$1 Billion Settlement Tentatively Reached in Tragic Surfside Condo Collapse

More than 20 entities have agreed to pay nearly $1 billion to settle a class action lawsuit over the 2021 collapse of a residential building in Surfside, Florida. Ninety-eight people died in the tragic building failure. The proposed settlement announcement was a surprise in this slow-moving class action. Presiding Miami-Dade Circuit Judge Michae.l Hanzman must approve the proposed settlement. Hazman called the development “fantastic” and commented that the amount was higher than he expected.

Read more on how this happened and settlement details here.
Update: the judge approved the $1B settlement on June 23, 2022

Johnson & Johnson Employs Bankruptcy Strategy to Cap Litigation Payouts

The massive healthcare and consumer goods company, Johnson & Johnson (J&J), has faced an onslaught of lawsuits over asbestos-contaminated talcum powder for over a decade.  In an apparent effort to cap cancer victim payout liabilities the J&J shifted liability for tens of thousands of talcum powder lawsuits to a newly created subsidiary that promptly filed for bankruptcy. Read more here.

Apple’s Epic 14 Hour Deposition of Epic Games Expert Witness

Participating in a deposition is a common occurrence for expert witnesses. What’s less common is a request for 14 hours of deposing for a single expert. But this is exactly what transpired in a recent case in California’s Northern District. The presiding judge in Epic Games, Inc. v. Apple Inc. granted Apple’s lengthy request to depose one of Epic’s expert witnesses. Given this outcome, attorneys and their expert witnesses will want to think twice before submitting all-encompassing, bulky expert reports in complicated cases. Read full blog here

EU Tax Man Cometh for Apple

The EU tax man is catching up with Apple. On Friday Apple put $1.76 billion into a tax escrow to comply with the 2016 EU order that Ireland reclaim back taxes  from Apple. Two years ago the EU Commission ruled that Ireland’s tax arrangements with Apple amounted to state aid, violating EU competition law.  While Apple and Dublin are challenging the ruling, they were forced to establish and start funding an escrow account for the $16 billion in back taxes and interest.

Over the years many EU countries — prominently Ireland, the Netherlands and Luxembourg  — have encouraged US companies to set up offshoots in their countries with very favorable tax incentives.  In Europe, these tax schemes were dubbed “double Irish” or “Dutch sandwich” in the 1980s. The tax strategies were a way for some EU countries to grow their economies and employment ranks with local big foreign brand operations. Today, Apple employs around 5,000 people in its Cork facility.

Under similar EU rulings Starbucks paid back taxes to the Netherlands, while Amazon and Fiat paid Luxembourg tax authorities.

In recent years, Margrethe Vestager, EU Competition Commissioner, has stepped up investigations of behemoth US tech companies for various competition transgressions.  EU countries who now rely on US and other international companies for significant employment and tax revenues worry about the ramifications of the zealous commissioner. Other EU nations applaud the actions they see as long overdue.Margrethe Vestager

Marketers Shift Away from Campaign-based Thinking

“What has been interesting for us has been to see the gradual change amongst marketers who are only now starting to recognize the need to shift away from campaign-based thinking to a more comprehensive mindset for content and customer engagement,” says Jamie Posnanski of Accenture. Read more on 2018 content marketing trends here .  Chimp Tools
Is your marketing strategy evolving towards content and customer engagement?

What’s all this talk about digital transformation?

Digital transformation: Some organizations see it as a scary idea, wreaking revolutionary, unsettling changes. Others are curious — just what does this buzzword mean and what are we transforming into? Regardless of your viewpoint, your enterprise seriously needs to understand and chart its course to becoming a digital ninja. Like it or not, your success depends on how quickly your organization captures, absorbs and uses digital information. Read moretwitter_digitaltransformation.png


North Korean WannaCry Ignites Government-Industry Collective Defense



In a Monday Wall Street Journal op-ed Thomas P. Bossert, Trump’s homeland security adviser, declared “[t]he [WannaCry] attack was widespread and cost billions, and North Korea is directly responsible.” The findings are based on evidence says Bossert, and he is backed up by UK and Microsoft.

A Washington Post Bossert quote ratchets up the call for closer government-industry cyberdefenses. “[S]ome say that defending cyberspace is impossible and that hackers are inevitable. I disagree. . . . Government and industry must work together, now more than ever, if we are serious.”

Today, US and UK officials suggested it was highly likely the Lazarus Group was backed by the North Korean government. Facebook deleted accounts associated with Lazarus last week “to make it harder for them to conduct their activities,” reports The Guardian,  Facebook announced it acted with Microsoft “and other members of the security community” to disrupt the group’s activities.

A few hours ago Axious reports that the Department of Homeland Security (DHS) plans on intervening in U.S. company cybersecurity issues when necessary.

“The Department of Homeland Security is now calling on all companies to commit to U.S. collective defense, per Jeanette Manfra, assistant secretary for the Office of Cybersecurity and Communications at DHS. But Bossert wouldn’t go so far as to say that an attack on a U.S. company constitutes an attack on the country.

DHS plans to move beyond offering voluntary assistance on cybersecurity issues and instead plans on intervening directly when necessary, per Manfra.”

Watch for much closer public-private actions to combat state-actor cyberattacks. 

Public Sector Brings New Cybersecurity Tech to Market

Hacker image
Here’s follow-up on a recent blog on emerging public and private sector roles in protecting against state-actor corporate cyberattacks.

