Cyber Security: Are companies liable for data collected by hackers?
A cyberattack occurs every 39 seconds. According to Forbes, 3,813 data breaches exposed 4.1 billion records within the first six months of 2019. In fact, three breaches in 2019 are among the 10 largest breaches of all time. Most of the time, data breaches consist of email and passwords.
Over the last 25 years, cybersecurity has become a global business and top concern for businesses and consumers. As cyberattacks become more frequent, consumers worry about their information, credit cards and even bank information being stolen by criminals. Even private pictures or profiles on adult websites are vulnerable. This type of information can be used to blackmail those who use them.
Why do cybersecurity attacks occur?
Every business, branch of government, hospitals, politician, or even individual person is a potential target of a cyber attack. However, 95% of breached records came from only three industries, government, retail and technology. These industries are popular targets because they have the most personal identifying information on record.
Generally, cyber-attacks occur because criminals want:
- Business financial records
- Customer financial details such as bank accounts numbers and credit card data
- Sensitive personal data
- Customer or staff email addresses and login credentials
- Client lists
- IT infrastructure
- IT services
- Intellectual property
How do hackers steal data?
Hackers want to generate profit. Generally, they make their money by stealing your private information and selling it to other criminals who will then use your information for their personal gain. The most common ways hackers gain access to your private information is through the following ways:
A trojan is a seemingly helpful program that tricks the computer user into opening it. However, once opened, the horse will deliver an unexpected attack on the user’s computer.
This is the highest level of access and most desired by serious hackers. This level of access gives them complete control over the system.
If a hacker is able to insert malicious data packets right into an actual data transmission over an internet connection, they can gain access to sensitive information.
Who is at risk of a cyberattack?
Most hackers don’t focus on specific industries and instead focus on finding vulnerabilities. Still, researchers have noted there are several industries that will be most at risk in the coming years.
- Small businesses. Big names will likely continue to grab headlines for data breaches, however, hackers also target small businesses. According to the technology consulting firm Kelser Corporation, hackers target small and medium businesses 65% of the time.
- Healthcare. Your medical records are a gold mine of personal information. In fact, health information is some of the most valuable data on the dark web. The information found in your medical records can be used to commit insurance fraud. Additionally, the industry is still transitioning from paper to digital records.
- Higher education. Another mecca of personal data is the college industry. The archetype of the broke college student doesn’t deter hackers from wanting the social security numbers, addresses and passwords to loan and bank information. It’s for this reason that attacks on colleges and universities are becoming more prevalent.
Many businesses make the mistake of assuming that they are too small for a hack. As a result, many of these businesses have less guarded data storage. Notably, all data is valuable to bad actors. It’s important for businesses of all sizes to take the threat of a data breach seriously.
Individuals aren’t safe either. Phishing is when a criminal sends a fake email that can easily be mistaken for a legitimate email. These emails are intended to steal information directly from you. Generally, phishing attempts want to gather confidential information like passwords and bank account details. These emails contain three red flags. First, the email will appear to come from legitimate sources such as a friend or a business you have an account with. However, the email address will come from an odd email. Second, the email will say there is some sort of emergency that needs to be addressed immediately. Third, the email will contain a link that will require you to input information such as login credentials, credit card information, etc.
The Equifax Breach
The Equifax data breach is the largest in American history and is the result of one person not doing their job. Equifax is one of the three main credit reporting agencies. It houses important information such as social security numbers, addresses, driver’s license information, birth dates and credit card information. In 2017, the company’s database was breached—exposing the personal identifying information of over 148 million Americans. This breach created incredible identity theft concerns for nearly half of all adults in the country.
Hackers were able to exploit a vulnerability in the company’s Apache’s Struts software. According to former CEO Richard Smith, a patch to address the vulnerability was available for months before the breach occurred.
The Equifax class-action lawsuit
In November 2017, two months after the Equifax breach, plaintiffs filed a class-action lawsuit against the company. The lawsuit claimed Equifax failed to protect consumer information. Eventually, the company reached a settlement, agreeing to pay at least $380.5 million to resolve a class action that resulted from the 2017 breach.
There is a website dedicated to those wishing to take part in the Equifax settlement. First, you will enter information to verify your information was part of the breach. If confirmed, you will need to enter more information to file a claim. Victims of the breach can choose between $125 or credit monitoring for the next 10 years.
Can I hold a company liable for a data breach?
Businesses have a responsibility to protect customer data stored within their system. For this reason, a business can be held liable for data breaches when they occur under certain situations. For example, if a business stores the information in a way that was easily hacked or unprotected in some way.
Companies can also face potential issues for employee misconduct with private information. Employee misconduct includes the following:
- Sharing or sending private information
- Improper destruction of data
- Did not adhere to necessary and appropriate protocols of security
In other cases, companies can be held liable if they did not take appropriate action to remedy the issue after a weakness was revealed by an employee.
The Carlson Law Firm Cares
The internet has made the world smaller, however, it has also made our personal information more vulnerable. Taking advantage of the convenience the world wide web provides shouldn’t put your identity in danger. Unfortunately, criminals lurk in the darkest corners of the internet ready to take advantage of vulnerable security systems. Companies have a responsibility to protect customer information. When that doesn’t occur, you may be able to hold the company liable. Consider talking to a Consumer Protection Attorney to examine your legal options or remedies.
- Written by Kazia Conway