Category: Litigation & Regulator Actions
Federal Court Dismisses Bulk of SEC’s Complaint Against SolarWinds in Cyberattack Case
On July 18, 2024, US District Judge Paul Engelmayer of the Southern District of New York issued a detailed 107-page opinion and order dismissing most of the US Securities and Exchange Commission (SEC) case against SolarWinds and its chief information security officer (CISO). The SEC’s amended complaint alleged that SolarWinds and its […]
Fatal Flaws in SEC’s Amended Complaint Against SolarWinds
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and Exchange Commission (SEC) against SolarWinds and its chief information security officer (CISO), Tim Brown. Amici from the business community and the software industry, as well as […]
Fatal Flaws in SEC’s Amended Complaint Against SolarWinds
In March 2024, a coalition of more than 50 cybersecurity leaders and organizations called for dismissal of an amended complaint by the Securities and Exchange Commission (SEC) against SolarWinds and its chief information security officer (CISO), Tim Brown. Amici from the business community and the software industry, as well as […]
California Supreme Court Boosts Policyholders Seeking Coverage for Privacy Class Actions
Key takeaways In a recent opinion, the California Supreme Court ruled in favor of California-based tech giant Yahoo in a multiyear legal battle with the National Union Fire Insurance Company of Pittsburgh, Pennsylvania. The insurer had refused to defend Yahoo against five class action lawsuits alleging Yahoo violated provisions of […]
Data Disputes: How UK Class Action Landscape Is Shaping Up
Introduction The number of class actions brought in the UK is likely to grow considerably in the coming years. In particular, we expect claimant firms to continue making claims for misuse use of data where an issue affects a large number of individuals. This post: Introduces group and representative actions […]
SEC Enforcement Targets Cybersecurity Disclosures Again
Securities and Exchange Commission Chairman Gary Gensler has pledged to bring a renewed focus to robust enforcement of the federal securities laws. As we observed in a recent blog post, under Chairman Gensler and Director Gurbir Grewal, the SEC’s Division of Enforcement will be more aggressive in several arenas—including public company […]
US Supreme Court Narrows Scope of Computer Fraud and Abuse Act in Van Buren, Remands LinkedIn
On June 3, 2021, the US Supreme Court issued its decision in Van Buren v. United States in the Court’s first-ever interpretation of the Computer Fraud and Abuse Act (CFAA), the federal anti-hacking statute. Van Buren presented the question of whether someone “exceeds authorized access” under the CFAA, see 18 […]
Supreme Court Curtails FTC Authority to Obtain Monetary Relief via Section 13(b)
The FTC’s toolkit to enforce unfair and deceptive practices in the privacy and cybersecurity realm was reduced last week when the Supreme Court ruled that Section 13 of the FTC Act does not allow for monetary relief. Read more about the decision and its impact. The FTC retains authority to […]
New York Department of Financial Services Launches Enforcement of Cybersecurity Rules
The New York Department of Financial Services recently initiated its first action to enforce the department’s cybersecurity regulation. The regulation has been in effect since March 1, 2017 and applies to all financial institutions regulated by the NY DFS.
FTC Increasingly Looks to Public Companies’ SEC Disclosures for Privacy and Cybersecurity Enforcement Opportunities
While the FTC does not make its initial privacy and cybersecurity investigations public, there have been reports that the FTC has initiated an increasing number of privacy and cybersecurity-related enforcement actions following disclosures of privacy or cybersecurity incidents by public companies in their SEC filings.