Last month, TikTok sued Montana’s attorney general—alleging the state’s recent TikTok ban is unconstitutional and is preempted by federal law.

On May 17, Montana Governor Greg Gianforte signed a first-of-its-kind law banning TikTok from operating in the state, in order “[t]o protect Montanans’ personal, private, and sensitive data and information from intelligence gathering by the Chinese Communist Party.”


As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape, specifically concerning the discoverability of post-breach forensics reports.

The massive data breach of the United States Commerce and Treasury Departments that has roiled the federal government has resulted in federal securities litigation. On January 4, 2021, Plaintiff-Shareholder Timothy Bremer filed a class action complaint against SolarWinds and SolarWinds’ corporate executives in the United States District Court for the

As reported last week, a state-sponsored hacker may have breached multiple U.S. government networks through a widely-used software product offered by SolarWinds. The compromised product helps organizations manage their networks, servers and networked devices. The product is not only used by government agencies, but is widely used in both the

A cyber breach can have serious legal, financial, and reputational consequences for a company, as described in our previous post. As such, cybersecurity threats must be treated as business risks, not just a potential IT problem. Senior management at a company should take the lead to ensure that the company is taking appropriate actions to protect itself against cyber risks. There are several steps that senior management can guide the company to take to prevent breaches from occurring and to mitigate the impact when they do occur.

In today’s world, cybersecurity breaches and threats are pervasive concerns for any business entity, without exception. Working from home arrangements due to COVID-19 constraints only magnify the risk and create further vulnerabilities for companies. Companies should be aware of (1) the key cyber threats they face, (2) the consequences of a breach, and (3) the statutory and regulatory framework governing cybersecurity. Cybersecurity breaches are unique in that an entity can both be the victim of the breach and still be found to have a degree of responsibility. Fortunately, there are precautionary measures that companies can implement to help prevent a breach and to mitigate the scope and damage of a breach if one were to occur. We will elaborate on the steps to take to guard against a breach and how to effectively respond to a breach in a forthcoming post.

On March 27, 2020, a five-year legal battle between three certified classes of Jeep Cherokee drivers and Fiat Chrysler came to a sudden end, when a federal judge in the Southern District of Illinois held that allegations that the vehicles were vulnerable to cyber-attacks did not give plaintiffs standing to sue under Article III of the Constitution.

This past month, professional networking site LinkedIn Corp., was given more time to file a petition for certiorari challenging a Ninth Circuit finding that hiQ Labs Inc. (“hiQ”), a workforce data analytics startup, did not violate federal hacking laws by “scraping” LinkedIn member profiles without LinkedIn’s permission.

Data scraping, or web scraping, is a method where a computer program extracts data from websites. The data that is extracted is often considered to be human-readable information. The question of who owns data that is scraped from public websites is now at the doorstep of one of the largest technology social media companies in the United States.