Skip to content

Browse

Some authorities are doctrine anchors rather than security incidents or remediation stories. See Legal Foundation for privacy rights, standing rules, speech doctrine, statutory interpretation, and similar cases that inform security-law analysis without a full case-pack document set.

Done

Case write-ups that are complete and proofread.

Year Case Regime Technical focus
2019 Capital One (2019) — Cloud Breach, Regulatory Enforcement, and Class Settlement Bank regulator enforcement (OCC/Federal Reserve), Civil class action, CFAA (criminal) Cloud misconfiguration, SSRF / metadata service abuse (reported), Data exfiltration

In progress — proofreading

Cases with full write-ups; proofreading in progress.

Year Case Regime Technical focus
2006 ChoicePoint, Inc. (2006) — FTC Data Security Enforcement and Consumer Redress FTC Section 5, FCRA Data broker breach, inadequate access controls and customer vetting
2014 In re Target Corp. Customer Data Security Breach Litigation (2014) — MDL and Eighth Circuit Consumer class litigation (D. Minn. / 8th Cir.) Retail payment environments, MDL pleading and class certification, Evidence and logging readiness
2015 FTC v. Wyndham Worldwide Corp. (2015) — Section 5 Cybersecurity and Third Circuit Affirmance FTC Section 5 (Unfairness) — appellate Payment card data, Franchise/property connectivity, Segmentation, PCI-oriented assessments
2016 Spokeo, Inc. v. Robins (2016) — Article III Standing and FCRA U.S. Supreme Court — Article III standing Consumer report accuracy, People-search data, Concrete and particularized injury
2018 In the Matter of Altaba Inc., f/d/b/a Yahoo! Inc. (2018) — SEC Cybersecurity Disclosure SEC disclosure and internal controls Delayed breach disclosure, Disclosure controls, Materiality and incident escalation
2018 In re Yahoo! Inc. Customer Data Security Breach Litigation (2018) — MDL Consumer class litigation / MDL (N.D. Cal.) Standing and pleading in account data breach actions, Class certification themes
2020 In re Equifax Inc. Customer Data Security Breach Litigation — MDL, FTC/CFPB, and related actions MDL, FTC, CFPB Unpatched vulnerability, Credit bureau breach, Multi-agency orders and consumer redress
2020 In the Matter of Zoom Video Communications, Inc. (2020) — Encryption Claims, Mac Update, and FTC Security Order FTC Section 5 (Deception, Unfairness) Encryption claims, cloud recording storage, software update security, security program governance
2021 Van Buren v. United States (2021) — CFAA U.S. Supreme Court — CFAA “Exceeds authorized access” narrowed; Misuse of authorized access for improper purpose
2021 Firemen’s Retirement System of St. Louis v. Sorenson (2021) — Delaware Chancery (Marriott / Starwood) Delaware Chancery — derivative oversight Starwood reservation database breach, M&A cyber diligence, Board oversight
2022 FTC v. Drizly, LLC (2022) — Credential Stuffing and Reasonable Security FTC Section 5 (Unfairness) Credential stuffing, Account takeover, Excessive data retention
2023 SEC v. SolarWinds Corp. (2023) — Cyber disclosure and internal controls (dismissed 2025) SEC enforcement (S.D.N.Y.) Supply chain (SUNBURST), Cyber disclosures and internal controls, Public statements vs. assessments
2025 TikTok Inc. v. Garland (2025) - Foreign-Adversary Platform Control, Data Security, and First Amendment Review U.S. Supreme Court - National security, First Amendment, platform regulation Foreign-adversary control, sensitive data collection, recommendation algorithms, qualified divestiture

In progress — next

Cases planned next; write-ups in progress.

Year Case Regime Technical focus Documents
1986 CFAA, 18 U.S.C. § 1030 Criminal / Anti-Hacking Unauthorized access, protected computers, damage, extortion, and civil remedies U.S. Code
Cornell LII
1991 United States v. Morris, 928 F.2d 504 Criminal / Anti-Hacking Malware, unauthorized access, and foreseeable network disruption 2nd Source: Justia
2nd Source: law.resource.org
1996 Economic Espionage Act, 18 U.S.C. §§ 1831-1832 Criminal / Anti-Hacking Foreign economic espionage and commercial trade secret theft GovInfo U.S. Code
Cornell LII § 1832
1996 In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 Governance Board oversight, reporting systems, compliance monitoring 2nd Source: Justia
Reporter PDF
2001 Convention on Cybercrime, ETS No. 185 International Law Cybercrime treaty framework and cross-border cooperation Convention page
Treaty text
2001 R. v. Sharpe, [2001] 1 S.C.R. 45 International Law Comparative child-protection and expressive-content limits Judgment
CanLII
2006 ChoicePoint Inc. FTC data security settlement FTC / Consumer Protection Data broker breach, FCRA permissible-purpose controls, and information security program FTC case page
FTC press release
2008 K.U. v. Finland, Application no. 2872/02 International Law Online victim protection, offender identification, and Article 8 duties HUDOC judgment
BAILII mirror
2009 United States v. Drew, 259 F.R.D. 449 Criminal / Anti-Hacking CFAA limits for terms-of-service and unauthorized-access theories 2nd Source: Justia
2nd Source: WSJ court document PDF
2010 Stuxnet malware advisories National Security Industrial-control-system malware, zero-day exploitation, Siemens control software, and ICS mitigation CISA primary advisory
CISA mitigation advisory
2011 SettlementOne / credit reseller FTC cases FTC / Consumer Protection Credit-report reseller security, FCRA permissible-purpose controls, and GLBA Safeguards Rule FTC case page
FTC final-order press release
2011 United States v. Swartz, No. 1:11-cr-10260 Criminal / Anti-Hacking CFAA charging boundaries, JSTOR/MIT access, wire fraud, and protected-computer theories 2nd Source: CourtListener docket
2nd Source: CourtListener superseding indictment
2012 United States v. Nosal, 676 F.3d 854 Criminal / Anti-Hacking CFAA limits for policy-use restrictions and insider access Ninth Circuit PDF
2nd Source: Justia
2013 Directive 2013/40/EU on attacks against information systems International Law EU cybercrime offense harmonization for illegal access and interference EUR-Lex text
Official Journal PDF
2014 New York-Presbyterian / Columbia HIPAA settlement HIPAA / HITECH Shared-network ePHI exposure, risk analysis, and risk management controls HHS OCR case page
NYP resolution agreement
2014 Sony Pictures Entertainment cyberattack National Security Destructive malware, data theft, DPRK attribution, and public-private incident response FBI update
CISA destructive malware alert
2015 Cybersecurity Information Sharing Act of 2015 National Security Cyber threat indicator sharing, liability protection, and government-private coordination CISA Act PDF
Congress.gov
2016 Government cyber incident coordination National Security Federal cyber incident coordination, Cyber UCG, and public-private response structure PPD-41 archive
CISA NCIRP page
2017 Memorial Healthcare System HIPAA settlement HIPAA / HITECH Audit controls, impermissible PHI access, and information-system activity review HHS OCR case page
HHS settlement agreement
2017 NotPetya destructive malware Ransomware Destructive malware, M.E.Doc supply-chain delivery, and Russian military attribution CISA alert
CISA ICS alert
2017 WannaCry ransomware Ransomware Global ransomware propagation, EternalBlue exploitation, and DPRK attribution CISA alert
CISA North Korea advisories
2018 Anthem HIPAA settlement HIPAA / HITECH Large-scale health-plan breach, phishing, access controls, and monitoring HHS OCR case page
HHS guidance page
2018 In the Matter of PayPal, Inc. / Venmo FTC / Consumer Protection Payment privacy settings, GLBA Safeguards Rule, and security representations FTC decision and order
FTC case page
2018 LabMD, Inc. v. FTC, 894 F.3d 1221 FTC / Consumer Protection Data breach; Section 5 unfairness order specificity Eleventh Circuit PDF
FTC case page
2018 SEC v. Voya Financial Advisors SEC / Disclosure Regulation S-P Safeguards Rule and Identity Theft Red Flags Rule cybersecurity procedures SEC order
SEC press release
2018 In re Yahoo! Inc. Securities Litigation, No. 17-cv-00373 SEC / Disclosure Securities settlement after delayed cyber-breach disclosure and investor-loss allegations 2nd Source: CourtListener final approval order
SEC Yahoo order
2019 Marchand v. Barnhill, 212 A.3d 805 Governance Mission-critical risk oversight and board-level monitoring Delaware opinion PDF
2nd Source: Justia
2019 In re Equifax Inc. Securities Litigation, 357 F. Supp. 3d 1189 SEC / Disclosure Cybersecurity statements, data-breach disclosure, scienter, and securities-fraud pleading 2nd Source: vLex case text
2nd Source: CourtListener RECAP filing
2019 Rosenbach v. Six Flags Entertainment Corp., 2019 IL 123186 Industry Regulation Biometrics; notice, consent, and statutory injury under BIPA Illinois Supreme Court PDF
2nd Source: Casetext
2020 National Ink & Stitch, LLC v. State Auto Property & Casualty Insurance Co., 435 F. Supp. 3d 679 Civil Data Breach Ransomware, physical loss or damage, data/software loss, and insurance coverage 2nd Source: Justia opinion
2nd Source: Court document PDF
2020 Premera Blue Cross HIPAA settlement HIPAA / HITECH Health insurer phishing breach, enterprise risk analysis, and audit controls HHS OCR case page
Resolution agreement
2020 SolarWinds Orion supply chain compromise National Security Software supply-chain compromise, federal emergency directive, and Orion remediation CISA emergency directive
CISA news release
2021 Colonial Pipeline ransomware Ransomware Critical-infrastructure ransomware, ransom recovery, and incident reporting FBI statement
CISA/FBI DarkSide advisory
2021 Excellus Health Plan HIPAA settlement HIPAA / HITECH Long-dwell health-plan breach, risk analysis, risk management, and access controls HHS OCR case page
Resolution agreement
2021 G&G Oil Co. of Indiana v. Continental Western Insurance Co., 165 N.E.3d 82 Civil Data Breach Ransomware, computer fraud coverage, causation, and transfer-by-trick theories Indiana case summary
2nd Source: Justia opinion
2021 JBS Foods ransomware attack Ransomware Food-supply ransomware, operational disruption, federal coordination, and critical-infrastructure resilience USDA statement
FBI statement
2021 Joint Cyber Defense Collaborative (JCDC) National Security Public-private cyber defense planning and threat-information collaboration CISA JCDC page
CISA JCDC FAQs
2021 T-Mobile data breaches FCC consent decree National Security Carrier data breaches, CPNI protection, and zero-trust security commitments FCC consent decree
FCC document page
2021 United States v. Lazarus Group / DPRK cyber conspiracy Criminal / Anti-Hacking DPRK cyber intrusions, cryptocurrency theft, malware, and sanctions-evasion revenue DOJ indictment PDF
FBI wanted page
2022 Carnival Corporation NYDFS cybersecurity settlement Industry Regulation Ransomware, MFA, incident reporting, and cybersecurity certification failures NYDFS press release
2nd Source: National Law Review
2022 Directive (EU) 2022/2555 (NIS2) Industry Regulation Cyber risk management and incident reporting obligations EUR-Lex text
Official Journal PDF
2022 HermeticWiper destructive malware National Security Ukraine destructive malware, wiper analysis, and critical-infrastructure warnings CISA malware analysis
CISA/FBI advisory
2022 Morgan Stanley Smith Barney Regulation S-P order SEC / Disclosure Safeguards Rule, Disposal Rule, data disposal, encryption, and vendor oversight SEC press release
SEC Regulation S-P final rule
2022 Second Additional Protocol to the Budapest Convention International Law Cross-border electronic evidence, subscriber information, and emergency cooperation Council of Europe treaty text
Council of Europe protocol page
2022 In re SolarWinds Corporation Securities Litigation, No. 1:21-cv-00138 SEC / Disclosure SUNBURST-related securities claims, cybersecurity statements, and motion-to-dismiss pleading standards 2nd Source: CourtListener docket
2nd Source: Justia order
2023 3CX supply chain attack National Security Software supply-chain compromise and trojanized desktop application CISA alert
NVD CVE
2023 Blackbaud SEC/FTC cybersecurity actions SEC / Disclosure Ransomware disclosure controls, data retention, and reasonable safeguards SEC order
FTC case page
2023 Deterrence by indictment strategy Criminal / Anti-Hacking Public attribution, indictments, disruption, sanctions coordination, and cyber deterrence DOJ NatSec Cyber speech
DOJ Monaco speech
2023 First American Title NYDFS cybersecurity settlement Industry Regulation Access controls, risk assessment, and NYDFS Part 500 enforcement NYDFS consent order
NYDFS press release
2023 Five Eyes cyber advisory model International Law Joint cyber advisories, vulnerability coordination, and allied operational guidance CISA joint advisory
NCSC-NZ advisory PDF
2023 In re Okta, Inc. Securities Litigation, No. 3:22-cv-02990 SEC / Disclosure Cyberattack disclosure allegations, integration statements, and securities pleading after SaaS breach 2nd Source: Justia order
Stanford Securities Clearinghouse
2023 Merck & Co. v. ACE American Insurance Co., A-1879-21/A-1882-21 Ransomware NotPetya insurance coverage, hostile-or-warlike-action exclusion, and cyber war attribution New Jersey appellate opinion PDF
2nd Source: CPB analysis PDF
2023 MGM Resorts cyberattack SEC / Disclosure Cyber incident disclosure, operational disruption, and customer-data exposure SEC 8-K update
SEC initial 8-K
2023 MOVEit / CL0P exploitation campaign National Security Managed file-transfer zero-day exploitation, data theft, and ransomware TTPs CISA/FBI advisory
CISA advisory PDF
2024 AT&T FCC vendor cloud breach settlement National Security Vendor cloud breach, CPNI, data retention, and supply-chain security FCC consent decree
FCC document page
2024 Change Healthcare cyberattack HIPAA / HITECH Healthcare clearinghouse ransomware, HIPAA breach notification, and OCR investigation HHS OCR letter
SEC 8-K
2024 DEFIANCE Act of 2024 Industry Regulation Nonconsensual intimate digital forgeries, deepfake harms, and federal civil remedy Congress.gov bill text
GovInfo bill text
2024 INTERPOL cybercrime operations International Law Cross-border cybercrime operations, takedowns, and law-enforcement coordination INTERPOL Operation Synergia
INTERPOL Africa Cyber Surge
2024 REvil / LockBit / Hive ransomware enforcement actions Ransomware Ransomware disruption, indictments, seizures, and international law enforcement coordination DOJ REvil/Kaseya action
DOJ LockBit action
2024 UN Cybercrime Convention International Law Global cybercrime treaty, electronic evidence sharing, and international cooperation UNODC convention page
UN General Assembly resolution PDF
2024 XZ Utils backdoor attempt National Security Open-source supply-chain compromise, malicious tarballs, and CVE-2024-3094 CISA alert
NVD CVE
2025 Auto insurers NYDFS cybersecurity settlements Industry Regulation Auto quote-tool data breaches, driver-license data exposure, and Part 500 controls NYDFS press release
Farmers consent order
2025 Chollima fake employee campaign National Security DPRK remote IT-worker fraud, laptop farms, identity misuse, and revenue generation DOJ coordinated actions
FBI wanted page
2025 PayPal NYDFS cybersecurity settlement Industry Regulation SSN exposure, MFA, cybersecurity training, and NYDFS Part 500 controls NYDFS consent order
NYDFS press release
2026 DDoS-for-ransom and ransomware pressure tactics Ransomware Ransomware extortion, DDoS pressure, and incident-reporting guidance FBI/CISA ransomware flash
FBI/CISA advisory

Incoming case analysis

The following are planned. Same chronological order and columns as above.

Short Name Full Case Name Citation Year Court / Agency Official Link Regime Technical Focus Rule / Source of Authority Conduct at Issue Failure / Risk Outcome Reasonable Security Standard Significance
TikTok (privacy litigation) TikTok (privacy litigation) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A Industry Regulation Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Yale New Haven Health (2025) Yale New Haven Health (2025) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Tampa General Hospital (2025) Tampa General Hospital (2025) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
700Credit (2025) 700Credit (2025) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Under Armour (2025) Under Armour (2025) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Brewer v. Turner (Regions Bank) (2025) Brewer v. Turner (Regions Bank) (2025) Citation pending docket-level verification 2025 Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Disclosure Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
Maxwell v. Amazon.com (2025) Maxwell v. Amazon.com (2025) Citation pending docket-level verification 2025 Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Disclosure Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
Shah v. Capital One (2025) Shah v. Capital One (2025) Citation pending docket-level verification 2025 Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Data breach Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
Genesco v. Visa Genesco v. Visa Citation pending docket-level verification N/A Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Disclosure Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
In re Experian Data Breach Litigation In re Experian Data Breach Litigation Citation pending docket-level verification N/A Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Data breach Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
Betadata (Hypothetical Composite Case) Betadata (Hypothetical Composite Case) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Art Howe Claim (Betadata Plaintiff) Art Howe Claim (Betadata Plaintiff) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Heartland Payment Systems Heartland Payment Systems No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
TJX Companies TJX Companies No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Duke Energy (2019) Duke Energy (2019) No formal reported case identified 2019 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Vista Energy Storage (2024) Vista Energy Storage (2024) No formal reported case identified 2024 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
PG&E / DTE Energy (2019) PG&E / DTE Energy (2019) No formal reported case identified 2019 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Not hacking (CFAA) Not hacking (CFAA) No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination
Not misusing access (Van Buren boundary) Not misusing access (Van Buren boundary) No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination
Not over-enforcing (Swartz / Drew limits) Not over-enforcing (Swartz / Drew limits) No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination
Properly classifying incidents (NS vs Regulatory) Properly classifying incidents (NS vs Regulatory) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
French Telegraph Hack (1834) French Telegraph Hack (1834) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Unauthorized access Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Wireless Telegraph Disruption (1903) Wireless Telegraph Disruption (1903) No formal reported case identified 1903 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Phone Phreaking (1957) Phone Phreaking (1957) No formal reported case identified 1957 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
CIA Logic Bomb (1982) CIA Logic Bomb (1982) No formal reported case identified 1982 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Morris Worm (1988) (linked to Case 64) Morris Worm (1988) (linked to Case 64) No formal reported case identified 1988 N/A (incident/policy/concept entry) N/A National Security Unauthorized access Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Citibank Hack (1995) Citibank Hack (1995) No formal reported case identified 1995 N/A (incident/policy/concept entry) N/A National Security Unauthorized access Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Mafiaboy DDoS Attacks (2000) Mafiaboy DDoS Attacks (2000) No formal reported case identified 2000 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Casino Mega-Breaches (MGM / Caesars, 2023) Casino Mega-Breaches (MGM / Caesars, 2023) No formal reported case identified 2023 N/A (incident/policy/concept entry) N/A National Security Data breach Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Systemic Fragility Events (2024) Systemic Fragility Events (2024) No formal reported case identified 2024 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
$25M Deepfake CFO Scam (2026) $25M Deepfake CFO Scam (2026) No formal reported case identified 2026 N/A (incident/policy/concept entry) N/A National Security Social engineering Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
AI Hyper-Personalized Phishing (2025–2026) AI Hyper-Personalized Phishing (2025–2026) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Social engineering Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Retail Refund Bot Fraud (2026) Retail Refund Bot Fraud (2026) No formal reported case identified 2026 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Deepfake Hiring Infiltration (2026) Deepfake Hiring Infiltration (2026) No formal reported case identified 2026 N/A (incident/policy/concept entry) N/A National Security Social engineering Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Streameast Shutdown (2025) Streameast Shutdown (2025) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Anthropic AI Training Lawsuit (2025–2026) Anthropic AI Training Lawsuit (2025–2026) No formal reported case identified 2025 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Hack-Back Prohibition (CFAA) Hack-Back Prohibition (CFAA) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A Criminal / Anti-Hacking Unauthorized access Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Grifo & Company v. Cloud X (iNSYNQ) Grifo & Company v. Cloud X (iNSYNQ) Citation pending docket-level verification N/A Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Cloud misconfiguration Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
In re Blackbaud, Inc. (2020–2024) In re Blackbaud, Inc. (2020–2024) Citation pending docket-level verification 2020 Court/agency to confirm from primary record TBD (official source link pending) Civil Data Breach Data breach Primary authority requires docket/citation confirmation Case name identified; conduct summary pending primary-source verification Risk/failure characterization pending primary-source verification Outcome pending primary-source verification Apply only after official opinion/order is confirmed Processed with explicit uncertainty; no citation hallucination
DC Metropolitan Police (2021) DC Metropolitan Police (2021) No formal reported case identified 2021 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
The Guardian (2022) The Guardian (2022) No formal reported case identified 2022 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Toronto SickKids Hospital (2022) Toronto SickKids Hospital (2022) No formal reported case identified 2022 N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Regulatory Fragmentation Problem (52+ Rules) Regulatory Fragmentation Problem (52+ Rules) No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination
Sovereignty Principle (Cyber) Sovereignty Principle (Cyber) No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Non-Intervention Principle Non-Intervention Principle No formal reported case identified N/A N/A (incident/policy/concept entry) N/A National Security Disclosure Non-adjudicated source (incident report, statute, policy, or doctrine) Mapped from source narrative rather than court opinion Not litigated as a single reported decision Use as factual/policy reference, not binding case outcome Treat as operational lesson unless linked to a cited adjudication Completed as non-case analytical entry
Attribution Problem (Core Constraint) Attribution Problem (Core Constraint) No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination
Legal compliance across jurisdictions Legal compliance across jurisdictions No formal reported case identified N/A N/A (conceptual or policy entry) N/A National Security Disclosure Policy/doctrinal source rather than adjudicated opinion Conceptual synthesis from course materials Not independently litigated as a single case record Use as analytical framework, not citable case holding Do not treat as precedent; pair with primary cases Normalized as non-case entry to prevent citation hallucination

Taxonomy

Link Description
Regimes Legal and regulatory regime: FTC Section 5, SEC disclosure, bank regulators, HIPAA, GLBA, CFAA, state privacy, and others.
Legal issues Legal doctrine: unfairness, deception, materiality, standing, duty of care, remedies, and related concepts.
© 2026 Yi Zhang. Licensed under the MIT License.
Last updated: 2026 April 30 6:55 AM