Analysis of Target Decision that Loss-of-Use Damages Included Card Replacement Costs Post-Data Breach | By Joshua Mooney, Judy Selby, and Tracey Kline | Kennedys Law

April 27th, 2022|Categories: Cyber Risk Litigation, Emerging Litigation & Risk, HB Emerging Law Notes, HB Risk Notes, Journal on Emerging Issues in Litigation, New Featured Post for Home Page|Tags: , , , , , , , , , |

A Significant Deviation: Target v. Ace Finds Loss-of-Use Damages Included Post-Breach Card Replacement Analysis On March 22, 2022, the United States District Court for the District of Minnesota ruled that two ACE insurers were obligated to indemnify Target Corporation (“Target”) for the amounts it paid to settle claims related to replacement of payment cards impacted in a data breach, vacating an earlier decision in which the court found that Target was not entitled to coverage. Target Corp. v. ACE Am. Ins. Co., No. 19-CV-2916 (WMW/DTS), 2022 WL 848095 (D. Minn. Mar. 22, 2022), vacating 517 F. Supp. 3d 798 (D. Minn. 2021). The new decision deviates from how other courts have evaluated general liability coverage for damages because of “loss of use of tangible property that is not physically injured.” Insurers would do well to take notice. Background In 2013, Target was the victim of a massive data breach that occurred after hackers installed malicious software on its computer network, which enabled them to steal the payment card data and personal contact information of an estimated 110 million individuals with Target payment cards (the “Data Breach”). Multiple lawsuits were brought against Target, including suits by financial institutions (the “Issuing Banks”) that had issued debit and credit cards (the “Payment Cards”) affected by the Data Breach. The Issuing Banks filed class action [...]

Read More

The Impact of Sanctions on Russia on Global Financial Markets with Brad Rustin

March 17th, 2022|Categories: Cyber Risk Litigation, ELP, Emerging Litigation & Risk, HB Emerging Law Notes|Tags: , , , , , , , , , , , , |

The Impact on Global Financial Systems of U.S. Sanctions on Russia with Brad Rustin But what risks do American corporations and financial institutions face in light of these measures? What difficult reverberations will companies feel across the world? What should global businesses and FinTechs be doing right now to avoid, among other things, violating the restrictions imposed by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC)? What role will cryptocurrency play in all of this? Also, do institutions whose data are stored in Russia and Ukraine face an additional risk as a parallel (albeit less horrific) battle rages on in cyberspace? Listen to my interview with Brad Rustin, a partner with Nelson Mullins Riley & Scarborough LLP and chair of the firm’s Financial Services Regulatory Practice. Brad is a highly regarded FinTech law and industry expert. This will be apparent when you listen. Brad is also on the Editorial Advisory Board of the Journal on Emerging Issues in Litigation. This is a special rapid-release episode given we feel the insights Brad shares are insights business and FinTech’s -- and their attorneys -- urgently need to hear. This podcast is the audio companion to the Journal on Emerging Issues in Litigation, a collaborative project between HB Litigation Conferences and the Fastcase legal research family, which includes Full Court Press, Law Street Media, and Docket Alarm. The podcast itself [...]

Read More

To Pay or Not to Pay: Does Your Insurance Policy Cover Ransomware Losses? | By Pamela Hans | Anderson Kill

October 26th, 2021|Categories: Cyber Risk, Cyber Risk Litigation, Emerging Litigation & Risk, HB Emerging Law Notes, HB Risk Notes, Journal on Emerging Issues in Litigation|Tags: , , , , , , , , |

