Analysis of Target Decision that Loss-of-Use Damages Included Card Replacement Costs Post-Data Breach | By Joshua Mooney, Judy Selby, and Tracey Kline | Kennedys Law

April 27th, 2022|Categories: Cyber Risk Litigation, Emerging Litigation & Risk, HB Emerging Law Notes, HB Risk Notes, Journal on Emerging Issues in Litigation, New Featured Post for Home Page|Tags: , , , , , , , , , |

A Significant Deviation: Target v. Ace Finds Loss-of-Use Damages Included Post-Breach Card Replacement Analysis On March 22, 2022, the United States District Court for the District of Minnesota ruled that two ACE insurers were obligated to indemnify Target Corporation (“Target”) for the amounts it paid to settle claims related to replacement of payment cards impacted in a data breach, vacating an earlier decision in which the court found that Target was not entitled to coverage. Target Corp. v. ACE Am. Ins. Co., No. 19-CV-2916 (WMW/DTS), 2022 WL 848095 (D. Minn. Mar. 22, 2022), vacating 517 F. Supp. 3d 798 (D. Minn. 2021). The new decision deviates from how other courts have evaluated general liability coverage for damages because of “loss of use of tangible property that is not physically injured.” Insurers would do well to take notice. Background In 2013, Target was the victim of a massive data breach that occurred after hackers installed malicious software on its computer network, which enabled them to steal the payment card data and personal contact information of an estimated 110 million individuals with Target payment cards (the “Data Breach”). Multiple lawsuits were brought against Target, including suits by financial institutions (the “Issuing Banks”) that had issued debit and credit cards (the “Payment Cards”) affected by the Data Breach. The Issuing Banks filed class action [...]

Moving Your Corporate Data to the Cloud: Top 13 Things to Think About as you Review Your Hosting Agreement — Judy Selby Consulting

May 6th, 2019|Categories: HB Risk Notes|Tags: , , , , , , , , , , , |

Some data migration risks can be mitigated at the cloud contract stage, Allison Bird, Judy Selby’s partner at Clearview Privacy Consulting LLC, explains. Regarding indemnification, Bird says, "If data is lost or exposed by the hosting company, your company as well as any affiliates who use the services will be subject to suits from clients and individuals whose data was impacted.  You may also be subject to regulatory scrutiny which could result in legal costs and regulatory penalties.  To the extent possible, negotiate a full indemnification of third party claims arising out of the hosting services." She says the limitation of liability section of your hosting agreement "may be the single most important" part.  "Your hosting company may make a lot of promises in the agreement.  However, if their liability under the agreement is significantly capped, you won’t receive the monetary compensation necessary to make up for hosting company’s acts and omissions that damage the company. Negotiations for a higher cap will translate into real dollars in the event of a security incident." Of course, insurance is always a good solution if done right. "You can negotiate the perfect contract but unless your hosting company has a deep pocket, it may not have sufficient capital to make good on contractual obligations in the event of a breach or data loss situation, especially one [...]

Go to Top