Saikali Discusses Data Breach Targets Suing Cyberforensic Firms With Law360

Shook, Hardy & Bacon Partner and co-chair of Shook’s data security and privacy practice Al Saikali discusses Affinity Gaming v. Trustwave Holdings Inc. in a January 26 Law360 article titled, “5 Privacy Litigation Developments You May Have Missed.

While many articles have focused on a few very large data breach incidents, other important privacy suits have gone largely unnoticed. Law360 asked attorneys, including Saikali, about other notable developments in data privacy. 

In December 2015, Las Vegas-based casino operator Affinity Gaming launched a suit alleging that cyberforensics firm Trustwave Holdings failed to properly investigate, diagnose and remedy Affinity's 2013 data breach.

Describing the next steps in the data breach case, Saikali says, "A forensics examination is not as simple as many companies would like to believe. Unlike the medical world, where a doctor may already know where the infection resides and how to treat it, the cause of a data breach can often be very difficult to find, and it can migrate quickly and, though seemingly removed, return easily."

Although it's too early to know if Affinity has enough evidence to win the suit, Saikali and other attorneys note that cash-flush forensics firms may not be as attractive a target as initially perceived, due to strong limitation of liability language in contracts and other factors. “Companies should think twice about the repercussions of blaming their losses on forensic firms,” Saikali says.