To Pay or Not to Pay: Does Your Insurance Policy Cover Ransomware Losses? Abstract Ransomware attacks are a rapidly growing threat against organizations. Paying ransom demands is a risky proposition and may even lead to sanctions against the targeted company. Either way, the damage to a company’s operation and integrity can be cripplingly severe. Should a company suffer losses from cyber extortion, its insurance company will be one of the resources it turns to for relief. But with cyber coverage increasingly out of reach for some, policyholders may find coverage in more traditional coverages. In this article, the author evaluates the potential for coverage under several policy types, and underscores the importance of understanding policy language, the relevant law, and the potential regulatory ramifications of meeting ransom demands. Author Pamela D. Hans (phans@andersonkill.com) is the managing shareholder of Anderson Kill’s Philadelphia office. Her practice concentrates on insurance coverage exclusively on behalf of policyholders. Pam is also a member of the firm’s COVID Task Group and Cyber Recovery Group. About The Journal on Emerging Issues in Litigation is a co-production of HB, Fastcase, and Law Street Media. You can also hear the complementary (and complimentary) Emerging Litigation Podcast wherever podcasts appear. For questions, contact Tom Hagy, Editor in Chief, at Editor@LitigationConferences.com.

Read More

Myriah Jaworski on Arbitration as Defense Against Data Breach Class Actions

March 19th, 2021|Categories: HB Emerging Law Notes, HB Risk Notes, HB Tort Notes, Journal on Emerging Issues in Litigation|Tags: , , , , , , |

Myriah Jaworski on Individual Arbitration as a Defense Strategy Against Data Breach Class Actions Abstract Data privacy class actions are proliferating. Defendant companies may find an effective defense strategy is moving to compel individual arbitration. Not all contracts have the appropriate language, however, and, even if they do, they may not succeed. This article, which will appear in the forthcoming issue of the Journal on Emerging Issues in Litigation, discusses U.S. privacy litigation and case law on compelling arbitration of class claims in the privacy law context, with recommendations for businesses to improve their chances of securing court orders that enforce arbitration language in their agreements. Author Myriah V. Jaworski, Esq. (mjaworski@beckage.com), is a member with the Beckage, a law firm specializing in technology, data security and privacy. She is a Certified Information Privacy Professional, United States (CIPP/US) and Certified Information Privacy Professional, Europe (CIPP/E). She leads Beckage’s Privacy Litigation Practice Group where she represents clients in data breach actions, technology vendor disputes, and the defense of consumer class actions and related regulatory investigations. Myriah is also a former Trial Attorney with the Department of Justice. About The Journal on Emerging Issues in Litigation is a co-production of HB, Fastcase, and Law Street Media. You can also hear the complementary (and complimentary) Emerging Litigation Podcast wherever podcasts appear. For [...]

Read More

The Cloud: Selected Benefits, Risks, and Insurance Coverage Issues (Part 1) — Barnes & Thornburg

May 6th, 2019|Categories: HB Risk Notes|Tags: , , , , , , , , , , , , , , , , |

  Cloud Risk: Do You Transfer Liability Along with Data? Many of us were using data clouds before we even knew what they were. Now, while most of us are comfortable with the concept, we may not be comfortable knowing who is liable when data is lost, damaged or breached. It's not a given that your cloud provider absorbs any liabilities, and it's not a given they can even afford the liability should it arise. Below are quotes from an article by Scott Godes, Kara Cleary, and Heidi Fessler of Barnes & Thornburg LLP on the subject, and a link to their complete article.  Godes, Cleary, and Fessler list several cloud-related risks: data breaches, data loss, interruption of access, compromised credentials and broken authentication, and denial of service.  But two other categories for concern are:  #1. BYOC, or Bring Your Own Cloud. Employees may be innocently using productivity applications that store work data on non-company clouds, in effect, "bringing their own clouds" to the workplace. #2. Multi-Tenancy. This involves risks posed when unrelated cloud users are sharing the same computing resources.  "Both the cloud provider and the user must be aware of system and data security to prevent a breach in the security. In addition, when a risk is realized, it may not always be clear who is at fault for the [...]

