Home Insights Data Breaches May Cost Corporations and Their Directors Dearly

Data Breaches May Cost Corporations and Their Directors Dearly

Publication
March 20, 2017
Author: Kelly Ruane Melchiondo

Yahoo! has taken several hits in the last six months for failing to protect its users' electronic information. Its September, 2016 announcement of a massive 2014 data breach that exposed the email addresses and other personally identifiable information ("PM") of approximately 500 million accountholders derailed its proposed merger with Verizon and sent Yahoo! stock prices plummeting. Mere months later, in December, 2016, Yahoo! announced a second attack in which hackers exposed or stole information for another 500 million users. The United States Department of Justice has announced the indictment of two Russian hackers believed to be responsible for the security breach.

Earlier this month, Yahoo! announced that an independent internal investigation revealed that Yahoo!'s senior executives, including CEO Marissa Mayer, "failed to properly comprehend or investigate" the 2014 security breach. Yahoo!'s general counsel resigned without severance for his department's inadequate response to the breaches, and Mayer agreed to forego her annual bonus and stock award.

Yahoo! users have filed at least 23 lawsuits in multiple jurisdictions, which have now been consolidated for multidistrict litigation in federal court in San Jose, California.

On January 24, 2017, Yahoo!'s shareholders filed a derivative lawsuit in Delaware Chancery Court against Yahoo!, Mayer and other Yahoo! executives. The complaint in Oklahoma Firefighters Pension Fund and Retirement System et al. v. Eric Brandt et al., is sealed, but is reported to allege that Yahoo! and its executives breached their fiduciary duties to shareholders by failing timely to disclose data security breaches to Yahoo! accountholders. This appears to be the first case of its kind, in which a company's handling, or mishandling, of a data breach, might expose the company and its officers and directors to liability to the company.

Florida companies suffer data breaches or attempted data breaches every day. The stringent reporting requirements in Florida's data breach statute, Chapter 501.171, require companies to take "reasonable measures" to protect and secure electronic data that contains personal information, to report breaches that affect 500 or more individuals in Florida to state regulatory authorities, and to give prompt notice to each individual in the state whose personal information was accessed as a result of a data breach. Companies that discover that 1,000 or more individuals were affected must also notify all consumer reporting agencies. Florida law deems all violations of the statute as unfair and deceptive trade practices, exposing companies to civil liability as well as civil penalties of up to $500,000.00 per breach.

Related Practices
Data Privacy & Security
RELATED PEOPLE
Kelly Ruane Melchiondo
Kelly Ruane Melchiondo
Partner
YOU MIGHT ALSO LIKE
Speaking Engagement September 27, 2024
U.S. Transparency Improvements
Paul D'Alessandro, Jr. serves as a speaker at the STEP LATAM Conference in Buenos Aires, Argentina. Paul's presentation - U.S. Transparency Improvements - is an overview of recent U.S. transparency developments including the practical application of the reporting requirements imposed by the Corporat...
Press Release July 23, 2024
Bilzin Sumberg Named to Bloomberg Law’s Diversity, Equity, and Inclusion Framewo...
Bilzin Sumberg is proud to announce that it has been named to Bloomberg Law’s fourth annual Diversity, Equity, and Inclusion (DEI) Framework. Bilzin Sumberg is one of only 57 U.S.-Based Firms that were included in the 2024 Framework.
Press Release July 23, 2024
John Trach Appointed Deputy Chair of Bilzin Sumberg Cares Program
Bilzin Sumberg is pleased to announce the appointment of John Trach as Deputy Chair of the Bilzin Sumberg Cares Program.John will work alongside Program Chair Lori Lustrin to further strengthen the firm's commitment to community service and philanthropic initiatives.
VIEW MORE