Fedex Becomes Victim of Latest Spat of Large Scale Cyber-Related Securities Class Actions

As if anyone needed yet another reminder of the invasive effect a cybersecurity event can have on a business, we need not to look any further than the  putative securities fraud class action lawsuits filed against global logistics giant FedEx. On June 26, 2019, the first lawsuit against FedEx was filed in the Southern District of New York. The complaint generally alleges that FedEx violated federal securities laws when it made allegedly fraudulent disclosures concerning the extent of the impact caused by the NotPetya malware…
Continue reading...

What Is Modern Warfare? Ninth Circuit Rules War Exclusions Do Not Preclude Coverage for First Party Loss Caused by Hamas Rocket Attacks

On July 12, 2019, the Ninth Circuit Court of Appeals found two “war” exclusions inapplicable, under California law, to a loss caused by 2014 hostilities between Israel and Hamas. Universal Cable Productions, LLC v. Atlantic Specialty Insurance Co., No. 17-56672, 2019 WL 3049034 (July 12, 2019). In doing so, the court overturned the Central District of California’s award of summary judgment in favor of Atlantic Specialty Insurance Company. The parties’ dispute arose out of Atlantic’s refusal to indemnify Universal for costs associated with Universal’s…
Continue reading...

House Representatives Ask Facebook to Halt Moving Forward with its Cryptocurrency

In the beginning of July 2019, four members of Congress in leadership roles in various committees in the House of Representatives issued a letter to Facebook’s executives calling for Facebook “to agree to a moratorium on any movement forward” with its proposed cryptocurrency, Libra, and proposed digital wallet, Calibra, citing concerns over “privacy, trading, national security, and monetary policy[.]”    In June 2019, Facebook announced its plan, which had been in development for a year, to create a cryptocurrency backed by financial assets assembled by the…
Continue reading...

Preparing Private Companies for Politically Motivated Cyberattacks

Law firms in the midst of large and publicly reported M&A deals, accounting firms during return season, and Facebook at just about any moment, should all assume that they are being targeted by hackers. However, the Department of Homeland Security’s (DHS) announcement that Iranian regime actors and proxies have been using “wiper” attacks adds a new indicator: geopolitical importance during politically sensitive times. The director of the Cybersecurity and Infrastructure Security Agency (CISA) released a tweet late last week notifying the public that Iran is…
Continue reading...

First Circuit Finds There is No Expectation of Privacy for IP Address Information

In an important holding regarding an individual’s constitutional right to protection from unreasonable searches, the United States Court of Appeals, First Circuit, held that a criminal defendant did not have a reasonable expectation of privacy in internet protocol (IP) address data that was acquired by the government from a smart phone application company without a search warrant. In U.S. v. Hood, — F.3d. –, 2019 WL 1466943 (1st Cir. 2019), a user of the smart phone messaging application Kik, who went by the username…
Continue reading...

Citrix Falls Victim to Password Spraying Attack

On March 6, the FBI alerted Citrix that cyber criminals accessed at least six terabytes of data stored on its servers. The data theft is particularly concerning because Citrix’s products and services are used by the vast majority of Fortune 500 companies, as well as by governments and militaries. The company, however, states that there is no indication that the security of any Citrix product or service was compromised in the attack. The hackers likely used a technique called password spraying to gain access. Password spraying is the…
Continue reading...

2018 Year in Review: Major Brands Falling Under Attack

After tallying them all up, 2018’s cyber attacks might not have come across as anything new to most individuals. However, while the number of people affected by data breaches in 2018 did not necessarily hit new records, the volume of attacks and as well as the number of individuals affected still signifies that this is a problem that won’t be going away any time soon. In 2018, billions of individuals were affected by data breaches. Cyber attacks increased by 32 percent over the prior year…
Continue reading...

In Pennsylvania, Employers (and Others) may be Liable for Failing to Protect Personal Information that They Collect

On November 21, 2018 Pennsylvania’s highest court ruled that employers in Pennsylvania have an affirmative legal duty to protect workers’ sensitive data from possible hacking.  This ruling has profound implications for employers, which may now be subject to liability for failing to take reasonable precautions to protect their employees from cyber attacks. In a proposed class action, employees of the University of Pittsburgh Medical Center sought damages after a data breach exposed the personal information – including names, dates of birth, addresses, Social Security numbers,…
Continue reading...

Lawyers Still Lag in Information Security Risk Management

The frequency and scope of data breaches are growing every day. Hackers have set their sights on law firms because of the treasure trove of valuable data they hold. News of cyberattacks against the legal community has been splashed across the covers of business publications and warned about by professional organizations for a number of years, so this isn’t anything new. What is astonishing, however, is that law firms are still lagging behind with respect to insurance coverage for cyber risks and the implementation of…
Continue reading...

Security Breach Compromises 50 Million Facebook Accounts

In the wake of concerns that the social media giant collects too much personal data, Facebook, Inc. discovered a security breach on September 25, 2018 that affected almost 50 million accounts. Recent privacy regulations, including those recently enacted in the European Union, may have forced Facebook into promptly reporting the breach just three days after it was discovered. Based on the breaking-news reports, the FBI is working with Facebook to investigate the breach to determine the extent of the breach, what information was accessed, whether…
Continue reading...