Read More

National Geographic Disclosed Customer Info, Class Action Says — Top Class Actions Blog

April 14th, 2019|Categories: HB Risk Notes|Tags: , , , |

"The National Geographic class action states that prior to and at the time that he subscribed to the magazine, the company did not notify him that it discloses the personal reading information of its customers. "Markham also claims that he wasn’t provided with any written notice that National Geographic makes a practice of renting, exchanging, or otherwise disclosing personal reading information to third parties, and provides no means of opting out. "However, the National Geographic information disclosure class action lawsuit says that since subscribing to National Geographic and between Mach 26, 2016 andJuly 30, 2016, National Geographic disclosed Markham’s personal reading information to data aggregators, data appenders, and/or data cooperatives." Read the complete post by Top Class Actions Editor Emily Sortor here.

Read More

Financial Institutions Struggle to Keep Up with ‘Changing Business Needs’ Such as Social Mobile Apps, and Getting Risk Data Quickly, Deloitte Report Suggests

January 27th, 2019|Categories: HB Risk Notes|Tags: , , , , , , , , |

Deloitte's report is based on a survey of 94 financial institutions around the world that operate in a range of financial sectors and with aggregate assets of $29.1 trillion. Deloitte's Edward Hida  -- financial risk community of practice global leader and a partner in Deloitte Risk and Financial Advisory -- posted his executive summary the latest Global Risk Management Survey which is the organization's eleventh. The report is a detailed one and Deloitte draws quite a few conclusions around the continued focus on cyber security, engagement of boards of directors, increase attention to non-financial risks, the potential of digital risk management, enterprise risk management, the proliferation of Chief Risk Officers, an increased reliance on stress testing and more. A couple figures jumped out at me which show at least two challenges to financial institutions. Hear this Deloitte professional at ICRMC in Toronto April 15-16! Respondents are finding "extremely challenging" the need to keep up with changing business operational needs, such as deployment of social mobile applications, data analytics and cloud-based risks. Also in the "extremely challenging" category, not surprisingly, are threats from "sophisticated actors," like foreign governments and crackerjack hacktivists. Other issues categorized as "extremely high priority "revolve around getting quality risk data quickly. Given the average length of time other studies show that a hacker can poke around in your network before you [...]

Read More

International Cyber Risk Management Conference | April 15-16, 2019 | Toronto

August 22nd, 2018|Categories: Conferences, HB Risk Notes|Tags: , , , , , , , , |

Get 10% off with promotion code HB2019 Check out the Agenda and Faculty Date: April 15-16, 2019 Venue: Metro Toronto Convention Centre 255 Front St. West Toronto, ON M5V 2W6, Canada Information Brownie Bokelman Email +1 (484) 844-0437 Ask for the list of attending organizations.   Photo: Tom Ridge, the first Secretary of the U.S. Department of Homeland Security and the 43rd Governor of Pennsylvania, speaking at ICRMC in 2017. Join 300 cyber insurance and risk professionals. Learn from a carefully selected faculty. Benefit from the program's impressive Steering Committee. Don't miss this great business opportunity!

Read More

A.I. Best Practices: Rules and Policies for Using Artificial Intelligence in Your Business

July 30th, 2018|Categories: HB Risk Notes|Tags: , , , , , |

  DATE: Sept. 27, 2018 TIME: 2 p.m. EDT; 1 p.m. CDT; 12 p.m. MDT; 11 a.m. PDT PLACE: Your computer or mobile device PRICE: $197* per dial-in site *Price is good through Aug. 16. After that it's $247. GROUPS ARE GOOD: Registering qualifies you to multiple attendees at your location. CLE: 1 credit Please send CLE questions to CLE@LitigationConferences.com SPEAKER: John Frank Weaver Attorney McLane Middleton Your registration includes: •  A site license to attend this webinar (invite as many people in one location as you can fit around your computer at no extra charge). • Downloadable PowerPoint presentations from our speakers. •  The opportunity to connect directly with speakers during the audience Q&A session. •  At least one-hour of CLE credit. Produced in collaboration with and their new Journal of Robotics, Artificial Intelligence & Law Nearly every industry is adopting or preparing to adopt artificial intelligence applications into their business practices. That's exciting. However, there are almost no government regulations for their use and few resources providing best practices that anticipate ethical considerations and forthcoming legal requirements. This lack of direction poses a serious problem as A.I. applications become more widespread. Businesses are creating their own ad hoc practices without considering the eventual government oversight and ethical consensus, which will result in costs and potential liability later when [...]

