Analysis of Target Decision that Loss-of-Use Damages Included Card Replacement Costs Post-Data Breach | By Joshua Mooney, Judy Selby, and Tracey Kline | Kennedys Law

April 27th, 2022|Categories: Cyber Risk Litigation, Emerging Litigation & Risk, HB Emerging Law Notes, HB Risk Notes, Journal on Emerging Issues in Litigation, New Featured Post for Home Page|Tags: , , , , , , , , , |

A Significant Deviation: Target v. Ace Finds Loss-of-Use Damages Included Post-Breach Card Replacement Analysis On March 22, 2022, the United States District Court for the District of Minnesota ruled that two ACE insurers were obligated to indemnify Target Corporation (“Target”) for the amounts it paid to settle claims related to replacement of payment cards impacted in a data breach, vacating an earlier decision in which the court found that Target was not entitled to coverage. Target Corp. v. ACE Am. Ins. Co., No. 19-CV-2916 (WMW/DTS), 2022 WL 848095 (D. Minn. Mar. 22, 2022), vacating 517 F. Supp. 3d 798 (D. Minn. 2021). The new decision deviates from how other courts have evaluated general liability coverage for damages because of “loss of use of tangible property that is not physically injured.” Insurers would do well to take notice. Background In 2013, Target was the victim of a massive data breach that occurred after hackers installed malicious software on its computer network, which enabled them to steal the payment card data and personal contact information of an estimated 110 million individuals with Target payment cards (the “Data Breach”). Multiple lawsuits were brought against Target, including suits by financial institutions (the “Issuing Banks”) that had issued debit and credit cards (the “Payment Cards”) affected by the Data Breach. The Issuing Banks filed class action [...]

Cybersecurity and Data Privacy Year in Review 2021

March 21st, 2022|Categories: Cyber Risk, Cyber Risk Litigation, Emerging Litigation & Risk, HB Emerging Law Notes, Journal on Emerging Issues in Litigation, New Featured Post for Home Page|Tags: , , , , , , , , , , , , |

The Authors The authors are all attorneys with the Kennedys law firm (kennedyslaw.com). Joshua Mooney (joshua.mooney@kennedyslaw) and Judy Selby (judy.selby@kennedyslaw.com) are partners. Tracey Kline (tracey.kline@kennedyslaw.com) and Alexis Childs (alexis.childs@kennedyslaw.com) are associates. Bridget Mead, associate, and Javier Vijil, senior associate, also contributed to this article. Judy Selby is also a member of the Editorial Board of Advisors for the Journal on Emerging Issues in Litigation. Cybersecurity and Data Privacy 2021 in Review By Joshua Mooney, Judy Selby, Tracey Kline, and Alexis Childs Abstract: As the world emerged from lockdown, it should come as no surprise that cybersecurity and data privacy remained dominant topics in the media and legal industry. Some of 2021 was much like 2020—ransomware attacks continued to fill the headlines, and in the aggregate, constituted significant loss paid under cyber insurance policies. OFAC reminded victim companies and incident response firms (and cyber carriers) that it remains unlawful to pay ransom payments to designated organizations. Comprehensive federal legislation addressing cyber defenses and notification requirements never materialized. Yet in 2021, we saw new and significant developments. U.S. law continued its drift toward comprehensive privacy regulation with two new significant pieces of privacy legislation and California’s enforcement of the California Consumer Privacy Act. In the absence of federal legislation, federal agencies either [...]

Go to Top