October 2021 Business Litigation Update

Plaintiffs Blame Colonial Pipeline For Allowing Itself to Get Hacked

Ransomware attacks have been in the news lately, and that is a warning sign for business owners and management.

In a ransomware attack, hackers use sophisticated software to lock out the employees of a business’s computer system, demanding payment to release the system back to the business.  These kinds of attacks can cause serious harm to a business, as well as its customers.

One well known example of a ransomware attack occurred in May 2021 and involved the Colonial Pipeline Company, the operator of the largest pipeline system for refined oil products (gasoline, diesel fuel, jet fuel) in the U.S.  This attack forced Colonial Pipeline to halt all of the pipeline’s operations and led to fuel shortages and higher gas prices throughout the United States.

While Colonial Pipeline ultimately paid the ransom to the hackers ($4.4 million) and restarted pipeline operations, the company now faces lawsuits brought by a group of gas station owners who claim they were damaged when their supplier was unable to deliver gasoline to them because of the pipeline shut down.  The gas station owners contend that with no gas to sell they lost customers and revenue, and that Colonial Pipeline is liable because the company’s lax security allowed the ransomware hack to occur.  Another lawsuit against Colonial Pipeline was filed by consumers complaining that the company’s lax computer security led to an escalation in gas prices.

It is too early to tell whether these lawsuits will succeed.  But that is not the point.  Defending against a lawsuit is costly and time consuming for businesses, even if the case is ultimately dismissed.

So, what can business owners do to protect themselves and prepare?

1. Make sure you have the appropriate cyber-security in place.  It is important to remember that there is an avenue to file a lawsuit if there is proof that a business was lax in protecting their system.  Therefore, it is essential to ensure that companies have all reasonable cybersecurity protections firmly in place, as well as policies and procedures in this area.  This is especially critical if your company houses sensitive client or customer data.
2. Training employees is key.  Often hackers are let into a business’s computer system because of a simple mistake by an employee – clicking a link or unknowingly providing information to the wrong person.  An extensive employee training program should be implemented across the board.
3. Have a plan if you fall victim to a hack. No matter what protections are in place, there is always the risk that hackers will find a way in.  Have a plan in place that includes internal processes and external communications, as you do not want to navigate responding to a situation like this without a roadmap.

Ransomware attacks occur every day, whether reported in the news or not.  Ensuring your company has the proper security protections in place, instituting intensive employee training, and creating a robust response plan has never been more important.  Make the investment now to reduce the chances of a ransomware attack and the costly litigation that might follow.