Over at Security States, I have a post entitled “When Companies Are Hacked, Customers Bear the Brunt. But Not for Long” that details two recent Federal cases in which service providers were found potentially liable for tort injuries arising from their alleged cybersecurity negligence. Here’s the opening:
One of the steps (or at least possible steps) along [the] continuum is the development of a common law doctrine of tort liability for consequential damages caused by inadequate or negligent cybersecurity measures. Legal developments in this area are hesitant and incomplete, but two recent decisions from the federal courts of appeals point the way toward the development of this doctrine. The cases both involve third party liability—that is, liability of a service provider to third parties for damages caused by the provider’s alleged negligence—and are a step short of the product liability doctrines that would be inherent in software design claims. So, the recent cases are of modest immediate importance—but they may be harbingers of the future.