Category Archives: Cybersecurity

U.S. Supreme Court Issues Important Opinion in Coinbase v. Bielski: Reverses 9th Circuit on Stay Issue

Listen to this Blog – Read by Author Henry M. Sneath, Esq. – Shareholder Director at Houston Harbaugh, P.C.

Kaseya – Ransomware Attack Indictments; Podcast Update 12/5/21

The U.S. Justice Department and the FBI have announced indictments and money seizure in the ransomware attack perpetrated against software giant Kaseya. Hear the details in this 10 minute podcast.

https://anchor.fm/henry-sneath/episodes/Ransomware-Attack-on-Kaseya-12521-Update—Indictments-e1b9kga

Henry M. Sneath, Esq.
sneathhm@hh-law.com
412-288-4013

Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21 Podcast

Here is the latest on the Kaseya VSA supply-chain ransomware attack which is interesting because there is now strong interplay between the United States government and companies like Kaseya given the national security implications of this type of ransomware attack. Please feel free to listen to this podcast with a brief update on the government involvement in the response to this ransomware attack and on the type of directives that the federal government is now giving out through government agencies like the US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI. It was widely reported that the CEO of Kaseya on 1st notification of this ransomware attack contacted the federal government and spoke with national security officials at the White House and in the Department of Homeland Security. Obviously, every ransomware attack will not necessarily invoke this high-level government response, but more and more the government is involving itself in the investigation and response to these attacks which have been heavily linked to entities like REvil which is alleged to be based in Russia. Pres. Biden today allegedly called Pres. Putin to once again warn him regarding the cybersecurity attacks and he promised in the media that there would be a response from the United States. For more information on the specific CISA-FBI recommendations in response to the Kaseya VSA supply-chain ransomware attack see this link to the CISA website: https://us-cert.cisa.gov/ncas/current-activity/2021/07/04/cisa-fbi-guidance-msps-and-their-customers-affected-kaseya-vsa . See the link below for my short podcast with this update.

U.S. Supreme Court Issues Important Opinion in Coinbase v. Bielski: Reverses 9th Circuit on Stay Issue PIT IP Tech Cast

Court Makes Mandatory a Stay of District Court Actions on Interlocutory Appeal from Denial of Motion to Compel Arbitration The United States Supreme Court, in a somewhat controversial ruling today, has resolved a circuit split by ruling that interlocutory appeals from a federal district court’s denial of a motion to compel arbitration must automatically stay the underlying District Court case. On June 23, 2023, the Supremes in Coinbase, Inc. v. Bielski, No. 22 – 105 (599 U.S. ____ 2023), held that the district court must stay its proceedings while an interlocutory appeal on the question of arbitrability is ongoing.
  1. U.S. Supreme Court Issues Important Opinion in Coinbase v. Bielski: Reverses 9th Circuit on Stay Issue
  2. Ransomware Attack on Kaseya 12/5/21 Update – Indictments
  3. Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21
  4. Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach
  5. The Rise of Counterfeiting Litigation in Federal Courts

Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach

Podcast:

U.S. Supreme Court Issues Important Opinion in Coinbase v. Bielski: Reverses 9th Circuit on Stay Issue PIT IP Tech Cast

Court Makes Mandatory a Stay of District Court Actions on Interlocutory Appeal from Denial of Motion to Compel Arbitration The United States Supreme Court, in a somewhat controversial ruling today, has resolved a circuit split by ruling that interlocutory appeals from a federal district court’s denial of a motion to compel arbitration must automatically stay the underlying District Court case. On June 23, 2023, the Supremes in Coinbase, Inc. v. Bielski, No. 22 – 105 (599 U.S. ____ 2023), held that the district court must stay its proceedings while an interlocutory appeal on the question of arbitrability is ongoing.
  1. U.S. Supreme Court Issues Important Opinion in Coinbase v. Bielski: Reverses 9th Circuit on Stay Issue
  2. Ransomware Attack on Kaseya 12/5/21 Update – Indictments
  3. Kaseya VSA Supply-Chain Ransomware Attack Update 7-9-21
  4. Kaseya VSA Server Ransomware Attack July 2021 – Lessons and Protocols for Dealing with Data Breach
  5. The Rise of Counterfeiting Litigation in Federal Courts

Blog:

See Kaseya CEO Video response presentation: https://www.kaseya.com/

See Updates Regarding VSA Security Incident Response: https://www.kaseya.com/potential-attack-on-kaseya-vsa/

