Cyber Consulting Firms Get Tied Up in Post-Breach Lawsuits

Cybersecurity consultants could be on the hook for data breaches at companies they contract with after two recent court rulings in consumer class actions.

Accenture Plc’s U.S. unit in October failed to escape claims made against the consultant in a consumer lawsuit over a hack of Marriott International Inc.'s hotel reservations database. The decision came after Capital One Financial Corp. was forced to turn over cybersecurity firm Mandiant’s report on a cloud hack in another case.

The cases raise questions about whether a consultant’s work should be considered fair game for class action lawyers gathering evidence on a cyber incident ...