Yesterday the United States Court of Appeals for the Seventh Circuit weighed in on the consumer class action standing issue.  The court found that Barnes & Noble customers have standing to pursue a class action concerning the hacking of the retailer’s PIN pads.  In doing so, the Seventh Circuit reversed a district court ruling dismissing the complaint for failure to adequately plead damages.  The Court of Appeals determined that the time value of money which had been removed from plaintiffs’ accounts (even though it was ultimately returned), the costs of credit monitoring, and the time invested to create new accounts all were sufficient to provide standing. Continue Reading The Seventh Circuit Weighs In On Standing

According to Reuters, late on Friday, the Department of Homeland Security (“DHS”) and the FBI issued a warning in a report, sent to firms at risk of an attack, that critical infrastructure industries may have been targeted in cyber-attacks as far back as May. The identified industries include nuclear, energy, aviation, water, critical manufacturing industries and government entities. The report indicates that hackers successfully compromised data at some of these targets. Further, the government believes that the attacks are ongoing. Continue Reading Feds Warn of Critical Infrastructure Attacks as CT Releases Report on Utility Company Cyber-Readiness

It is fitting that on the first day of Cybersecurity Awareness Month, new legislation takes effect regarding one of the most destructive types of malware.  In response to the rapidly increasing rate of computer extortion cases, the Connecticut Legislature has joined several states in creating a statute specifically targeting ransomware. Ransomware is a type of malicious software that prevents access to information in a computer system until a ransom is paid.

“An Act Concerning Computer Extortion by Use of Ransomware” goes into effect on October 1, 2017.  Under the Act, the use of ransomware is a class E felony, which provides for up to three years of imprisonment, a fine of $3,500, or both. Previously, computer extortion was prosecuted under established statutes regarding computer crimes, computer-related offenses, and extortion, as well as the penalties associated with those crimes.

Just last week, a Verizon Communications vendor misconfigured a cloud server that caused the information of 6 million Verizon customers to be exposed on-line. When a cyber incident or data breach occurs on your vendor’s watch, regardless of fault, you own the resulting legal obligations and costs. The best tools for managing the risk of using vendors are due diligence and adequate contract provisions. Continue Reading Protecting Data: Vendors May Be Your Weakest Link