23. | Any administrative, regulatory, judicial, civil or criminal, actions orders, decrees, suits, demands, demand letters, directives, claims, liens, investigations, proceedings or notices of noncompliance, violation or breaches alleging potential responsibility, liability, loss or damage (including potential responsibility or liability for costs of enforcement, investigation, cleanup, governmental response, removal or remediation, property damage or penalties, or for contribution, indemnification, cost recovery, compensation or injunctive relief), whether alleged or claimed by customers, consumers, regulators, shareholders or others, arising out of, based on or related to: (a) cyber security, cyber attacks, data loss or breaches, unauthorized access to information, data, or databases (including but not limited to any personally identifiable information or private health information) and use or disclosure of information contained therein, not preventing or detecting the breach or failing to otherwise disclose or respond to the breach; (b) circumstances forming the basis of any violation of any law, permit, license, registration or other authorization required under applicable law governing data security, data protection, network security, information systems, privacy or any cyber environment (including, users, networks, devices, software, processes, information systems, databases, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks); (c) failure to implement a reporting system or control, or failure to monitor or oversee the operation of such a system; (d) data destruction, extortion, theft, hacking, and denial of service attacks; losses or liabilities to others caused by errors and omissions, failure to safeguard data or defamation; or (e) security-audit, post-incident public relations and investigative expenses, criminal reward funds, data breach/privacy crisis management (including, management of an incident, investigation, remediation, data subject notification, call management, credit checking for data subjects, legal costs, court attendance and regulatory fines), extortion liability (including, losses due to a threat of extortion, professional fees related to dealing with the extortion), or network security liability (including, losses as a result of denial of access, costs related to data on third-parties and costs related to the theft of data on third-party systems). |