Jake Holland and Andrea Vittorio report:
Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions.
Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.’s hotel reservations database. The decision came after Capital One Financial Corp. was forced to turn over cybersecurity firm Mandiant’s report on a cloud hack in another case.
The cases raise questions about whether a consultant’s work should be considered fair game for class action lawyers gathering evidence on a cyber incident to try to hold the consulting firms responsible for fallout from breaches.
Read more on Bloomberg Law.