-hacking research they’d been doing over the past year.” Less than two weeks after the article was published, on August 4, 2015, the plaintiffs filed their class…
Continue reading...

The Burden of Establishing “Injury” in Data-Breach Class Action Lawsuits

Contrary to the predictions of various commentators, John Jablonski of Goldberg Segalla’s Cyber Risk and Social Media Practice Group explains how recent federal court decisions continue to hold a high standard for proving standing in data breach class action lawsuits. As John concludes in an article for Claims Management: “Standing may be easier for class-action plaintiffs to demonstrate if their data was hacked, but as these cases demonstrate, surviving a standing motion is not always as easy as commentators predicted it would be in…
Continue reading...

Can A SAFETY Act Designated Product Provide Cyber-Attack Liability Protection?

“So if you use FireEye’s product you basically are prevented from being sued in the criminal justice system of America, which can save a lot of money.” According to CEO Dave DeWalt’s recent comments, it sounds like the U.S. Government stamped FireEye with a seal of approval — a ringing endorsement that’s worth a closer look.  FireEye, Inc. was issued “Certification” under the SAFETY Act for its Multi-Vector Execution (MVX) Engine and Cloud Platform.  It isn’t the only SAFETY Act approved technology; DHS’s website…
Continue reading...

Sony Class Action Moves Forward

Because Sony’s former employees “face ongoing future vulnerability to identity theft” they can proceed with their class action, a California District Court ruled on Monday.  The case, Corona v. Sony Pictures Entm’t, Inc., is linked to the North Korean hackers who tried to stop Sony from releasing the movie The Interview.  It was filed less than a month after Sony became aware of the attack. Relying on the Ninth Circuit’s decision in Krottner v. Starbucks, the court held that the plaintiffs have…
Continue reading...

Recent Class Action Settlements By Target & Adobe

Adobe’s impending settlement in a class action comes just a month after Target settled claims for $10 million.  Although confirmatory discovery is ongoing according to Law360, Adobe and the named class members are expected to present their settlement proposal to District Judge Lucy Koh by the end of May.  Last year, both Adobe and Target lost motions to dismiss that challenged the plaintiffs’ Article III standing based on the U.S. Supreme Court’s 2012 decision in Clapper v. Amnesty International USA.  This may have been…
Continue reading...

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10…
Continue reading...

Cyber-Attack Class Actions Are On The Rise

After a barrage of media coverage over the release of The Interview, Sony Pictures now finds itself in federal court defending against seven class action lawsuits filed less than a month after the North Korean government hacked its computer system.  Sony became aware of this “unprecedented” attack, in which it reportedly lost over 100 terabytes of data, on the morning of November 24th.  The first class action complaint, Corona v. Sony Pictures Entm’t, Inc., was filed on December 15, 2014 —…
Continue reading...

Can Companies Pre-Emptively Avoid Class Action Suits from Massive Data Breaches? (A Blog Series)

There’s a constant flow of news about massive data breaches nowadays.  So much so that the question for companies with large amounts of personal data storage is no longer “if” it can happen but “when” it will happen.  In this series, we’re going to discuss one method that larger companies are using to significantly reduce the risk exposure to massive data breaches: click-wrap terms of use that require users to waive participation in class actions and instead only pursue claims by way of arbitration or…
Continue reading...