News & Noteworthy

Hacking Email Accounts is a Bad Litigation Strategy

Posted on August 9, 2017

It might seem obvious that hacking into your adversary’s email account and stealing email is a dangerous litigation tactic, but that has not stopped New York litigants from trying.  Unsurprisingly, New York Courts do not condone email theft and the trend appears to be towards harsher penalties, including recently striking a defendant’s answer and giving the hacked plaintiff a total victory.

In Forward v. Foschi, 27 Misc.3d 1224(A), 911 N.Y.S.2d 692 (Sup. Ct. Westchester Co. May 18, 2010), the parties were warring former business partners with a romantic past fighting over their former business.  Plaintiff secretly accessed defendant’s business and personal email accounts to forward emails to plaintiff’s attorney.  Defendant failed to safeguard her email accounts, having given plaintiff the password for a work account and leaving a personal account open on a shared work computer.  Defendant discovered plaintiff was accessing her work email, and intentionally sent phony emails to provide plaintiff with misleading information.  In a lengthy decision, the State Court excoriated plaintiff and his attorneys, but also scolded defendant for her deceptive tactics.  The Court precluded the use of the emails in the litigation, but because both parties engaged in deceitful conduct, refused to issue any further sanctions.

In Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, 759 F. Supp. 2d 417 (S.D.N.Y. 2010), plaintiffs sued two former employees for establishing a competing business while still employed and stealing proprietary business information.  While still employed with plaintiffs, the former employee accessed her personal email accounts and her newly created email account for the competing business from plaintiffs’ office, leaving the login credentials stored on plaintiffs’ server.  Defendants claimed that plaintiffs accessed and printed e-mails concerning the new competing business and unrelated personal issues.  The Federal Court precluded the use of the hacked emails in the litigation.  The Court also held that the plaintiffs violated the Stored Communications Act, which makes actionable (i) intentional access of an email account (ii) without authorization or in excess of authorization, and imposed a $4,000 statutory penalty comprised of a $1,000 fine for each unauthorized access of the email accounts.  The Court reserved decision on further sanctions, including payment of defendants’ legal fees, until making a determination at trial as to which of the plaintiffs stole the emails.

In Iris Mediaworks, Ltd. v. Vasisht, 2017 NY Slip Op 31145(U) (Sup. Ct. N.Y. Co. May 26, 2017), plaintiff sued defendants for using plaintiff’s trade secrets and resources to establish a competing business while trying to drive plaintiff out of business.  After retaining a computer forensics expert and conducting an investigation, including subpoenas to Google, plaintiff claimed that, around the time plaintiff commenced suit, defendant hacked plaintiff’s business email account and secretly auto-forwarded plaintiff’s emails over a 1.5 year period, specifically targeting confidential communications with plaintiff’s attorney.  The State Court, in its recent decision, held the hacking was “an egregious act” and defendant showed a “disregard for the judicial process.”  The Court granted the extraordinary relief of striking defendant’s answer to the complaint.  The sanction serves as an admission of liability by defendant, leaving only the amount of damages for trial.