Posts tagged litigation

Breach, damages, litigation, personal information, privacy, security breach litigation

California Federal Court Holds that Damages Properly Alleged in RockYou Data Breach Case

By InfoLawGroup LLP on April 19, 2011

In what may be a sign of an evolving judicial atmosphere and approach concerning data breach lawsuits, a Federal judge in the Northern District of California District Court recently refused to dismiss various causes of action related to a data breach involving RockYou. In particular, the Court explored the issue of whether the plaintiff sufficiently alleged "harm" arising out of the data breach. This blog post takes a look the highlights of the Court's decision.

Breach, consumer fraud law, damages, duty, employee, employee privacy, employer, litigation, negligence, notification, social security number

IL Appellate Court: No Duty Exists to Safeguard SSNs for Purposes of a Negligence Claim

By InfoLawGroup LLP on February 03, 2011

InfoLawGroup recently discovered a new data breach case, one of the first that we are aware of in the United States, that dives deep into the issue of whether a common law duty exists to safeguard personal information. In Cooney, et. al v. Chicago Public Schools, et. al¸ an Illinois appellate court actually rendered a decision holding that no such duty exists under Illinois law. In this blogpost we take a closer look at the court's rationale for dismissing the plaintiffs' negligence claim, as well as the other interesting holdings of the court.

behavorial advertising, CFAA, cookies, deep packet inspection, EPCA, flash cookies, hmtl5, litigation, mobile privacy, privacy, SCA, Security

While We Were Shopping, the Privacy Legal Risk Environment Shifts Again

By InfoLawGroup LLP on January 18, 2011

2010. What a year for data security and privacy, and the law. Choose whatever story you want: Facebook privacy practices, Google Buzz, Wikileaks data breach , TSA full body scanning at the airports, FTC Do Not Track, etc. I am having trouble thinking of a week (perhaps even a day) in 2010 where there wasn't a big privacy or data security story reported at a major media outlet. It is difficult to come up with an issue in 2010 (except perhaps "the economy" or the healthcare debate) that became more firmly lodged in the public consciousness than privacy and data security.While we were all thinking about Halloween and Thanksgiving, and trying to avoid the crush of Hanukah, Christmas and New Years, several privacy lawsuits were filed against online behavioral tracking companies and some of their clients. In my view these lawsuits and the activity that arises out of them (regulatory and otherwise) will be one of the big data security and privacy stories of 2011. What follows is a very brief listing of some the key lawsuits from 2010 that InfoLawGroup is aware of and tracking. There may be more that are not on the list (such is pace of change in this space) and if you know of others, please send them to me so I can list them here to serve as a resource for the larger privacy community. Over the course of 2011 (and beyond) InfoLawGroup will be taking a deeper look at these cases and providing updates as they progress through motion practice, trial and settlement.

damages, Hannaford, litigation, payment card, PCI DSS, security breach

"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit

By InfoLawGroup LLP on September 22, 2010

The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.

authentication, banking, Breach, FFEIC, liability, litigation, phishing, reasonable, reasonable security, UCC 4A-202

EMI v. Comerica: Court Finds Bank's Security is Commercially Reasonable -- Bank Loses Motion for Summary Judgment

By InfoLawGroup LLP on August 12, 2010

An odd result -- we know. We previously reported on the lawsuit filed by Experi-Metal, Inc. ("EMI") and the subsequent motion for summary judgment (and briefs) filed by Comerica Bank to have the case dismissed. As reported in July, the U.S. District Court for the Eastern District of Michigan has issued a ruling on Comerica's motion for summary judgment. To make a long story short, the Court denied Comerica's motion and this case appears headed toward trial (or potentially settlement). In the course of its ruling the Court found that Comerica had utilized commercially reasonable security procedures. However, that ruling had more to do with the language in Comerica's contracts than an actual substantive analysis of the reasonableness of Comerica's security. In this blogpost, we take a look at the Court's ruling.

authentication, banking, Breach, FFEIC, liability, litigation, phishing, reasonable, reasonable security, UCC 4A-202

EMI v. Comerica: Comerica's Motion for Summary Judgment

By InfoLawGroup LLP on June 30, 2010

Back in February 2010, we reported on an online banking lawsuit filed by by Experi-Metal Inc. ("EMI") against Comerica (the "EMI Lawsuit"). As you might recall this case involved a successful phishing attack that allowed the bad guys to get the EMI's online banking login credentials and wire transfer about $560,000 from EMI's account (the original amount was $1.9 million, but Comerica was able to recover some of that). The bad guys were able to foil Comerica's two factor token-based authentication with a man in the middle attack. Comerica did not reimburse EMI for the loss, and this lawsuit resulted. In April 2010, Comerica filed a motion for summary judgment in order to dismiss the case. The motion has been fully briefed by both sides, and this blogpost looks at the arguments being made by the parties