Did you hear about the Department of Homeland Security Science and Technology Directorate’s commercialization of another Transition to Practice program technology?

The new industrial control systems cybersecurity solution — called SerialTap — passively taps serial-line communication data for use with enterprise cybersecurity incident and event management systems to improve situational awareness during an event. SerialTap integrates with legacy IT enterprise security solutions and industrial control systems used by critical infrastructure sectors.

The SerialTap announcement came during Critical Infrastructure Security and Resilience Month, which aimed at building awareness of the importance of critical infrastructure, and reaffirming “the nationwide commitment to keep our critical infrastructure and our communities safe and secure.”

Good to see the public sector sharing new technology to improve cybersecurity incident response.


Whose Job is it to Protect Corporate Data Stores from State Actor Cyberattacks?


It’s hard not to notice, that constant breach of data under corporate care has become our new normal. Headlines seem almost redundant — another data breach revealed, some very tardy.  In this barrage of breach announcements, we hear more about state-actors originating cyberattacks on corporate data stores. So, whose job is it to protect against foreign state attacks on corporate data stores?

“As we all have witnessed: no company, individual or even government agency is immune from these [cyber] threats.” So said Marisa Mayer, former Yahoo CEO, during her November Senate testimony on the Yahoo breach. Despite years of heading off may cyberintrusions and leveraging white hackers to test their defenses, Mayer says Yahoo still does not know exactly how “Russian agents intruded on our systems and stole our users’ data.”

Last year, North Korean hackers almost succeeded in stealing $1 billion from the New York Federal Reserve, after hacking into the Bangladesh Central Bank. The misspelling of “foundation” as “fandation” is the only thing that stopped the heist.  Let’s not forget,  Pyongyang Sony Pictures hack to stop release of an unflattering movie.

In 2011, North Korea’s leader Kim Jong-un started investing beyond cyberattack prowess for warfare, with a new focus on training hackers for theft, harassment and political-score settling. Researchers believe that 1/5th of Pyonyang cyberattacks originate from their hackers stationed in India, while other attacks are routed through Malaysia, Nepal, New Zealand and other countries.

“Only stiffer enforcement and stringent penalties will help incentivize companies to properly safeguard consumer information and promptly notify them when their data has been compromised,” said Senator Nelson during the Yahoo hearing. The Senate committee chairman, added that the patchwork of state regulations on breach notifications must be replaced with a federal law.

On another front, the SEC plans to update its cybersecurity guidance for publicly traded companies, after the Equifax fiasco. Equifax discovered the attack in July but waited until September to inform shareholders. During that window, Equifax executives sold company stock. A company investigation exonerated them. A senior SEC regulator wants  faster cyber intrusion notices to investors, and revision of post-breach insider trading policies.

Is federal cyber-regulation of the private sector the answer?

In a Friday the 13th London speech, DOJ’s Rod Rosenstein said law enforcement’s  goal is to disrupt and deter future attacks, and punish cybercriminals. The Deputy Attorney General observed that “foreign criminals regularly break into systems to steal ideas that make our nation strong and competitive in the global marketplace.” Rosenstein recommends corporations immediately tell law enforcement when they discover a breach, in part so the company can gain access to sophisticated government tools.

What is law enforcement doing to head off these attacks before they happen?
Is Homeland Security doing enough to help corporations protect data from cyberattacks?

Ransomware attacks sure got corporate security folks’ attention this summer. WannaCry and NotPetya wreaked havoc on companies from FedEx to Merck.

SC Magazine places heaps of blame on the National Security Agency (NSA) for the  these  attacks. The NSA originally discovered the Microsoft security vulnerabilities, didn’t tell anyone and let their own hacking tools for the flaws get stolen by cybercriminals.

If the NSA can be hacked, how can corporations fend off nation-state and sophisticated hackers?

Then there’s the ultimate economic cyberattack —  where a nation-state aims to shut down the power supply or scramble bank records with a cyberattack. The NotPetya  attack gripped Ukraine’s power grid this summer. Ukraine claims Russia was behind this cyberwarfare.

Wired reports that the NotPetya October follow-on, “Black Rabbit attack” — locked hundreds of machines and hampered critical infrastructure in Russia, Ukraine, Germany and Turkey — may raise doubts about Russian involvement in NotPetya. Though one of the cybersecurity firms commenting on the situation is under F.B.I. investigation for links to  Russian intelligence.

Is this a spy novel or what?

These massive destructive attacks on critical infrastructure and data manipulation worry the head of the US National Security Agency (NSA), Admiral Michael Rogers. Let’s remember that a vast swath of US critical infrastructure is run by the private sector.

How will we protect corporate data stores from nation-state and rogue cyberwarfare, let alone run-of-the-mill profit-seeking hackers?

Isn’t the private sector’s job commerce and innovation? Yet in the digital economy, corporations must also be extremely sophisticated data security companies. After all, they leverage our personal data for profit, right?

The European Union’s  GDPR is about to usher in massive corporate liability for data privacy.  Though “cybersecurity,” a major data breach threat, is not mentioned in the regulation.

Does the government need to take a wider role in combating state-actor cyber attacks on corporate data? What new public-private models are needed to protect corporate data stores? Whose job is it to protect against state-actor cyberattacks on the private sector?

Food for thought.