In any Cyber incident, Data breach, hack or unwanted email intrusion, like the recent Kaseya attack, Incident Response (IR) time is of the essence. The Business and Cybersecurity Litigation lawyers at Houston Harbaugh, P.C., are here to assist in addressing the cybersecurity issues facing companies today. A comprehensive set of issues must be addressed to aid companies in minimizing the risk of cybersecurity breaches and to aid companies not if, but when, a data breach occurs. Ransomware, e-mail spoofing, text and phone call spoofing, e-mail intrusion, phishing and other schemes are running rampant in the business world. Sophisticated companies are falling prey to wire fraud schemes and ransom attacks at an alarming rate. These victims frequently turn to their insurance carriers but the maze of seeking insurer indemnity and defense for these matters is complex. Our firm can help work through that maze on both the technical side of investigation and on the mitigation side including the analysis of insurance coverage options. Our litigation lawyers are well equipped to handle IR and to tackle both the initiation of, or defense of, litigation related to these cyber security breaches and losses.

Data breaches are one of the biggest risks facing companies today. Companies must take action to prepare for the worst and to react quickly when it happens on both the technical side and the legal side. Our firm can cyber-counsel on corporate structure issues, insurance coverage, employment law, HIPAA and personal and health care data issues, and protection of data through proper technology infrastructure, technology rules and policies, corporate and employment policies and litigation if necessary. Cybersecurity takes a team to protect companies and their data through security programs, security awareness training, annual security audits and Incident Response. A cyber incident or intrusion which results in a breach of Personally Identifiable Information (PII) may trigger certain legal reporting requirements. See (Westlaw’s link): Pennsylvania Statutes 73-2301: Breach of Personal Information Notification Act. A link to the actual Pennsylvania statute can be found hereHere is a summary of the Pennsylvania Notification Act:

  • Enacted in 2006, Pennsylvania’s data breach notification law requires entities doing business in Pennsylvania that maintain, store, or manage computerized personal information of Pennsylvania residents to notify affected individuals of any data breach that results or could result in the unauthorized acquisition of their unencrypted and unredacted personal information.
  • Notice must be made without unreasonable delay
  • If more than 1,000 individuals must be notified, breached entities must also notify all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
  • Breached third parties must notify relevant data owners or licensees.
  • Substitute notice is permitted in specific circumstances and notification may be delayed for law enforcement purposes.
  • Entities which maintain their own notification procedures as part of an information security policy consistent with state law are deemed to comply with the notification requirements of this law if the entity makes notifications in accordance with its policies.
  • Financial institutions compliant with the Federal Interagency Guidance Response Programs for Unauthorized Access to Consumer Information and Customer Notice are deemed to comply with this law, as are entities that comply with relevant notification requirements of federal regulators.

Our firm can help guide you through these reporting requirements but it is best to be prepared in advance. We can help you prepare and can refer you to good technical people for up front assistance.

Data breaches are the ultimate sneak attack. A company’s computer systems can be breached for weeks, months and even years without the breach being detected. Once detected, what action must the company take? A team that includes attorneys, company executives, law enforcement, IT and human resource management should be in place and prepared to address the various problems that arise. These problems include legal issues —regulatory compliance, protection of intellectual property, recovery of losses, and litigation —technical issues, notification issues, customer relations, public relations, and insurance issues.

Houston & Harbaugh cybersecurity attorneys have presented both regionally and nationally the following topics: “The Potential Consequences of Data Breach on Compromise or Infringement of Intellectual Property” and “Protecting Your Business in the Digital Age”. To read more about this topic and to see legal resources regarding Cybersecurity and Data Breach Response, please see this website’s Resource Library. 

Contact Our Pennsylvania Cybersecurity Attorneys Today: Houston Harbaugh can help your company take action to minimize the threat from data breaches and to guide you through IR. For immediate help on data breach or ransomware response, contact HH Shareholder Henry Sneath by email now to databreach@hh-law.com or call: 1-833-511-2243   

Was the 2017 “NotPetya” Ransomware Attack an Act of War?

This is the question being litigated in a high-stakes cyber insurance coverage dispute between global snack food giant, Mondelez International, and its insurer, Zurich American Insurance Company, in Illinois state court. “NotPetya” was a 2017 ransomware attack in which infectious code impacted a number of global corporations, including Mondelez, encrypting computer hard drives and demanding payment for access to the data. Mondelez claims that it suffered damage to its hardware and operation software systems valued in excess of $100 million as a result of the attack. In early 2018, the U.S. and its allies publicly attributed the cyberattack to the Russian government. Russia denied the allegations. Modelez submitted an insurance claim to Zurich under an all-risk property insurance policy. Mondelez alleges that Zurich denied the claim based on a policy exclusion that excluded coverage for “loss or damage directly or indirectly caused by or resulting from … [a] hostile or warlike action … by any government or sovereign power … or agent or authority [thereof].” In October 2018, Mondelez filed suit against Zurich in Cook County, Illinois to determine whether the exclusion applies. According to the docket the case is currently pending, and working its way through the discovery process.

