Responding to Ransomware Learning from Colonial Pipeline
June 07, 2021 —
J. Kyle Janecek - Newmeyer DillionRecently, ransomware has taken to the forefront in national news. The most prevalent ransomware attack, the one perpetrated against Colonial Pipeline by the now-defunct "Dark Side" hackers, has served to remind businesses about the risks of ransomware. What happened to Colonial Pipeline? What should businesses do to learn from Colonial Pipeline's response? What should a business avoid?
What happened to Colonial Pipeline?
Colonial Pipeline, a Georgia based operator of fuel pipelines, had its billing software compromised by Dark Side's ransomware attack.1 Following this, Colonial Pipeline took proactive measures to (1) shut down their systems; (2) evaluate the issue; and (3) safely brought systems back on line after ensuring that they were not compromised.
Following this, Colonial Pipeline did eventually pay the 4.4 million dollar ransom demand from Dark Side. What it got in return was a decryption key, as promised, which ended up being slower than Colonial Pipeline's own backups.2 The ultimate result of this event being an initial cost of $4.4 million, in addition to lost profits, additional security costs, reputational costs, and litigation costs as consumers had filed a class-action lawsuit to hold Colonial Pipeline accountable for their perceived lapse in security.3 Further, the fall-out from Colonial Pipeline had prompted additional cybersecurity efforts and changes by the Biden administration, including proposed regulations requiring pipeline companies to inform the Department of Homeland Security of cybersecurity incidents within 12 hours, in addition to keeping a cybersecurity coordinator on staff at all times, and reviews of current security measures.
Read the court decisionRead the full story...Reprinted courtesy of
J. Kyle Janecek, Newmeyer DillionMr. Janecek may be contacted at
kyle.janecek@ndlf.com
Contractor Not Liable for Flooding House
October 02, 2013 —
CDJ STAFFKnife River Corp was hired by the town of Post Falls, Idaho to do road and sewer construction work. In the process, they interrupted a 6-inch water supply line, sending the water into a wastewater line. From there, the water flooded a home in Post Fall. The city paid more than $7,800 in damages.
Post Falls sued Knife River’s insurer for coverage. The city has lost its lawsuit and is responsible for $18,500 in attorneys’ fees. Despite all this, the city administrator says that the city still has a good working relationship with Knife River.
Read the court decisionRead the full story...Reprinted courtesy of
Pennsylvania Court Finds that Two Possible Causes Can Prove a Product Malfunction Theory of Liability
September 29, 2021 —
Gus Sara - The Subrogation StrategistIn Allstate Ins. Co. v. LG Elecs. USA, Inc., No. 19-3529, 2021 U.S. Dist. LEXIS 127014, the United States District Court for the Eastern District of Pennsylvania considered whether plaintiff’s expert engineer’s opinion that there were two possible causes of a fire—both related to alleged product defects within a refrigerator manufactured by the defendant—was sufficient to support the malfunction theory of products liability. The court found that because both potential causes imposed liability on the product manufacturer and the expert ruled out misuse of the product, as well as all external causes of the fire, it was not necessary for the engineer to identify a specific cause under the malfunction theory. The court also found that the expert’s investigation and opinions met the criteria set forth in Daubert v. Merrell Dow Pharms., Inc., 509 U.S. 579 (1993) and the Federal Rules of Evidence and, thus, were admissible.
LG Electronics arose from a fire at the home of Thomas and Lisa Ellis. The public sector fire investigator identified the area of fire origin as the top of a refrigerator manufactured by LG Electronics USA, Inc. (LG). The Ellises filed a claim with their homeowner’s insurance carrier, Allstate Insurance Company (Insurer). Insurer retained a fire investigator and an electrical engineer to investigate the origin and cause of the fire. The fire investigator agreed with the public sector investigator that the fire originated at the top of the refrigerator. The engineer conducted a forensic inspection of the scene and ruled out all potential external ignition sources. He then examined the internal components of the refrigerator. He found arcing activity on a wire at the front top of the refrigerator. He opined that there were two possible causes of the fire: either the heater circuit insulation failed over time due to mechanical damage, or the heat from the internal light fixture ignited combustible components of the refrigerator. Since the engineer ruled out improper use of the refrigerator, he opined that the damage was caused by a manufacturing defect.
Read the court decisionRead the full story...Reprinted courtesy of
Gus Sara, White and WilliamsMr. Sara may be contacted at
sarag@whiteandwilliams.com
DA’s Office Checking Workers Comp Compliance
February 10, 2012 —
CDJ STAFFThe San Bernardino office of the California District Attorney is partnering with the California Contractor’s State License Board to check if subcontractors are holding the required workers compensation insurance. The High Desert Daily Press reports that the process of checking at sites has been going on for several months.
