Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 400 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Court’s Ruling on Privilege Presents New Cybersecurity Challenges
A federal judge has ruled that a financial institution must provide litigants with an incident report detailing its forensics firm’s findings relating to a 2019 cyber attack, creating new uncertainty for companies and their legal departments.
In 2019 a former employee of a major bank’s cloud hosting company hacked into one of the bank’s servers, gaining access to “more than 100 million…accounts and credit card applications.”
In May, a federal judge ruled that the bank must provide litigants with an incident report from its cybersecurity forensic firm articulating the details surrounding the event and their investigation.
The surprise decision, in effect, determined that [the bank] would need to provide the forensic details…about the hack to attorneys representing a group of customers suing the bank. It’s the kind of report that, if made public, could highlight technical and procedural failures that made it possible for a single suspect to allegedly collect gigabytes of data about 100 million people from a bank with $28 billion in revenue.
Typically, hacked organizations are able to keep incident response reports private and avoid costly suits by shielding the details under attorney-client privilege. Not under this decision.
Having reviewed the decision and associated legal opinion, Optiv offers the following observations regarding the Memorandum Opinion and Order (“Order”).
The Court’s decision suggests both legal and operational implications.
The complete Court order itself can be reviewed at CyberScoop.
The information provided in this article does not, and is not intended to, constitute legal advice. All information, content and materials available on this site are for general informational purposes only. Readers of this website should contact their attorneys to obtain advice with respect to any particular legal matter. No reader, user or browser of this article should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction. Only your individual attorney can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation.
Copyright © 2022 Optiv Security Inc. All rights reserved.
No license, express or implied, to any intellectual property or other content is granted or intended hereby.
This blog is provided to you for information purposes only. While the information contained in this site has been obtained from sources believed to be reliable, Optiv disclaims all warranties as to the accuracy, completeness or adequacy of such information.
Links to third party sites are provided for your convenience and do not constitute an endorsement by Optiv. These sites may not have the same privacy, security or accessibility standards.
Complaints / questions should be directed to Legal@optiv.com
August 20, 2019
Most major organizations are already fully compliant with GDPR. However, some may just now be launching into European markets, and others may have....
September 09, 2019
With mounting regulations, connectivity, and an explosion in data, privacy management programs are critical components of an overall security program....
September 30, 2019
In this post, Service Providers and PCI Compliance, Part 2 – Third-Party Risk Management, we look more closely at the relationships between....
Let us know what you need, and we will have an Optiv professional contact you shortly.