Dice Corporation v. Bold Technologies, 913 F. Supp.2d 389 (E.D. Mich. 2012) (reconsideration denied March 28, 2013)

Posted byShawn E. Tuma Leave a comment on Dice Corporation v. Bold Technologies, 913 F. Supp.2d 389 (E.D. Mich. 2012) (reconsideration denied March 28, 2013)

Dice Corporation v. Bold Technologies, 913 F. Supp.2d 389 (E.D. Mich. 2012) (reconsideration denied March 28, 2013)

Plaintiff and defendant were competing providers of alarm monitoring software that provided their software to companies in the alarm industry. ESC Central was plaintiff’scustomer and had a database that stored large amounts of data for ESC’s customers including names, addresses, contact information, billing information, and information regarding the type and location of alarms. ESC became dissatisfied with plaintiff and moved its business to defendant.

To facilitate a seamless transition for ESC’s customers, defendant write a program to extract ESC’s data from plaintiff’s software and convert it into a format that could be read by defendant’s software. Under normal operations, ESC could access plaintiff’s database files of ESC’s customer data and retrieve the data without circumventing any of plaintiff’s security measures. Also during this time period, one of plaintiff’s employees went to work for defendant and assisted in the transfer of ESC’s data from plaintiff to defendant. Plaintiff sued defendant for violating the Computer Fraud and Abuse Act premised on the allegation that the employee, while working for defendant, accessed plaintiff’s servers after her employment terminated, which the employee flatly denied.

In deposition, plaintiff admitted that it had no evidence of when the employee allegedly hacked into its servers or how she did: “I don’t know how Bold got our–got all of our intelligence…. It’s not a question for me to answer, it’s a question for you to answer. How did Bold get access to those files[?] … I don’t know how Bold got the information to be able to do what they’ve done. I have no idea. All I know is that they have it….” Id. at 415.

The court granted summary judgment for defendant because plaintiff admitted that it had no evidence, indeed, no idea of when, how, or specifically whether the former employee actually accessed its server after her employment terminated. The employee testified that she did not and offered a plausible explanation for how the information was obtained that did not involve her accessing plaintiff’s server which supported the defendant’s motion and warranted summary judgment.

Published by Shawn E. Tuma

Shawn Tuma is an attorney who is internationally recognized in cybersecurity, computer fraud and data privacy law, areas in which he has practiced for nearly two decades. He is a Partner at Spencer Fane, LLP where he regularly serves as outside cybersecurity and privacy counsel to a wide range of companies from small to midsized businesses to Fortune 100 enterprises. You can reach Shawn by telephone at 972.324.0317 or email him at stuma@spencerfane.com.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Business Cyber Risk

Subscribe now to keep reading and get access to the full archive.

Continue reading