Buy-side executives in an M&A deal negotiate with their sell-side counterparts for months, plying them for information, assessing the seller’s weaknesses and pressure points, and even making informal entreaties when the parties’ standstill agreement says they shouldn’t —all to get the best deal for the acquirer. Under Delaware’s contractarian corporate regime—that would seem to be a good thing.

On November 25, 2020, a shareholder of First American Financial Corporation (“First American”) filed suit against the company and its officers and directors over a massive data security breach that exposed hundreds of millions of sensitive customer records. The shareholder derivative action, filed by Norman Hollett in Delaware federal court, alleges breaches of fiduciary duties, unjust enrichment, abuse of control, gross mismanagement, waste of corporate assets, and multiple violations of the Securities Exchange Act of 1934, all relating to the failure to contain and timely disclose the breach.