� Investigators visit sites and ask supervisors to provide a list of subcontractors which the state then checks for compliance. One worker was quoted that insurance inspections were so rare that he had never seen one before, despite 20 years in construction.
� On one day, investigators in two teams visited fourteen construction sites and reviewed the insurance status of twenty-two firms. Three were found out of compliance and stop work orders were issued.
Read the full story…
Read the court decisionRead the full story...Reprinted courtesy of
Texas “your work” exclusion
January 06, 2012 —
CDCoverage.comIn American Home Assurance Co. v. Cat Tech, L.L.C., No. 10-20499 (5th Cir. Oct. 5, 2011), claimant Ergon hired insured Cat Tech to perform service on a reactor at Ergon’s refinery. During a start-up of the reactor after Cat Tech had completed its work, the reactor suffered damage. Cat Tech performed additional service and repairs. However, again upon start-up of the reactor, it suffered additional damage. Ergon hired another contractor to repair the reactor. Ergon initiated arbitration proceedings against Cat Tech. Cat Tech’s CGL insurer American Home defended Cat Tech against the Ergon arbitration under a reservation of rights.
Read the full story…
Reprinted courtesy of CDCoverage.com
Read the court decisionRead the full story...Reprinted courtesy of
Are You a Construction Lienor?
November 15, 2017 —
David Adelstein - Florida Construction Legal UpdatesWhen it comes to construction lien rights, not everyone that touches the project is a proper lienor. Forget about timely serving a Notice to Owner or recording a claim of lien, if you are not a proper lienor, it does not matter if you properly perfected your lien rights. If you are not a proper lienor, you have NO lien rights under the law!
Florida Statue s. 713.01(18) defines a lienor as follows:
(18) “Lienor” means a person who is:
(a) A contractor;
(b) A subcontractor;
(c) A sub-subcontractor;
(d) A laborer;
(e) A materialman who contracts with the owner, a contractor, a subcontractor, or a sub-subcontractor; or
(f) A professional lienor under s. 713.03;
and who has a lien or prospective lien upon real property under this part, and includes his or her successor in interest. No other person may have a lien under this part.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Florida Construction Legal UpdatesMr. Adelstein may be contacted at
Dadelstein@gmail.com
Commercial Real Estate Brokerages in an Uncertain Russian Market
March 28, 2022 —
Cait Horner & Adam J. Weaver - Gravel2Gavel Construction & Real Estate Law BlogSeveral commercial real estate firms have joined the growing list of companies temporarily suspending – or outright terminating – property and facility management operations in Russia amid economic sanctions and mounting international pressure. CBRE is the latest to make such a move, discontinuing its Russian leasing, investment and property management operations and denouncing Russia’s invasion of Ukraine in a statement issued March 7th. Other major players, including Savills, Knight Frank, and Colliers, have already suspended operations in the country, citing similar concern for international sanctions and the humanitarian impact of the invasion. Colliers is going even further to suspend operations in Belarus as well. Recently, global real estate service giant JLL switched course, issuing a formal statement that “with great sadness,” it will begin the process of separating from its domestic operations in Russia, though not commenting on whether the separation will be temporary or permanent. This is a significant change from just earlier this month , where, when asked about pulling operations from the country, JLL stated it would stay abreast of the situation abroad and continue to ensure the safety of its people and clients.
Now that CBRE and Dallas-based JLL have joined the list, Houston-based powerhouse Hines appears to be continuing its “wait and see” approach. Hines currently owns Russian assets valued at $2.9 billion, nearly 2 percent of its entire $160 billion asset portfolio, and its property management portfolio manages more than 243 million square feet worldwide. While other firms have temporarily suspended current operations, Hines has gone so far as to say it will avoid servicing any future investments in the country, though it did similarly condemn Russia’s actions. With JLL’s recent decision , if Hines does take a stronger stance, it will likely happen soon.
Reprinted courtesy of
Cait Horner, Pillsbury and
Adam J. Weaver, Pillsbury
Ms. Horner may be contacted at cait.horner@pillsburylaw.com
Mr. Weaver may be contacted at adam.weaver@pillsburylaw.com
Read the court decisionRead the full story...Reprinted courtesy of
CCPA Class Action Lawsuits Are Coming. Are You Ready?
