One year has gone by since you submitted your Memorandum to the Board of Directors, and Laguna Production's revenue streams are up. A New York office has been opened. Up to this point, despite not having made the recommended $1-million-dollar expenditure to shore-up its cyber security, Laguna Productions has not incurred any attempted cyber security intrusions.

However, due to the publicized success of Laguna Productions, a hacking group, known as the NY Rebels, took over the network system of Laguna Productions and the personal identifying information (PII) of all the employees, customers, and financial investors has been stolen and posted online. The number of impacted individuals is estimated to be near 10,000. PII stolen has been transferred over one million times on the dark web within 24 hours since the attack. The CEO and Board are in a panic as to what the company's liability will be.

Identify what common law theories of liability might be brought by the victims of the hack against Laguna Productions.

Describe what statutory liabilities might exist under California and New York state laws.

Suggest ethical actions that Laguna Productions can take to mitigate any harm endured by the victims of the hack.

Recommend how the company should address the problem and how it plans to rectify the PII being stolen in the future.