The fact pattern sounds like it was ripped from the pages of a Hollywood screenplay. Two criminals back a trailer to a pharmaceutical warehouse and cut a hole in the ceiling of the facility. They proceed to utilize the company’s own forklifts to load over $80 million in prescription drugs into the trailer and exit without detection on any security cameras. All told, authorities estimate that the heist represents the largest known theft of prescription drugs in US history. The last scene in this bizarre, real world thriller takes place in the Federal District Court of Connecticut where the parties are fighting the first cyber liability suit of its kind with major implications on the fiduciary responsibilities of data storage and security companies.
According to reports, the insurance carrier for the victim of the heist, pharmaceutical giant Eli Lilly and Co., recently filed suit against the entity formerly known as ADT Security Services, Inc. The carrier claims that ADT is liable for the heist because it failed to safeguard confidential information about security weaknesses at the warehouse. Allegedly, ADT “allowed” the thieves to obtain access to specific data about Eli Lilly’s security system which provided “unique and confidential knowledge of the security system …to effectively infiltrate the warehouse without triggering the security monitoring system.”
Allegedly, ADT prepared a confidential report identifying the location of every motion detector, beam, security camera, control panel as well as certain security blind spots that the thieves followed step-by-step to gain access to the valuable merchandise. The suit also points to similar warehouse robberies at ADT-monitored facilities which allegedly were committed with the aid of confidential information about the security system.
The potential ramifications of this suit are far-reaching if the court were to impose such fiduciary obligations on a security company. As we move closer and closer to a paperless environment, the risk of cyber-liability continues to increase. We will keep an eye on this lawsuit to document the continuing reach of potential cyber exposure.