Read More

BitSight Releases eBook on Use of A.I. & Big Data in Continuous Cyber Risk Monitoring

July 18th, 2018|Categories: HB Risk Notes|Tags: , , , , , , , |

"With every reported data breach or cyberattack, the cyber risk landscape gets a little more complex. Cyber criminals create new attack vectors, cybersecurity professionals develop new controls to protect their systems, the criminals get to work circumventing the controls, and so on.The result of this back and forth is that cyber risk professionals have a huge variety of risk factors to worry about. In response, risk managers and security specialists need to develop extremely complex cybersecurity programs to make sure all of their bases are covered. "With so many cybersecurity risks to consider, it’s inevitable that some will receive less attention than they deserve. Unfortunately, these overlooked risk factors could play a role in your next cyberattack, and if your financial services firm isn’t prepared, that could be extremely costly." Read more.    We're looking forward to seeing the BitSight team in Bermuda Dec. 6-7, 2018, at the International Cyber Risk Management Conference.

Read More

International Cyber Risk Management Conference | Dec. 6-7, 2018 | Bermuda

June 23rd, 2018|Categories: Conferences, HB Risk Notes|Tags: , , , , , , , , |

Register  Use promotion code HB2018 and save 10% When Dec. 6-7, 2018 Agenda About Where Hamilton Princess & Beach Club 76 Pitts Bay Road, Pembroke Hamilton Bermuda HM 08 Questions and Sponsorship Opportunities Contact Brownie Bokelman by email or phone. +1 (484) 844-0437       Plan your year-end trip to Bermuda and join global cyber leaders from AIG, Aon, Chubb, Deloitte, Marsh and more. Now in its fifth year internationally . . . . ICRMC is delighted to expand its cyber conference to Bermuda at the invitation of the Bermuda Business Development Agency (BDA). Come learn from experts, networking and share experiences to help you manage the risk and impact caused by a cyber breach. HB is a proud affiliated marketing sponsor of this prestigious event.  World class event, with world class cyber leaders ICRMC Bermuda Session Highlights: The CISO Perspective Reinsurance and ILS – Managing Cyber CAT Risk From Blockchain to Crypto-Currency – Cyber Security Implications Employing AI in Cyber Risk Management See full conference agenda at bermuda.icrmc.com ICRMC Bermuda Speakers: Darius Delon, President, Risk Management 101 and Past Chair of RIMS Canada Council Anthony Belfiore, SVP and CSO, Aon Tom Pageler, Chief Security Officer, BitGo Inc Robert Parisi, Managing Director, Cyber Product Leader, Marsh The Hon E. David Burt JP, MP, Premier of Bermuda and Minister [...]

Read More

Cyber Security Summit: Seattle | July 19, 2018

May 31st, 2018|Categories: HB Risk Notes|Tags: , , , , |

Registration: $350 Pay just $175 with promo code HB2018 When 7:45am-6pm June 28, 2018 Where The Westin Seattle 1900 Fifth Avenue Seattle Interested in Sponsorship? Email Brownie Bokelman for more info. Check out all the great programs they run around the country and let us know if you're interested! Learn more.     HB is proud to announce its association with the annual Cyber Security Summit: Seattle, which connects C-suite and senior executives responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. Regular admission is $350, but use the HB promo code and get 50% off! It's HB2018. Admission gives you access to all interactive panels, discussions, catered breakfast, lunch and cocktail reception. Agenda Learn more about the sessions on incident response for CISOs, lessons learned about ransomware, and protecting your enterprise from employees and corporate spies. Faculty See who's speaking.  

Read More
Go to Top