Cyber/Data Privacy

Subscribe to Cyber/Data Privacy

Cyberattacks on corporate networks are on the rise, and the ramifications from such an attack can be financially devastating. Recent benchmarking data shows that the number of material cyber breaches at large businesses increased by 20.5% from 2020 to 2021, with cybersecurity budgets across various industries aimed at preventing breaches jumping 51%.[1] Although companies

In a unanimous decision, the Ohio Supreme Court found that appellee EMOI Services, LLC’s (“EMOI”) businessowners insurance policy does not cover losses resulting from a ransomware attack on EMOI’s computer software systems.

Continue Reading Ohio Supreme Court Holds that Insurance Policy Does Not Cover Ransomware Attack on Software

In May 2022, the Illinois Supreme Court heard oral arguments in Cothron v. White Castle System, Inc. — a case that will have a substantial impact on the liability for violating the Illinois Biometric Information Privacy Act (“BIPA”).  BIPA is considered to be among the most robust law in the U.S. governing biometric privacy, and Illinois is among the few jurisdictions permitting private suits for the unlawful collection, storage of such data.  Since its inception in 2008, BIPA has been the source of a flurry of lawsuits, many of which have resulted in substantial settlements.  The court is set to determine how to calculate the number of individual BIPA violations, whether damages accrue each time an employee scans her fingerprint, or whether the first recorded scan is the sole violation.  If the Illinois high court determines that damages accrue with each scan and BIPA violations are ongoing, then the potential damages for BIPA lawsuits would increase exponentially and open a flood of new claims.  Fortunately, insurance policyholders have had recent success arguing that coverage exists for BIPA violations under Commercial General Liability (“CGL”) policies.  A plaintiff-friendly ruling in the Cothron case would make the ability to recover under these policies even more important, and potentially open additional avenues for recovery.  In anticipation of this important ruling, this article provides a brief background on BIPA and summarizes the key decisions relating to insurance recovery of BIPA damages.

Continue Reading Update on Case Law Developments for BIPA Damages and Insurance Recovery for BIPA Claims

On May 7, 2021, the operator of a major pipeline system that transports fuel across the East Coast fell victim to a ransomware attack that resulted in a six-day shutdown. Over the following week, East Coast stockpiles of gasoline dropped by about 4.6 million barrels and gas prices surged to their highest levels in six and a half years. The 5,500-mile-long pipeline provides roughly 45 percent of the fuel supplies for the East Coast, representing critical infrastructure for consumers from the Gulf Coast to Linden, New Jersey. Under mounting public pressure to respond and devastating losses to the company’s operational income, the operator authorized a ransom payment of $4.4 million to hackers. On May 31, 2021, one of the world’s largest meat suppliers disclosed that it was targeted by a ransomware attack that forced the company to shut down its meat processing plants in North America. As the meat processing plants depend on automation and computers for the production process, as well as processing of orders, billing and shipping, the company had no choice but to shut down operations. The company has not disclosed if it paid a ransom as part of its efforts to get back online.

Continue Reading Cyber-Insurance Considerations for Healthcare Providers Related to Ransomware Attacks