Fraud and Extortion
Eight banking web sites in the United States, Canada, Great Britain, and Thailand were attacked resulting in 23,000 stolen credit card numbers. The hackers proceeded to publish 6,500 of the cards online causing third-party damages in excess of $3,000,000.

A hacker stole approximately 300,000 customer credit card numbers from an online retailer. The hacker then attempted to use the stolen information to extort $100,000 from the company. Upon the firm's refusal to cooperate, the hacker posted 23,000 card numbers online. As a result of the charge denials, credit card cancellations and re-issuance, the online retailer suffered approximately $2,000,000 in lost income and third-party damages.

Two hackers cracked the computer systems of a major market research firm and subsequently obtained confidential corporate records. The stolen files included employee photographs, network passwords and personal credit card numbers of numerous senior managers. The hackers threatened to reveal the security breach to the company's clients unless the Board of Directors paid them a "consulting fee" of $200,000. Upon retaining expert cybercrime investigators, the hackers were apprehended and prosecuted. The research firm spent approximately $1,000,000 in investigative and public relations fees.

Denial-of-Service Attacks, Sabotage & Business Interruptions
A hacker overwhelmed several large web sites through multiple distributed denial of service (DDOS) attacks. The culprit hijacked various computers throughout the world to bombard target servers with seemingly legitimate requests for data. It is estimated that the DDOS attacks, which interrupted the sites' ability to efficiently conduct their business, caused over $1.2 billion in lost business income.

A disgruntled employee of a major consulting firm downloaded malicious code onto the networks of the firm, its clients and vendors. The code launched confidential information into the public domain and destroyed some critical corporate applications, resulting in more than $10,000,000 in third-party claims.

Viruses
In 1999, the Melissa email virus overwhelmed systems of thousands of companies around the world. The operations of at least 60 US-based Fortune 500 companies were brought to a halt due to the inability to handle the massive amounts of incoming and outgoing messages generated by the virus. The virus collectively caused millions of dollars in lost business income.

The Love Bug virus (also known as the "I Love You" virus) spread rapidly through corporate email systems, infecting networks of hundreds of companies around the world. This attack was followed a few days later by as many as 11 copycat versions of the virus. It is estimated that the series of attacks collectively cost billions of dollars in lost business income and extra programming time.

Personal Injury/Privacy
One of nation's largest health insurers inadvertently sent email messages to 19 members containing confidential medical and personal information of 858 other members. Although the company immediately took steps to correct the problem, the company is now exposed to lawsuits alleging invasion of privacy.

A utility admitted to a massive security breach that left debit card details of thousands of customers open to public scrutiny. A customer discovered the security hole when he went to pay his bill online - he discovered three files on the web server, containing the names, addresses and card details of more than 5,000 home and business users, including his own.

An e-tailer brought suit against a web designer for damages the e-tailer sustained as the result of the unauthorized access of its private data files by a "hacker". The suit alleges that the web designer negligently designed the e-tailer's web site by not providing adequate safeguards to prevent such type of intrusion.

Privacy Violations--Unauthorized Access to Customer Information
A bank employee obtained unauthorized access to the computer system in order to search for potential clients for a friend in the real estate business. The employee provided confidential information regarding consumers to the friend. The scheme was discovered after the confidential information was leaked to another party and subsequently used as a part of an identity theft scheme.

Intellectual Property Infringement
An online service allowed a famous author to advertise a book in one of its forums. The online service was sued for copyright infringement by an artist who claimed that the author used certain artwork on the cover of his book without getting the artist's permission.

An online news service created a web site inclusive of hyperlinks to alternate sites that were maintained by traditional print and broadcast media companies. When users clicked the links, they were linked to a framed copy of the site, rather than the site, itself. The traditional media firms sued the host site for copyright and trademark infringement on the basis that the firm was a "parasitic…site that republished the news and editorial content in order to attract both advertisers and users."

An online insurance brokerage created a hyperlink that seemingly transferred its clients to additional pages on the site. It was later discovered that the brokerage "deep-linked" its users to the web pages of various insurance companies creating a seamless navigational experience. The insurance companies sued the online brokerage for copyright and trademark infringement.

In an effort to drive additional users to its site, an online retailer registered meta tags that identified its firm with the names of its competitors. Upon discovery of the incident, competitors sued the retailer for copyright infringement.

Negligent Security
On June 21, 2000, hackers penetrated a US sporting apparel's computer network and redirected its online traffic to a rogue anti-apparel site via servers domiciled at an overseas web hosting facility. The traffic swamped the overseas servers and subsequently impaired service to its real customers. The web host is suing the apparel firm for negligence in adequately securing its Internet domain.

Online Trespass
An online direct marketing company emailed solicitations on behalf of its clients to all users of a commercial Internet service provider (ISP). The ISP sued the marketing company for online trespassing. The court found that the marketing company was liable for trespass and damage to the ISP's reputation.

Unauthorized Access
An employee of a major financial institution obtains account information and credit card account numbers for 68 accounts from the bank's computer systems without authorization or in excess of her authorization. The information is used in a scheme to defraud the bank, and results in the fraudulent acquisition of good valued at approximately $100,000.

Hacking/Breach of Network Security and Extortion
Russian hackers gain unauthorized access to the computer systems of various financial institutions and others. Using this unauthorized access, the hackers obtain account information for over 56,000 credit cards as well as personal financial information of consumers. The hackers used the information to defraud Internet payment services as well as to control/manipulate Internet auctions. In addition, the hackers attempted to extort money from the victims with threats of exposing information publicly, or damaging the victims computer systems.