BankInfoSecurity.com reported that the latest lawsuit “…claims the company lacked a cybersecurity program encompassing ransomware issues at the time of the attack, which led it to shut down pipeline operations serving much of the East Coast. It claims the company ignored warnings about cyber risks to interstate pipeline systems.” The June 23, 2021 article entitled “Lawsuits Allege Colonial Pipeline Had Inadequate Cybersecurity” included these comments:
If the lawsuits eventually achieve class action status, the plaintiffs' attorneys would then need to prove that Colonial Pipeline acted negligently and show that the company "owed a duty" to those who claim they were affected.
If there's no clear duty owed to the plaintiffs as to cybersecurity versus operating their pipeline versus fulfilling whatever contract for the purchase of oil and gas they had with Colonial, they wouldn't meet the 'commonality' requirement….
In that case, nothing else would be considered negligence or gross negligence … and their claim will fail entirely regardless of whether the cybersecurity was adequate or not.
These cases will be interesting to follow!