Marquis v. SonicWall Lawsuit Ups the Breach Blame Game
When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.
Lawsuits can clarify how cybersecurity failures, breach evidence, and data-protection duties affect liability and organizational risk.
Search across headline titles and summaries.
Background for this topic.
A lawsuit is a court proceeding in which one party seeks a legal remedy from another. In information security, cases may allege inadequate protection of personal data, unauthorized access or use of systems, misuse of intellectual property, breach of a security contract, or failure to meet privacy obligations. A lawsuit is distinct from regulatory enforcement, although the same incident can lead to both.
For security practitioners, litigation can make operational records and technical evidence important. Organizations may need to preserve logs, alerts, system images, tickets, configurations, policies, and incident timelines in a reliable, access-controlled form; altering or routinely deleting relevant data can undermine fact-finding. Claims may also examine whether safeguards, vulnerability remediation, access controls, breach decisions, privacy disclosures, and supplier oversight matched documented risks and contractual duties. Clear control ownership and contemporaneous incident records therefore support both defense and accurate accountability, subject to applicable legal requirements.
Weekly headline count for the current query.
When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.
The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.
The spyware company must pay the tech giant $168 million in punitive and compensatory damages after a 2019 attack targeting 1,400 devices.
Several major companies in the finance sector were impacted by the third-party breach, prompting them to notify thousands of customers of their compromised data.
The proposed settlement would amount to roughly $20 per Apple product that has Siri enabled, for each plaintiff.
Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.
The security researcher who notified the media of the breach will be free from the city's lawsuit, but not without a caveat.
Delta argues that it lost hundreds of million of dollars in downtime and other costs in the aftermath of the incident, while CrowdStrike says it isn't liable for more than $10 million.
The city filed for a restraining order, claiming the researcher was working in tandem with the ransomware attackers.
Following the July 19 outages caused by a bad update, the cybersecurity firm faces shareholder lawsuits and pressure to pay damages for at least one major customer, by Delta Airlines. Will software liability follow?
Though TikTok is expected to adhere to certain COPPA-outlined measures, the social media giant has failed to meet those expectations, the Feds allege.
The case alleges a third-party marketer for the exercise giant improperly used customer chat data to train its AI models.
Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit?
The SEC's lawsuit may take years to resolve through litigation, but here are five things CISOs should do now to protect both themselves as individuals as well as their organizations.
In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules.
Responding to SEC charges, SolarWinds fired back with a detailed defense of how a Russian-backed cyber espionage attack on its system was handled.
The SolarWinds SEC lawsuit illuminates the potential risks faced by CISOs and other cybersecurity executives.
Google tracked privacy-conscious Internet users, and now it's paying for it.
Rackspace's 2022 ransomware attack only continue to mount, with lawsuits in the offing — and show the long-tail costs of a cyberattack.
A pair of lawsuits are part of a wider strategy to establish guardrails preventing AI-powered scams, frauds, and harassment, Google's general counsel says.