Craig R. Smith Quoted on First Circuit Data Breach Liability Ruling in Mass Lawyers Weekly

Software company lacked ‘downstream’ liability for data breach
1st Circuit rejects insurer’s equitable indemnification theory

Partner and Litigator Craig R. Smith was quoted in Massachusetts Lawyers Weekly on a First Circuit decision rejecting “downstream” liability claims against a software vendor following a data breach.

The case, Axis Insurance Co. v. Barracuda Networks, Inc., addressed whether a software vendor could be held liable under a theory of equitable indemnification for damages paid by an end user after a data breach. The U.S. Court of Appeals for the First Circuit rejected that theory, holding that liability cannot be imposed absent a direct, vicarious, or derivative relationship between the vendor and the end user.

In commenting on the ruling, Craig highlighted a key challenge created by modern contracting structures, where services are often delivered through multiple layers of resellers and subcontractors operating under separate agreements.

Read the full article at masslawyersweekly.com [subscription required].