A federal appeals court has ruled in favor of victims of the 2007 Hannaford data breach. Some of you, especially those living in Maine, may remember news breaking of a data breach that reported; malware installed on Hannaford Brothers servers in 300 stores was able to capture credit card data as it was sent to processing centers, allowing thieves to steal credit card data each time a purchase was made. In the end it was reported that over 4.2 million credit card numbers were stolen before the malware was located and removed, with over 1800 cards receiving unauthorized charges within a month of the breach being discovered.
Flash forward a few years to the present and a federal appeals court has laid down a ruling in a lawsuit that resulted from the breach. The ruling sets a new precedent in regard to the responsibility that companies have when data breaches occur, essentially redefining what it means to be a victim in situations like this and ensuring that companies have to take responsibility for the costs that customers and users encounter as a result of insufficient company security.
The way it currently stands, it often appears as though companies downplay the risk to those people whose personal info was compromised. In fact, all too often they are all too quick to pronounce --"there is no indication that any compromised data was used to commit an id theft or credit card fraud". In some cases, victims of a data breach receive no notification at all that some of their personal information may have been stolen.
The new ruling makes it clear that just because someone wasn't an immediate victim of fraud doesn't mean that they weren't victimized by the hacker who breached the system. Even those who didn't suffer fraud still have a right to know that their data might have been exposed so that they can take appropriate precautions.
As a result of this ruling, companies may start paying more attention to the actual risk that all of their customers face in the aftermath of a data breach instead of focusing just on the portion of their customer base that faces the greatest risk. Those companies who put forth the effort to inform all of the customers affected and inform them of the risks associated with the data breach will have significantly more protection against class action lawsuits than those who contacted only a portion of their customers and issued a generic notice about the breach to inform everyone else.
More importantly, however, this ruling establishes a precedent by which consumers can strike back against companies that don't take appropriate measures to keep their information safe and minimize the risk or balk at taking responsibility for the breach afterward.
Since major data breaches and digital theft are still relatively new crimes legally speaking, establishing the right of consumers to sue for data breaches and win in court is a major stepping stone. Hopefully this will help pave the way to companies having to take even greater responsibility in keeping consumer information safe, resulting in an increase in digital security among those websites and businesses who seem to think that they're somehow immune to the threat of data breaches and digital theft.
Flash forward a few years to the present and a federal appeals court has laid down a ruling in a lawsuit that resulted from the breach. The ruling sets a new precedent in regard to the responsibility that companies have when data breaches occur, essentially redefining what it means to be a victim in situations like this and ensuring that companies have to take responsibility for the costs that customers and users encounter as a result of insufficient company security.
The way it currently stands, it often appears as though companies downplay the risk to those people whose personal info was compromised. In fact, all too often they are all too quick to pronounce --"there is no indication that any compromised data was used to commit an id theft or credit card fraud". In some cases, victims of a data breach receive no notification at all that some of their personal information may have been stolen.
The new ruling makes it clear that just because someone wasn't an immediate victim of fraud doesn't mean that they weren't victimized by the hacker who breached the system. Even those who didn't suffer fraud still have a right to know that their data might have been exposed so that they can take appropriate precautions.
As a result of this ruling, companies may start paying more attention to the actual risk that all of their customers face in the aftermath of a data breach instead of focusing just on the portion of their customer base that faces the greatest risk. Those companies who put forth the effort to inform all of the customers affected and inform them of the risks associated with the data breach will have significantly more protection against class action lawsuits than those who contacted only a portion of their customers and issued a generic notice about the breach to inform everyone else.
More importantly, however, this ruling establishes a precedent by which consumers can strike back against companies that don't take appropriate measures to keep their information safe and minimize the risk or balk at taking responsibility for the breach afterward.
Since major data breaches and digital theft are still relatively new crimes legally speaking, establishing the right of consumers to sue for data breaches and win in court is a major stepping stone. Hopefully this will help pave the way to companies having to take even greater responsibility in keeping consumer information safe, resulting in an increase in digital security among those websites and businesses who seem to think that they're somehow immune to the threat of data breaches and digital theft.
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment