A recent class action refiled in federal court against Shopify highlights a growing trend of lawsuits against companies related to the theft of cryptocurrency, particularly as a result of internal company threats.  See Forsberg et al v. Shopify, Inc. et al, 1:22-cv-00436 (D. Del.).  Despite not itself being a repository for or facilitating the sale of any cryptocurrency, the plaintiffs in the Shopify case allege that Shopify is liable for a theft of cryptocurrency after Shopify experienced a data breach caused by its own employees, which exposed a customer list for a cryptocurrency hardware wallet vendor, Ledger SAS.  As cryptocurrency storage and related transactions increasingly feature in companies’ online presence, there is likely to be a growing risk posed by threat actors motivated to target crypto-related assets and data, and more litigation activity in this space. According to the complaint, the Shopify case arose from a 2020 data breach.  In the cryptocurrency space, actual units of currency (e.g., bitcoin) are stored in digital “wallets” that are protected by “private keys.”  Private keys are access codes known only to the owner of the wallet.  Owners of cryptocurrency can store these private keys in internet-accessible databases and/or in physical devices or storage spaces that are not connected to the internet.

Plaintiffs allege that Ledger SAS is a vendor of these physical devices and that it used Shopify as its e-commerce platform.  Because of this, they contend that Shopify possessed a list of customers who had purchased Ledger devices, including full names, emails, and physical addresses, and that this information allegedly was leaked by “two rogue members of [Shopify’s] support team” at the behest of a hacker.  Plaintiffs aver that Shopify’s alleged negligence in failing to prevent the data breach, coupled with allegedly delayed notice, allowed hackers to use the information to launch phishing attacks against plaintiffs and putative class members resulting in the loss of cryptocurrency and other injuries.  While Shopify and Ledger initially succeeded in securing dismissal of the lawsuit on personal jurisdiction grounds when it was filed in federal district court in California, a different set of named plaintiffs have since refiled these claims in the district of Delaware, where Shopify USA is incorporated.

Due to the nature of cryptocurrency valuations, the individual damages claims in these cases have the potential to far exceed the more nominal individual amounts in a typical data breach case where the primary payout is identity theft protection services.  Furthermore, cryptocurrency transactions often are non-reversible, so unlike thefts from traditional online banking services, it may be difficult or impossible to claw back stolen crypto funds. Other cases have been filed recently involving similar theories relating to data breaches that allegedly resulted in the theft of cryptocurrency, including in the Northern and Central Districts of California, suggesting that this area will continue to face increasing litigation activity.

 

 

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Sam Greeley Sam Greeley

Samuel Greeley is an associate in the firm’s Washington, DC office representing clients in complex civil litigation and government investigations. Sam’s practice focuses on a broad range of high-stakes issues facing companies in the tech sector, including class actions, antitrust investigations and litigation…

Samuel Greeley is an associate in the firm’s Washington, DC office representing clients in complex civil litigation and government investigations. Sam’s practice focuses on a broad range of high-stakes issues facing companies in the tech sector, including class actions, antitrust investigations and litigation, and federal agency enforcement matters. This includes advising clients on issues relating to cryptocurrency and digital assets, and how they can stay ahead of the quickly evolving enforcement and litigation landscape. He has also defended clients from class actions and white collar investigations in other industries, including life sciences and healthcare.

Photo of Ashley Simonsen Ashley Simonsen

Ashley Simonsen is a litigator whose practice focuses on defending complex class actions and mass torts in state and federal courts across the country.

Ashley represents clients in the technology, consumer brands, financial services, and sports industries through all stages of litigation, including trial…

Ashley Simonsen is a litigator whose practice focuses on defending complex class actions and mass torts in state and federal courts across the country.

Ashley represents clients in the technology, consumer brands, financial services, and sports industries through all stages of litigation, including trial, with a strong track record of success on early dispositive motions. Her practice encompasses advertising, antitrust, product defect, and consumer protection matters. Ashley regularly advises companies on arbitration clauses in consumer agreements and related issues, including mass arbitration risks and issues arising under McGill v. Citibank, N.A. And she is one of the nation’s leading experts on “true lender” issues and the related “valid when made” doctrine.

Ashley has been recognized three times by Law360 as an “MVP” (in Class ActionsTechnology, and Banking) and as a “Rising Star” (in Banking). Her successful representation of Meta earned her a 2021 “Top Verdict” recognition from the Daily Journal. She has also been included in the Daily Journal’s list of the “Top 100 Lawyers” and “Top Women Lawyers” in California, named a “Lawyer on the Fast Track” and “Women Leader in Tech Law” by The Recorder, and recognized twice as a Leader of Influence: Litigators & Trial Lawyers by the Los Angeles Business Journal. Before practicing law, Ashley was an associate at Lehman Brothers in New York where she advised banks on balance sheet management and interest rate hedging strategies.

Photo of Mike Nonaka Mike Nonaka

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and…

Michael Nonaka is co-chair of the Financial Services Group and advises banks, financial services providers, fintech companies, and commercial companies on a broad range of compliance, enforcement, transactional, and legislative matters.

He specializes in providing advice relating to federal and state licensing and applications matters for banks and other financial institutions, the development of partnerships and platforms to provide innovative financial products and services, and a broad range of compliance areas such as anti-money laundering, financial privacy, cybersecurity, and consumer protection. He also works closely with banks and their directors and senior leadership teams on sensitive supervisory and strategic matters.

Mike plays an active role in the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as bitcoin and other cryptocurrencies, blockchain, big data, cloud computing, same day payments, and online lending. He has assisted numerous banks and fintech companies with the launch of innovative deposit and loan products, technology services, and cryptocurrency-related products and services.

Mike has advised a number of clients on compliance with TILA, ECOA, TISA, HMDA, FCRA, EFTA, GLBA, FDCPA, CRA, BSA, USA PATRIOT Act, FTC Act, Reg. K, Reg. O, Reg. W, Reg. Y, state money transmitter laws, state licensed lender laws, state unclaimed property laws, state prepaid access laws, and other federal and state laws and regulations.

Photo of Kathryn Cahoy Kathryn Cahoy

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer…

Kate Cahoy co-chairs the firm’s Class Actions Litigation Practice Group and serves on the leadership committee for the firm’s Technology Industry Group. She defends clients in complex, high-stakes class action disputes and has achieved significant victories across various industries, including technology, entertainment, consumer products, and financial services. Kate has also played a key role in developing the firm’s mass arbitration defense practice. She regularly advises companies on the risks associated with mass arbitration and has a proven track record of successfully defending clients against these challenges.

Leveraging her success in class action litigation and arbitration, Kate helps clients develop strategic and innovative solutions to their most challenging legal issues. She has extensive experience litigating cases brought under California’s Section 17200 and other consumer protection, competition, and privacy laws, including the Sherman Act, California Consumer Privacy Act (CCPA), California Invasion of Privacy Act (CIPA), Wiretap Act, Stored Communications Act, Children’s Online Privacy Protection Act (COPPA), Video Privacy Protection Act (VPPA), along with common law and constitutional rights of privacy, among others.

Recent Successes:

  • Represented Meta (formerly Facebook) in a putative nationwide advertiser class action alleging violations under the California Unfair Competition Law (UCL) related to charges from allegedly “fake” accounts. Successfully narrowed claims at the pleadings stage, defeated class certification, opposed a Rule 23(f) petition, won summary judgment, and defended the victory on appeal to the Ninth Circuit. The Daily Journal selected Covington’s defense of Meta as one of its 2021 Top Verdicts, and Law.com recognized Kate as a Litigator of the Week Shoutout.
  • Defeated a landmark class action lawsuit against Microsoft and OpenAI contending that the defendants scraped data from the internet for training generative AI services and incorporated data from users’ prompts, allegedly in violation of CIPA, the Computer Fraud and Abuse Act (CFAA), and other privacy and consumer protection laws.

Kate regularly contributes to the firm’s blog, Inside Class Actions, and was recently featured in a Litigation Daily interview titled “Where Privacy Laws and Litigation Trends Collide.” In recognition of her achievements in privacy and antitrust class action litigation, the Daily Journal named her as one of their Top Antitrust Lawyers (2024), Top Cyber Lawyers (2022), and Top Women Lawyers in California (2023). Additionally, she received the Women of Influence award from the Silicon Valley Business Journal and was recognized by Daily Journal as a Top Attorney Under 40.