Mark Rasch writes:
When something goes wrong, after exhausting all other possible alternatives, a company may go to its lawyer with the silliest question you can ever ask a lawyer — “Can I sue?”
The basic answer is, “if it moves, sue it…” “If it doesn’t move… move it… then sue it…” And when asked, “What would I sue for?” the answer is “For a real long time…”
Of course, this is a bit facetious. Lawyers are required to have a good faith belief, backed by evidence and a reasonable investigation, that they have a proper cause of action before filing a lawsuit. But civil litigation has increasingly complemented criminal investigations in hacking and related cases. Even when getting an award of damages is unlikely, civil litigation can result in injunctive relief, discovery, and help prevent future harm.
Google’s “Lighthouse” PhaaS Lawsuit
On November 12, 2025, Google filed a lawsuit in the Southern District of New York against the operators of a massive “Phishing-as-a-Service” platform called Lighthouse. It wasn’t just trying to make a point. It was making a move. The complaint reads like a hybrid between a hacking indictment and a racketeering case. Lighthouse, Google alleged, sold ready-made phishing kits that impersonated brands like E-ZPass, USPS, and Google itself — complete with sign-in screens using Google’s trademarks. Those kits, rented out to criminals worldwide, helped steal credentials and credit card data from millions of users. Google’s legal response? Don’t just wait for law enforcement. Sue the hackers.
Read more at Security Boulevard.