I believe this to be a bad idea.

https://gizmodo.com/hack-disruptive-technology-strike-force-justice-dept-1850123260

The Feds Are Launching a Hack Back Squad

The Disruptive Technology Strike Force could stop some tech theft but risks escalating already fraught tensions with China, experts say.

… The new “Strike Force” comes on the heels of growing calls from many conservatives, and an increasing number of Democrats, for the federal government to take a tougher stance again tech and IP theft. A bipartisan Senate Intelligence Committee report released last year estimated the U.S. may be losing up to $600 billion from global IP theft every year. The FBI, meanwhile, estimates cyber attacks and malicious cyber activity may have cost U.S. businesses over $6.9 billion in losses in 2021. Those total losses, CNBC notes, were up a staggering 64% compared to the year before. If successful, the strike force could potentially stem some of that bleeding and refocus mitigation efforts in the private sector.

If the Bad Guys don’t get you, your customers might.

https://www.databreaches.net/private-data-breach-litigation-comes-of-age/

Private Data Breach Litigation Comes of Age

Quinn Emanuel Urquhart & Sullivan, LLP write, in part:

Companies face yet another major risk after a data breach—one which is increasing exponentially—data breach litigation brought by private plaintiffs, often in the form of class actions brought by sophisticated plaintiffs’ counsel who specialize in such cases. Private civil litigation is now a probability, not a possibility, after a major data breach. 36 major data breach class actions were filed in 2021, a 44% increase from 2020. Private plaintiffs typically race to the courthouse to jockey for position, with complaints now brought on average within four weeks of a breach announcement.

These private actions, had they been pursued a decade earlier, would have faced little prospect of success. Private plaintiffs during the initial wave of data breach litigation struggled to establish standing or successfully plead duty, causation, and damages See, e.g., In re: Adobe Sys., Inc. Privacy Litig., 66 F. Supp. 3d 1197, 1212 (N.D. Cal. 2014) (noting that “courts in data breach cases regularly” dismiss claims because “increased risk of future harm is insufficient to confer Article III standing”); In re: Sony Gaming Networks & Customer Data Sec. Breach Litig., 996 F. Supp. 2d 942, 963-65 (S.D. Cal. 2014) (dismissing negligence claims because “Plaintiffs’ allegations of causation and harm are wholly conclusory” and Plaintiffs “failed to allege a single cognizable injury proximately caused by Sony’s resulting breach”). Their task was complicated by facts that, by their nature, often involve incremental risk and latent harm. In the intervening years, however, the plaintiffs’ bar has developed a series of creative theories that have frequently succeeded in moving data breach actions beyond the pleadings stage. The result is that large settlements of consumer data breach cases are now quite common, with notable recent resolutions involving T-Mobile ($350 million to consumers), Equifax ($380.5 million), Capital One ($190 million), Zoom ($85 million), Hy-Vee ($20 million), and Home Depot ($12.88 million).

This article explores the latest developments in private data breach litigation. We focus first on the challenges that plaintiffs face in establishing standing and damages. The assessment of whether these plaintiffs have suffered a cognizable injury-in-fact (as required for Article III standing) is necessarily intertwined with the type and viability of the harms they allege. Accordingly, we first consider both standing and damages. We then analyze the state-of-the-art claims currently being asserted by plaintiffs and the defenses being depoyed by companies in response. Finally, we conclude with a discussion of expected future trends.

Read the article at JDSupra.