This case is being closely watched by corporations and insurers alike as it may have broad implications on cyberattack coverage for both traditional and specialized cyber insurance policies that contain the same or similar exclusions. What evidence will the insurer present to seek to prove that this war exclusion applies?

Pieces by Brian Corcoran on Lawfare (here) and Jeff Sistrunk on Law360 (here) each contain in-depth discussions of the case and its potential implications on the cyber insurance market. The docket for the case can be found here (select the Law Division and enter Case Number 2018-L-011008).

Posted by R. Brandon McCullough attorney at Houston Harbaugh, P.C. 401 Liberty Avenue, Pittsburgh, PA 15222. Brandon concentrates his practice primarily in the areas of insurance coverage and bad faith litigation, complex commercial and business litigation and appellate litigation. Please contact Mr. McCullough at 412-288-4008 or mcculloughb@hh-law.com with any questions pertaining to this article or any other legal matters.

BLOCKCHAIN: Is it the Next Big Step in Data Security?

From Law.Com and its Legaltech news former Microsoft CTO Adrian Clarke (Evident Proof) reports on the technology of Blockchain and its purported major security benefits for the supply ecosystem. “The blockchain is a transaction ledger that is uneditable and virtually unhackable. New information can be written onto the blockchain, but the previous information (stored in what are known as blocks) can’t be adjusted. Every single block (or piece of data) added to the chain is given an encrypted identity. Cryptography effectively connects the contents of each newly added block with each block that came before it. So any change to the contents of a previous block on a chain would invalidate the data in all blocks after it.” Clarke’s report here is perhaps some comfort for an exponentially growing sector of the world wide economy which relies on supply chain management on a massive scale. See his piece in Law Journal Newsletters at http://tinyurl.com/y7mqfnem 

Attorneys Bill Cheng and John Frank Weaver at McLane Middleton, P.A. in New Hampshire posted this piece in the NH Business Review at: http://tinyurl.com/yblh6nqp regarding the interaction between Blockchain and Bitcoin and how the GDPR for example will struggle to deal with these technologies, given the protections that GDPR attempts to provide to data owners so that they can control their personal information and data. Blockchain, particularly in conjunction with Bitcoin as the currency for a Blockchain secured transaction will prove a challenge to the GDPR rules. CTOs, Industrial Engineers and Supply Chain designers have big decisions to make in the years to come regarding security and whether Blockchain is the answer to some data protection issues. Photo courtesy of Law.Com.

Posted by Henry M. Sneath, Esquire Co-Chair Litigation Practice Group and Chair of the IP Practice Group: Houston Harbaugh, P.C.  401 Liberty Avenue, Pittsburgh, Pa. 15222Sneath is also an Adjunct Professor of  Law teaching two courses; Trade Secret Law and the Law of Trademarks and Unfair Competition at Duquesne University School of Law. Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com

 

 

From Relecura: Semiconductor Sensors. Building the Wave in IoT Development

As the Internet of Things (IoT) develops, there is an increasing need to “sense” changes in the atmospherics which surround semiconductors. In other words, the working chips must get smarter and smarter and have feel! Some of that AI feel in chips is being supplied by sensing chips – the layered structure of wafers of semiconductor material which can “sense” changes in the environment it is measuring or into which it is placed. Gas sensors are particularly important and patent applications for these devices are on the upswing internationally, with Sony and Samsung leading the way. See Relecura article at http://tinyurl.com/ybrojuq2
Edaphic Scientific describes a gas sensor’s performance as follows:  “Semiconductor gas sensors rely on a gas coming into contact with a metal oxide surface and then undergoing either oxidation or reduction. The absorption or desorption of the gas on the metal oxide changes either the conductivity or resistivity from a known baseline value. This change in conductivity or resistivity can be measured with electronic circuitry. Usually the change in conductivity or resistivity is a linear and proportional relationship with gas concentration. Therefore, a simple calibration equation can be established between resistivity/conductivity change and gas concentration.” http://tinyurl.com/y6ufz7vx
The IoT relies on smarter and smarter technology as it governs many things around us. Products will have this smarter and smarter technology and converting “sensing” into electronic circuitry will likely have a positive impact on performance, but will present new challenges as products fail and cause damage to person or property. How deep a dive will be required in products liability litigation for example when a “sensor chip” fails to sense. Sensor chips have been around for a while, but they are becoming tremendously sophisticated and integral to the virtual world in which we operate.