March 23, 2020 —
Daniel Schneider & Jeffrey Dennis – Newmeyer DillionThe only certainties in life used to be death and taxes. In 2020, it would be safe to add California Consumer Privacy Act (CCPA) class actions to that "distinguished" list. On February 3, Barnes v. Hanna Andersson, LLC, N.D. Cal., Case No. 20-cv-00812, was filed in the Northern District of California, setting in motion the certainty that CCPA class actions are on their way, if not already here.* Filed on behalf of all California residents, the Barnes complaint alleges that between September and November 2019, clothing retailer Hanna Andersson and Salesforce, its online payment services provider, failed to properly safeguard the personally identifiably information (PII) of its customers after hackers stole customers' private information and posted it to the dark web for sale.
What You Need to Know
- Under the CCPA, a data breach is any unauthorized access, theft or disclosure of a consumer's non-encrypted and non-redacted personal information that results from a company's failure to implement and maintain "reasonable" security procedures and practices. Here, the complaint alleges that the defendants failed to maintain reasonable security procedures and practices in order to protect the consumers' PII.
- Although the CCPA is largely viewed as new law related to California consumers' privacy rights (and placement of subsequent obligations to companies doing business in California), the CCPA includes potentially draconian damages for a data breach permitted by unreasonable cybersecurity. Under the new law, an individual need not show any actual harm caused by a data breach, yet he/she may seek statutory fines of up to $750 per incident per individual in the event of a breach. Plaintiffs estimate that at least 10,000 California residents could have been affected by this breach, thereby exposing defendants to up to $7.5 million dollars in damages if proven true.
- There exists a duty to monitor and ensure that third party organizations are properly safeguarding a company's data. During the course of the investigation into the breach, it was discovered that the Salesforce ecommerce platform was infected with malware which allowed the hackers to steal consumers' PII from Hanna Andersson's website.
- The CCPA went into effect on January 1, 2020, yet enforcement by the California Attorney General is not allowed until July 2020. However, no such delay is required for private litigation under the data breach portion of the CCPA. Interestingly, although the complaint alleges that the data breach occurred in 2019, the court could choose to apply the CCPA but that is still yet to be determined.
While Barnes may be the first class action lawsuit to mention violation of the CCPA, it certainly will not be the last. In fact, numerous class actions lawsuits have been filed in the new year which either mention the CCPA or utilize CCPA-like language to style particular claims. As such, it is evident that the Plaintiffs' bar sees the CCPA as a potential for extensive class action litigation. Expect to see an ongoing deluge of class action litigation in California under the data breach portions of the CCPA. In addition, although the Barnes' plaintiffs may not be able to invoke the CCPA due to the data breach occurring in 2019 (before the CCPA took affect), Barnes serves as a stark reminder that implementing and maintaining reasonable data security is vital to defend a business against CCPA claims. Newmeyer Dillion can assist companies analyze their cyber risk profile, and provide access to experienced forensic teams which can ensure reasonable security exists in your organization.
*While Barnes does not yet expressly state a cause of action under the CCPA, relying upon violations of the California Unfair Competition Law in its place, we anticipate that an amendment will soon be filed to include a CCPA claim.
Daniel Schneider is a Partner in Newmeyer Dillion's Privacy & Data Security group. Focused on advocating on behalf of clients when cyber threats inevitably happen, Dan also advises on best practices to help protect the company and mitigate future concerns. Dan can be reached at daniel.schneider@ndlf.com.
Jeff Dennis (CIPP/US) is the Head of the firm's Privacy & Data Security practice. Jeff works with the firm's clients on cyber-related issues, including contractual and insurance opportunities to lessen their risk. For more information on how Jeff can help, contact him at jeff.dennis@ndlf.com.
About Newmeyer Dillion
For 35 years, Newmeyer Dillion has delivered creative and outstanding legal solutions and trial results that achieve client objectives in diverse industries. With over 70 attorneys working as a cohesive team to represent clients in all aspects of business, employment, real estate, environmental/land use, privacy & data security and insurance law, Newmeyer Dillion delivers holistic and integrated legal services tailored to propel each client's success and bottom line. Headquartered in Newport Beach, California, with offices in Walnut Creek, California and Las Vegas, Nevada, Newmeyer Dillion attorneys are recognized by The Best Lawyers in America©, and Super Lawyers as top tier and some of the best lawyers in California and Nevada, and have been given Martindale-Hubbell Peer Review's AV Preeminent® highest rating. For additional information, call 949.854.7000 or visit www.newmeyerdillion.com.
Read the court decisionRead the full story...Reprinted courtesy of
