Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

August 29, 2018

The "Internet of Things" Is Primed for a Litigation Explosion: Could It Impact You?

The "Internet of Things" (IOT) refers to devices that can connect to and exchange information with the internet. This includes the devices we traditionally think of as having internet connectivity, such as laptops and smart phones, and as technology advances, the list of items joining the IOT continues to grow. Televisions, cars, medical devices, home systems (e.g., doorbell cameras, door locks, garage door openers, lighting, and media systems), and even refrigerators are now internet capable. Some studies suggest the IOT devices currently in circulation exceed 8 billion, and that number is expected to grow to over 20 billion by 2020.

As the volume of internet-capable devices grows, so does the risk of criminals finding new and different ways to exploit vulnerabilities. Imagine not just the possibility of your personal information being compromised by a data breach but the potential for an individual in a foreign nation to remotely threaten bodily injury if you fail to pay a digital ransom by hacking into your medical device, car, or house. Imagine further the potential legal implications of such "cyber-physical" breaches for developers, manufacturers, and retailers of those products.

To date, these cases have been relatively few and far between. However, a few recent cases and legal insights from prominent class-action firms that deal in the cyber realm suggest the IOT may be on the brink of a litigation explosion.

For example, in March, Standard Innovation Corp. entered into a $3.75 million settlement arising from privacy claims relating to an internet-connected intimate device sold by the company. The class-action lawsuit alleged the company improperly collected highly personal data on the product's users without the users' knowledge or consent.

In July, a federal court in Illinois partially certified a class of plaintiffs in a lawsuit involving an alleged hacking vulnerability in the Infotainment centers of certain Dodge and Jeep vehicles. The plaintiffs in that case allege the vulnerability could allow hackers to remotely access and issue commands to the vehicles.

Plaintiffs' counsel and cybersecurity professionals suggest these sorts of vulnerabilities are widespread among IOT devices. One such plaintiffs' counsel whose firm operates its own forensic lab to test IOT devices recently stated that numerous devices are subject to relatively simple hacks that any reasonably intelligent individual with basic computer knowledge could pull off.

Clearly this issue is of interest to just about everyone. We all have numerous IOT devices in our personal and professional lives—and the sorts of data these devices are transmitting or collecting and what the devices could be remotely directed to do concern us all. For those businesses that are or may be connected (no pun intended) to the development, sale, or use of IOT devices now or in the future, there is yet another layer of cyber risk that must be considered and addressed.

Anyone who has dealt with a ransomware attack can vouch for the disruption, stress, and expense associated with these attacks. What if instead of simply threatening your data, a cybercriminal was threatening to shut down the monitoring of IOT medical devices or, even worse, disable such devices altogether?

Who might be liable if a hacker accesses the software controlling a pacemaker and threatens to stop the device or alter it in a way that causes injury or death to the patient? The device manufacturer? The distributor? The hospital where the device was implanted? The doctor who implanted it?

What about a scenario where a hacker remotely causes a car to suddenly shut down, stop, or swerve in the middle of highway traffic? Is the software developer responsible? The car manufacturer? The local dealership? The driver?

These questions and many others concerning the IOT remain to be answered. Industry experts and regulatory agencies such as the Federal Trade Commission acknowledge the need for reasonable security standards for IOT devices"”but also recognize that perfect security is not possible and that there must be room within any regulatory scheme for innovation. As a result, the IOT continues to grow unchecked by substantial regulation or even by agreed upon industry standards.

Regardless, as the IOT continues to grow, it presents a thorny field of legal issues that will need to be answered for the first time by a court or lawmakers and that should undoubtedly be thought about and assessed before your company sees them asserted against it in a lawsuit.

If you have any questions regarding the information provided in this alert, please contact Nick DiCesare, cybersecurity team leader, at


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


NYS Department of Health Publishes Amended Proposed Cybersecurity Regulations for Hospitals


FTC Noncompete Rule Survives—For Now


New York Trial Court Finds Uber Is Not Vicariously Liable for Driver's Negligence


ERISA Forfeiture Lawsuits: Navigating the Emerging Legal Landscape


EU Leads the Way on Artificial Intelligence Regulation


End of An Era: SCOTUS Overturns Chevron After 40 Years of Deference to Administrative Agencies

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out