Close Menu

Cybersecurity Failures Are Now Grounds for Shareholder Derivative Claims

Cybersecurity Failures Are Now Grounds for Shareholder Derivative Claims

Corporate officers and executors may be held legally responsible by the shareholders of a company, even from their own pockets.  The shareholder derivative litigation lawyers at Federman & Sherwood can help you do this in a potential lawsuit.

Cybersecurity failures have been costing companies a large amount of money recently, whether it is in a settlement or harm to the business. Since these losses have often resulted from corporate negligence, it follows that shareholders can hold the directors and officers liable under certain circumstances. You may be able to file a shareholder derivative lawsuit if a company in which you own stock was held liable itself for failure to protect sensitive data.

Schedule a free initial consultation with a shareholder derivative litigation attorney at Federman & Sherwood by calling us at (800) 237-1277. Here, you will learn more about whether you can take legal action against the company itself as a shareholder. Read about our most recent shareholder class action lawsuit investigations.

Shareholders May Be Able to Recover Money on Behalf of the Company

Shareholders have the right to file a lawsuit on behalf of the company against the officers and directors for actions that they have taken that harmed the business. This is known as a shareholder derivative lawsuit. Recently, as the number of data breaches has skyrocketed, shareholders have taken to filing derivative lawsuits when officers’ negligent actions were the cause of the breach.

If you are a shareholder in a company that has been victimized by a data breach, you may suffer losses, even if your own personal data was not compromised. The value of your investment has been diminished because the company must pay a large settlement, and they have also harmed their own business prospects. As a shareholder, you can seek compensation on behalf of the company, which directly protects your own interest.

Why Directors and Officers Can Be Liable to the Company for Data Breaches

Corporate officers and directors owe fiduciary duties to the shareholders. One of these duties is the obligation to exercise reasonable care. Instances of negligence and mismanagement that have cost shareholders money are common reasons for derivative lawsuits. It follows that cybersecurity breaches can be a prime example of a breach of the duty of care that could lead to a settlement or a court ordering damages.

Cybersecurity breaches invoke the duty of care in numerous regards. Typically, upholding the duty of care would involve officers and directors doing the following:

  • Conducting risk assessments.
  • Implementing reasonable cybersecurity policies and procedures.
  • Monitoring internal controls and responding to known vulnerabilities.

If officers and directors fail in any of these tasks, it can result in serious damage to the company. Not only can a company be liable for a large class action lawsuit settlement, but cybersecurity breaches also can mean grave damage to the business’s reputation and future prospects.

Officers and directors can also breach the duty of loyalty, depending on the circumstances. Certainly, it would be a breach of the duty of loyalty if an individual officer or director had a direct financial stake in a transaction that ultimately resulted in a breach. Courts also find that officers and directors fail to uphold the duty of loyalty when they put profits over the protection of consumer data.

Recent Shareholder Derivative Lawsuits for Data Breaches

One of the earliest shareholder derivative lawsuits filed against officers for a cybersecurity breach was a case against LabCorp. The shareholders claimed that the company did the following:

  • Selected a third-party vendor whose systems were compromised, where over 10 million patients’ data, resulting in a class action lawsuit against the company.
  • Failed to disclose to shareholders that the company used an unprotected email address, which led to the exposure of patients’ sensitive data.

The lawsuit alleged that the officers and directors failed to uphold both their duty of care and loyalty in the circumstances surrounding the breach. The plaintiffs argued that the failure to provide proper cybersecurity measures to adequately secure patient information meant that the officers and directors were in breach of their own duties. Recently, a shareholder derivative lawsuit against Meta (formerly Facebook) in connection with a data breach resulted in a $190 million settlement.

As you can see in the LabCorp case, shareholder derivative lawsuits not only reach actions that the officers directly took that resulted in a breach, but they can also hold officers accountable for selecting third-party vendors. Given that many recent data breaches have occurred at vendors such as Cloudflare, this is a likely fact pattern in future lawsuits.

Contact a Shareholder Derivative Litigation Law Firm

Speak to a national shareholder derivative litigation attorney at Federman & Sherwood in a free initial consultation to learn whether you can take legal action against the company in which you owned shares. You can speak with a shareholder derivative litigation lawyer by visiting us online or by calling us today at (800) 237-1277.

By Federman & Sherwood | Posted on January 19, 2026