Lawyers call it the unauthorized access to a computer. Hackers and security professionals call it the exploitation of vulnerabilities in a system. Individuals and business owners call it hacking. Whatever you may call it, it is important to know what can be done when you are hacked. For purposes of this post, I am assuming that you have discovered that you were hacked and are now left to identify a legal remedy. You may be able to rely upon both criminal and civil statutes in order to obtain injunctive relief and monetary damages. That said, there are requirements you must meet under the various laws in order to have a remedy, so you should immediately involve an Internet Lawyer to help you navigate the remediation process as well as the legal process.
Under civil law, which will allow you to become a plaintiff in a lawsuit, you will need to rely upon the federal Computer Fraud and Abuse Act (CFAA) and/or your state laws, such as here in Texas the Texas Harmful Access by a Computer Act (HACA). To establish liability against an individual and/or entity under CFAA, you must be able to prove that a defendant (1) intentionally accessed a computer, (2) without authorization or exceeding authorized access, and that he (3) obtained information (4) from a protected computer (if the conduct involved an interstate communication), and that (5) there was a loss to one or more persons during any one-year period totaling at least $5,000. To establish liability against an individual and/or entity under HACA, which relies upon the Breach of Computer Security criminal statute, you must be able to prove that a defendant (1) knowingly and intentionally access a computer, computer network or computer system; (2) without the effective consent of the owner; and (3) the owner suffered damages.
Various fact patterns may warrant a computer hacking lawsuit, including traditional black-hat hacking (think Target data breach), hijacking another’s email via its computer, or even an ex-employee or ex-wife or ex-wife surreptitiously accessing a computer. Hacking may not be limited to traditional computers but instead extend to cell phones, wearables and other devices that constitute a protected computer (i.e. anything with a processor), and it can extend into such things as video games and websites. So long as the elements identified above can be established, and brought within the applicable statute of limitations (e.g. 2 years for CFAA claims), hacking statutes can be serious claims in litigation. That said, in order to use them, the attorneys must understand the nuances between such statutory language and loss and damage as well as limitations on damages and costs and attorneys fees.
While CFAA was commonly used in trade secret misappropriation cases in hopes of establishing jurisdiction in federal court, the passage of the Federal Trade Secrets Act may render the CFAA more applicable to what appears to be the original intent, namely instances of computer hacking. Regardless, understanding the scope of computer hacking liability in the digital age is critically important, whether you have been hacked or alleged to be a hacker.
The reality is that once a computer is hacked and data is accessed and/or made available, it is difficult to undo the harm that has been done. Monetary damages may help but being able to quickly identify and hopefully enjoin any further hacking by relying upon these computer hacking laws may be your most valuable tool.