Doc of the Day: How Do You Sue an Unknown Hacker Who Steals Data through the Company Web Site?

“It filed a lawsuit against the unknown hackers as John Doe defendants and then moved for immediate discovery to subpoena the ISPs “to identify the users of the IP addresses during the dates and times” found on its web site…”

In this interesting analysis, Nick Akerman of Dorsey & Whitney looks at the case of Liberty Media Holdings, which sued hackers although their identities remained unknown. Here’s why:

“…Unknown individuals hacked into Liberty Media Holdings’ web servers and obtained ‘certain motion pictures’ that it ‘reproduced and distributed … onto their local hard drives and other storage devices.’ Not knowing the identity of these hackers Liberty Media Holdings filed a ‘John Doe’ lawsuit alleging violations of three federal statutes: the Electronic Stored Communications Privacy Act, 18 U.S. C. §§ 2701 and 2702, violations of the Computer Fraud and Abuse Act (‘CFAA’), 18 U.S.C. §1030 and copyright infringement in violation of 17 U.S.C. § 501. What the case describes is a fairly typical scenario – unknown individuals hack into the company web site and steal valuable data. There is no indication of the identity of the hackers. The only traces left behind are Internet Protocol (‘IP’) addresses assigned to the hackers, the Internet Service Providers (‘ISP’) that provided the hackers with Internet access and the dates and times of the intrusions. Rather than wait for law enforcement to investigate and prosecute, something that may or may not happen, taking the aggressive approach outlined by this case can have the same remedial impact as a criminal prosecution in stopping the illegal activity. It also does not preclude the matter from also being referred at any time to law enforcement. Here, what Liberty Media Holdings did can be adopted as a template by any company victimized by a computer hacker. It filed a lawsuit against the unknown hackers as John Doe defendants and then moved for immediate discovery to subpoena the ISPs ‘to identify the users of the IP addresses during the dates and times’ found on its web site…

Read the entire analysis here:
How Do You Sue an Unknown Hacker Who Steals Data through the Company Web Site? »