Posted by Henry M. Sneath, Esquire Co-Chair Litigation Practice Group and Chair of the IP Practice Group: Houston Harbaugh, P.C., 401 Liberty Avenue, Pittsburgh, Pa. 15222. Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com

 

 

 

 

 

DTSA (DEFEND TRADE SECRETS ACT) CLAIMS INCREASE DRAMATICALLY IN 2017 AND 2018

FROM DTSALaw®:  As we have previously predicted on these pages (and at www.dtsalaw.com ), the number of DTSA lawsuits has risen dramatically in 2017 and the first two quarters of 2018. Lex Machina and IPLaw 360 report that DTSA lawsuits increased from roughly 900 suits to over 1100 in 2018. In the first two quarters of 2018, the number of filings already is 581. The DTSA is still working its way into the legal community’s knowledge base and many practitioners may still be unaware of the most important benefit – of automatic Federal Court jurisdiction for trade secret cases under the 2016 DTSA that involve interstate commerce. The DTSA was signed into legislation as an amendment to the Economic Espionage Act (EEA) and with EEA is a powerful tool in the arsenal of litigation strategies in both the employment and non-employment arenas. Many DTSA claims are part of claims brought to enforce employment restrictive covenants, which restrictive covenant claims themselves are becoming disfavored by the states and their courts. As “non-compete” claims find less favor with the courts, lawyers should look carefully at the DTSA (and EEA) for civil claims that might apply. IPLaw 360 reports as well that only 19 cases filed to date have reached a conclusion on the merits of trade secret misappropriation. Results were essentially evenly split between plaintiffs and defendants. Houston Harbaugh, P.C. (www.hh-law.com) has an aggressive employment and trade secret practice and Pittsburgh is seeing a number of new cases filed in its Western District Pennsylvania Federal Court. DTSALaw® is a registered trademark of Houston Harbaugh, P.C.

Posted by Henry M. Sneath, Esq.                                             Shareholder and Director;                                                                                      Co-Chair of the Litigation Department;                                                    Chair of the IP Department;                                                                         Houston Harbaugh, P.C.  (www.hh-law.com)                                                    Pittsburgh, Pa.                                                                                                              Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com

Business: Seeking Predictability in an Era of Uncertainty

Here is an article I wrote which was published by DRI in their IDQ (In-house Defense Quarterly) to promote the DRI Corporate Counsel Round Table meeting in Washington D.C. which was held in January. It highlights the uncertainty in business markets and the role of the courts in same. See the article at this link: http://tinyurl.com/y9mov84l 

Posted by Henry M. Sneath, Esq.                                                         Shareholder and Director;                                                                                    Co-Chair of the Litigation Department;                                                    Chair of the IP Department;                                                                         Houston Harbaugh, P.C.  (www.hh-law.com)                                                    Pittsburgh, Pa.                                                                                                              Please contact Mr. Sneath at 412-288-4013 or sneathhm@hh-law.com 

 

 

From Legal Tech/Law.Com news: A Bug Bounty for Discounts on Cyber Insurance

From our friends at Law.Com: In the growing market for cyber insurance, carriers are trying to compete on price.  One carrier, Coalition is offering discounts if your company creates a partnership with a “white hat hacker” and establishes a bug bounty with that hacker. The hacker gets a bounty for finding vulnerabilities. Legal Tech author Rhys Dipshan details the program in the article at this link: http://tinyurl.com/ydck3nxg

Dipshan reports that “bug bounties” are becoming a popular weapon in combating cyber attacks. “Unsurprisingly” Dipshan reports, “bounty programs are becoming increasingly common in the tech and corporate world, with companies such as FacebookMicrosoft and Uber offering compensation for vulnerability disclosures. They also have caught on in the federal government as well, with the Department of Defense launching its “Hack the Pentagon” and “Hack the Air Force” programs.” Do you need a cyber bounty hunter?

Posted by Henry M. Sneath, Esq.  HoustonHarbaugh, P.C. – Pittsburgh, Pa.  https://www.hh-law.com Chair of the Intellectual Property Practice Group and Co-Chair Litigation Practice Group. Contact at: sneathhm@hh-law.com or 412-288-4013

%d bloggers like this: