Skip to content

Computer Fraud and Abuse Act

DOJ Revises Policy for Charging Cases Under the Computer Fraud and Abuse Act

On May 19, 2022, the Department of Justice (“DOJ”) announced a new revised policy (“Revised Policy”) for charging violations under the Computer Fraud and Abuse Act (“CFAA”). The Revised Policy is effective immediately. The Revised Policy for the first time directs that good-faith security research should not be charged. The DOJ provided that “[g]ood faith security research means accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner… Read More »DOJ Revises Policy for Charging Cases Under the Computer Fraud and Abuse Act

Class Action Complaint Filed Against Apple for Allegedly Authorizing and Maintaining a Malicious Cryptocurrency Hacking Application in Its App Store

On September 16, 2021, Plaintiff Hadona Diep, on her own and on behalf of those similarly situated, filed her Class Action Complaint against Apple, Inc., asserting nine (9) separate claims, including claims for violations of the Computer Fraud and Abuse Act (18 U.S.C. § 1030, et seq.) and violations of the Electronic Communications Privacy Act (18 U.S.C. § 2510, et seq.). According to the Class Action Complaint’s allegations: On March 2020, Plaintiff downloaded the Toast Plus application from the Apple App Store. Plaintiff believed Toast… Read More »Class Action Complaint Filed Against Apple for Allegedly Authorizing and Maintaining a Malicious Cryptocurrency Hacking Application in Its App Store

Middle District of Florida Dismisses Computer Fraud and Abuse Act (CFAA) Claim Concerning “Devices” vs. “Accounts” Requiring A More Definite Statement

On July 26, 2021, the U.S.D.C. for the Middle District of Florida, granted ADP, Inc.’s (“ADP”) motion for a more definite statement, dismissing Plaintiff’s CFAA claim. See Opinion and Order at the bottom. Plaintiff sued both Defendants (ADP and Automatic Data Processing, Inc.) for twelve different claims. However, this blog post narrowly addresses only the CFAA claim. According to Plaintiff, his former employer (ADP) , hacked into his electronic devices to take his information, including communications with his lawyers. According to Plaintiff, ADP also allegedly… Read More »Middle District of Florida Dismisses Computer Fraud and Abuse Act (CFAA) Claim Concerning “Devices” vs. “Accounts” Requiring A More Definite Statement

Chief Operating Officer of a Network Security Company Charged with Cyberattack on Atlanta Medical Center

On June 10, 2021, a Georgia man was arraigned on charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018. See DOJ press release. According to the indictment, Vikas Singla of Marietta, the chief operating officer of a metro-Atlanta network security company that served the health care industry, allegedly conducted a cyberattack on Gwinnett Medical Center. More specifically, the Indictment alleges Singla, without authorization to a protected computer and/or exceeding his authorized access: (1) disrupted the medical center’s phone system; (2) disrupted… Read More »Chief Operating Officer of a Network Security Company Charged with Cyberattack on Atlanta Medical Center

SCOTUS Narrows Scope of the Computer Fraud and Abuse Act (CFAA)

In a 6-3 decision handed down on Thursday, June 3, 2021, the Supreme Court issued an opinion narrowly interpreting the Computer Fraud and Abuse Act (“CFAA”) . Just Amy Coney Barrett authored the opinion, and was joined by Justices Sotomayor, Kagan, Gorsuch, Breyer, and Kavanaugh. Justice Clarence Thomas authored the dissent, which was joined by Justice Alito and Chief Justice Roberts. Former Georgia police sergeant Nathan Van Buren (Van Buren) used his patrol-car computer to access a law enforcement database to retrieve information about a… Read More »SCOTUS Narrows Scope of the Computer Fraud and Abuse Act (CFAA)