Bloomberg Law reports that Edelson PC, a leading plaintiffs’ firm in privacy and data security law, filed a class action lawsuit against Johnson & Bell that allegedly had vulnerabilities in its information security systems. What makes this lawsuit unique is that no actual breach occurred. The action is based on the failure to adopt reasonable security standards. Is a vulnerability by itself enough to meet standing requirements? No case has held that a mere vulnerability without a compromise of information, an attack, or an attempted attack, is actionable.
This is now a wake up call to both vendors and law firms on how they protect client data and notice that should be given to clients re potential vulnerabilities.
Director of Strategic Consulting