Category Archives: CFAA Cases

Texas Developer Sentenced to 4 Years for “Kill Switch” Cyberattack on Former Employer

A former Eaton Corp. software developer received a 4-year federal prison sentence for deploying a “kill switch” that locked out thousands of users and caused over $360,000 in damages. Learn what happened and key lessons for businesses to prevent insider threats.

MEMO TO: “The IT Guy” – It is a Crime to Sabotage Your Company’s Network on Your Way Out the Door!

A former First Republic Bank employee [cloud engineer] who sabotaged the company’s computer network after being fired for accessing pornography on a work computer has lost an appeal challenging his conviction and nearly $530,000 in restitution.* * *Brody was indicted in the U.S. District Court for the Northern District of California and ultimately pleaded guilty …

Continue reading “MEMO TO: “The IT Guy” – It is a Crime to Sabotage Your Company’s Network on Your Way Out the Door!”

Texas Bar Journal 2019 Cybersecurity & Data Privacy Update

The Texas Bar Journal’s 2019 year-end Cybersecurity & Data Privacy Update was once again provided by Shawn Tuma and addressed the following issues: Texas’ New Data Breach Notification Requirements effective January 1, 2020 Whether website scraping allegations are sufficient to invoke Texas and federal “hacking” laws Whether viewing pictures on another’s cellphone violates Texas “hacking” law Cyber …

Continue reading “Texas Bar Journal 2019 Cybersecurity & Data Privacy Update”

Fifth Circuit Upholds CFAA Conviction for Former Employee’s Misuse Causing Damage Based on Circumstantial Evidence

In United States v. Anastasio N. Laoutaris, 2018 WL 614943 (5th Cir. Jan. 29, 2018), the United States Fifth Circuit Court of Appeals affirmed a jury verdict finding Laoutaris guilty of two counts of computer intrusion causing damage, in violation of 18 U.S.C. § 1030(a)(5)(A) and (c)(4)(B)(i) of the Computer Fraud and Abuse Act. Laoutaris …

Continue reading “Fifth Circuit Upholds CFAA Conviction for Former Employee’s Misuse Causing Damage Based on Circumstantial Evidence”

Former Cardinals exec sentenced to prison for hacking Astros

HOUSTON (AP) — A federal judge sentenced the former scouting director of the St. Louis Cardinals to nearly four years in prison Monday for hacking the Houston Astros’ player personnel database and email system in an unusual case of high-tech cheating involving two Major League Baseball clubs. Source: Former Cardinals exec sentenced to prison for …

Continue reading “Former Cardinals exec sentenced to prison for hacking Astros”

Can a Company Remotely Wipe an Ex-Employee’s Device?

Note: this article was previously posted on Norse’s DarkMatters. One of my favorite sayings about cyber risk is “an ounce of prevention is cheaper than the very first day of litigation.” A recent case provides a nice example of exactly what I mean. In this case, an effective BYOD policy could have saved this company …

Continue reading “Can a Company Remotely Wipe an Ex-Employee’s Device?”

Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA

TAKEAWAYS: If your company intends to limit its employees access to certain information on the company network, (1) make sure appropriate technological restrictions are in place and are working; and (2) make sure there are appropriate policies or other documentation in place to show the employees subjectively knew it was off limits. When an employer …

Continue reading “Departing Employee Taking Data from “Restricted” but Unsecured Folder Doesn’t Violate CFAA”

Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case

I have read several blog posts that are stating, as a blanket proposition, that you must prove intent to defraud for CFAA claims. This, they say, comes from the recent Seventh Circuit Court of Appeals case, Fidlar Technologies v. LPS Real Estate Data Solutions, Inc., 2016 WL 258632 (7th Cir. Jan. 21, 2016) (opinion). This is …

Continue reading “Be Careful of Commentary on 7th Cir.’s Fidlar Tech CFAA “Intent to Defraud”Case”

Court Order Provides CFAA Authorization to Access Computer, Even if Later Overturned

A party who accesses a computer pursuant to a court order authorizing him to seize and access the computer will not be found in violation of the Computer Fraud and Abuse Act if such order is later overturned. “An essential element of a CFAA claim under 10 U.S.C. § 1030 is that the [defendant] accesses a …

Continue reading “Court Order Provides CFAA Authorization to Access Computer, Even if Later Overturned”

The CFAA Requires Access of a Computer — Not Just Access to Information

To have a valid CFAA claim, there must be an access to a computer. The Computer Fraud and Abuse Act is often referred to as an “access crime” because the act that is prohibited is accessing a computer. Misusing information that someone else obtained from a computer is not accessing a computer. Doing so may …

Continue reading “The CFAA Requires Access of a Computer — Not Just Access to Information”