Last month, the Sixth Circuit Court of Appeals addressed the issues arising out of the preservation of computer data essential to a verdict under the Computer Fraud and Abuse Act (CFAA). The Plaintiffs had secured a verdict against EquipmentFacts, LLC, after the latter company hacked the plaintiffs' computer system to fraudulently bid on construction equipment. The companies had recently endured an acrimonious "falling out" after five years of doing business together. The jury found that the defendant had utilized its knowledge of the Plaintiff's computer system to disrupt the Plaintiff's on-line auction. EFacts appealed, arguing that the Plaintiff's failure to preserve the hardware and software related to the auction should have precluded it from testifying to its identification of the defendant as the perpetrator. It also argued that the Plaintiff had suffered no "damages" as defined by the CFAA.
The Court ruled that there was sufficient evidence to support the Plaintiff's identification of the Defendant as the computer hacker. It ruled that Defendant's speculative argument that access to the system would have allowed it to disprove the identification was insufficient to discard the Plaintiff's evidence as a spoliation sanction. The Court also held that the Plaintiff did not need to prove a catastrophic failure, or that the Plaintiff's electronic auction system was "overwhelmed," in order to meet the property damage requirement of the CFAA. Both the lost auction opportunities and the Plaintiff's staff time in searching out the Defendant's fraudulent activities were legitimate CFAA damages.