July 11, 2020

Volume X, Number 193

July 10, 2020

Subscribe to Latest Legal News and Analysis

July 09, 2020

Subscribe to Latest Legal News and Analysis

July 08, 2020

Subscribe to Latest Legal News and Analysis

Executives and Board Members Could Face Liability for Data Breaches

By now, most everyone is aware that Yahoo was hacked in both 2013 and 2014 and had names, passwords, and other account data of between 500 million and one billion of its users stolen. Following the breach, various class action lawsuits brought against Yahoo by consumers and small business users of Yahoo ensued. The stolen data and lawsuits also caused Verizon to reduce its offer to purchase Yahoo by $350 million. Unfortunately for Yahoo, its inability to protect private account data has led to additional negative consequences.

In late February 2017, a group of Yahoo shareholders, guided by the Oklahoma Firefighters Pension and Retirement System, sued Yahoo, as well as some of its executives and board members, including the chairman of its Board of Directors, co-founder, and current CEO, for breach of their fiduciary duty to the shareholders stemming from the stolen account data. Although the complaint is sealed (and thus unavailable to the public), the lawsuit, which appears to be the first of its kind, seems to assert that Yahoo and its executives breached their fiduciary duty to shareholders by failing to disclose the data security breaches to Yahoo account holders.

This lawsuit will be one to keep an eye on to see whether a failure to properly handle a data breach, and possibly even the data breach itself, can be considered a breach of a fiduciary duty to shareholders. Although this case appears to be the first of its kind, if it continues moving forward, it will undoubtedly spur like cases for other similarly situated entities that have suffered a security breach.

Other businesses that have been hacked and had personal account data stolen may be next in line for similar shareholder lawsuits. As such, the shareholder suit against Yahoo and its executives is yet another warning of how important it is for business to approach the need to properly protect personal data seriously. Whether its employee or customer information, businesses need to be on their guard and prepared to prevent and handle data breaches.

©2020 MICHAEL BEST & FRIEDRICH LLPNational Law Review, Volume VII, Number 62

TRENDING LEGAL ANALYSIS


About this Author

intellectual property, litigator, Albert Bianchi, Michael Best, Madison law firm
Associate

A.J. focuses his litigation practice on intellectual property and federal court matters, including disputes over evolving patent, trademark and copyright infringement, contract disputes, and class actions. He also litigates cases in Wisconsin, Illinois, and Minnesota state courts, with his past experience including jury trials in both Wisconsin and Minnesota.

608-283-4425
Michelle L. Dama, Attorney, Litigation, Michael Best Law Firm
Partner

Corporate clients turn to Michelle for her experience litigating commercial and intellectual property disputes, among other matters. Michelle also serves as a member of the firm’s Class Action/Multidistrict Litigation team. She tries cases in both federal and state courts at  the trial and appellate levels.

Michelle assists a diverse group of clients, many of them long-standing, in the following areas:

  • Complex commercial disputes
  • Intellectual property and trademark litigation
  • Product liability actions
  • Consumer law, including:
    • Telecommunications Consumer Protection Act (TCPA) of 1991
    • Fair Debt Collection Practices Act (FDCPA)
    • Fair Credit Reporting Act (FCRA)
608-283-0118
Adrienne Ehrhardt, Michael Best Law Firm, Corporate and Transactional Attorney
Partner

Known for giving practical and actionable legal advice, Adrienne counsels clients on the many complex aspects of privacy and data management matters.

Her extensive background includes experience with issues relating to the Gramm-Leach-Bliley Act (GLBA), Fair Credit Reporting Act (FCRA), and the Telephone Consumer Protection Act (TCPA), as well as privacy programs and cyber security issues.

Prior to joining Michael Best, Adrienne served as the in-house lead attorney in privacy and data protection at CUNA Mutual...

608-283-0131