Category: Litigation of Data Breaches

1
Open Government? – political misstep leads to privacy breach
2
US Court signals that proving data breach class actions will be difficult
3
Facebook’s Potential $70 billion Legal Challenge
4
Abbott Labs makes a costly mistake as FDA targets cybersecurity deficiencies
5
Is your IoT device putting you at risk?
6
You are not alone! Rasomware attacks increase
7
US Government charges two Russian spies for 2014 Yahoo data breach
8
Was Mickey Mouse hacked?

Open Government? – political misstep leads to privacy breach

By Cameron Abbott and Keely O’Dowd

Navigating the political terrain and party politics can be a treacherous journey for any politician.

Recently, we have been captivated by a political misstep that involved the tabling of approximately 80,000 confidential and unredacted Cabinet documents of a former Government in the Victoria Parliament. In usual circumstances, these documents would have remained confidential for 30 years, unless the former Government consented to the release of the documents.  However, in an attempt to seek an advantage in the political arena, the Victorian Government of the day decided to release these documents in Parliament and online.

Read More

US Court signals that proving data breach class actions will be difficult

By Andrew C. Glass, David D. Christensen, Cameron Abbott and Matthew N. Lowe

In the US, several attempts at class actions for those affected by a data breach have failed challenges in early procedural stages.  In Dieffenbach v. Barnes & Noble, Inc., 887 F.3d 826 (7th Cir. Apr. 11, 2018), the Seventh Circuit allowed a data breach class action to survive the pleadings stage.  At the same time, the Court indicated that the plaintiffs may have a tough time proving their claims on the merits or establishing that class certification is warranted.  At the end of the day, the Dieffenbach decision may prove to be less of a boon and more of a bust for plaintiffs in data breach class actions.  Although it may provide a means to get into court, the decision makes clear that obtaining a favorable outcome may be a “difficult task.”  For a full summary of the Dieffenbach decision please see our client alert here.

Facebook’s Potential $70 billion Legal Challenge

By Rob Pulham, Warwick Andersen and Georgia Mills

In another blow to embattled Facebook, British and US lawyers have launched a class action lawsuit against the social media giant, along with Cambridge Analytica and two other companies for allegedly misusing the data of over 87 million people.

Read More

Abbott Labs makes a costly mistake as FDA targets cybersecurity deficiencies

By Cameron Abbott and Giles Whittaker

The Food and Drug Administration (FDA), after a previous warning in 2014, threatens legal action against Abbott Labs if the company fails to address safety and security issues in implanted cardiac devices sold by St Jude Medical – a recent subsidiary acquired by Abbott Labs. The internet of things takes a much more serious tenure when it’s a medical device compared to your fridge!

The company recently purchased St. Jude Medical, which makes implanted cardiac devices that have been the subject of cybersecurity concerns. A warning letter issued by the FDA gives Abbott Labs 15 days to submit a plan to address errors in the products’ design that could allow hackers to tamper with the settings and drain the batteries of the devices. Many of the cybersecurity concerns first came to light after medical device security research firm MedSec submitted a report outlining a variety of alleged security flaws in St. Jude products to investment firm Muddy Waters Research (MWR). MWR subsequently publically announced the product design failures while short-selling St. Jude Medical’s stock in order to capitalise on the expected market response.

As the public increases its awareness of cybersecurity issues it becomes apparent that a failure to adequately consider these issues – as a day to day function of operating a business or prior to the acquisition of a new business – can result in significant damage to a company’s bottom line. The recent short-selling by MWR indicates the necessity for cybersecurity considerations to form central in a company’s business model, otherwise risk having its inadequacies called out in a public forum. And we are not even thinking about what litigation liability risk these sorts of issues might raise.

Is your IoT device putting you at risk?

By Cameron Abbott and Giles Whittaker

As the uptake of IoT (Internet of Things) devices increases, industry experts question whether adequate cybersecurity measures are in place. While we are not surprised with the results of a recent survey, it has been confirmed that IoT devices represent the next big cybersecurity threat.

A Tripwire study found 96% of surveyed IT pros expect to see an increase in security attacks on IoT. The study acknowledges the promise of these devices in facilitating tasks and bringing convenience, but also notes the risk they pose as they’re not always built with security in mind. The study found the industries facing the biggest threat include energy, utilities, government, healthcare and finance with devices connecting the Industrial Internet of Things viewed as susceptible to serious consequences. David Meltzer, COO at Tripwire, says there must be a change in the level of preparation for such attacks or the realization of these risks will be experienced.

You are not alone! Rasomware attacks increase

By Cameron Abbott and Giles Whittaker

While no one likes to admit that they have been caught out or victimised by cyber-attacks such as ransomware, what appears to be true is that a lot of organisations are. The lesson is that it is quite likely to happen so design your IT systems to give you a recovery option. No good having your back up encrypted as well!

A survey (reg. req.) of IT security decision makers by CyberEdge found that a whopping 61% of respondents’ organizations were victimized by ransomware in 2016. Among those hit by ransomware, 33% paid the ransom to recover their data, 54% refused to pay but recovered their data anyway, and 13% refused to pay and lost their data. In general, the report found the percentage of organizations being hit by successful cyber-attacks continues to rise, from 62% in 2014 to 70% in 2015, 76% in 2016, and 79% in 2017. Three in five respondents believe a successful cyber-attack is likely in the coming year.

 

US Government charges two Russian spies for 2014 Yahoo data breach

By Cameron Abbott and Giles Whittaker

US federal authorities have charged 4 men – including 2 Russian spies – in regards to the massive 2014 Yahoo data breach that resulted in the stolen data of over 500 million Yahoo accounts in 2014.

It is speculated that the Russian government used the information obtain to conduct a range of espionage activities, including the targeting of “Yahoo trade secrets that contained, among other data, subscriber information including users; names, recovery email accounts, phone numbers and certain information required to manually create or “mint,” account authentication web browser “cookies” for more than 500 million Yahoo accounts” according to an indictment.

In addition to the above Alexsey Belan – a 29 Latvian born Russian national – was able to steal financial information such as gift cards and credit card numbers from webmail accounts and used the accounts to profit from earning commissions on fraudulently redirecting a subset of Yahoo’s search engine traffic.

As the frequency and severity of cyber attacks increase, Director of the FBI James Comey identified the priority “to pierce the veil of anonymity surrounding cyber crimes,” and that US national security authorities “are shrinking the world to ensure that cyber criminals think twice before targeting U.S. persons and interests.”

Was Mickey Mouse hacked?

By Cameron Abbott and Rebecca Murray

Disney Interactive has notified users of its Playdom Forum that hackers have stolen personal information, which could put their privacy and online security at risk. The hackers acquired usernames, email addresses, and passwords for playdomforums.com accounts as well as IP addresses. Disney has not disclosed how many users have been affected, although the forum is said to have over 350,000 members. Read Disney Interactive’s statement here.

Copyright © 2018, K&L Gates LLP. All Rights Reserved.