Data Breach Overview
The term data breach refers to any event in which an unauthorized party gains access to information stored on a computer or server.
While it is not uncommon for a hacker to do this to individual computers, laptops and smartphones, the biggest data breaches happen at large corporations — particularly those that do business with the general public. These company databases are a tempting target for hackers because they contain consumer information such as names, addresses, credit card, and bank account numbers, and often social security numbers as well — all the data necessary for identity thieves to successfully carry out their nefarious schemes and carry out fraudulent activities.
According to the Identity Theft Resource Center, there were nearly 1600 major data breaches in the US in 2017 – up almost 45 percent from the previous year.
Even though software engineers continually develop stronger security protocols, it seems that they are always barely a step ahead of cyber hackers, who may work on-site and have direct access to computer databases, or from remote locations — even overseas.
How a Data Breach is Carried Out
A cyber attack is not unlike planning a battle in conventional warfare. The first step is reconnaissance or research: the hacker(s) look for any possible vulnerability in a company IT network, including the operating systems and even among personnel.
The actual attack uses one of two tactics: either it focuses on the network infrastructure itself, going for holes in the software and/or operating system, or it is a social attack. The latter involves deception; the hackers use “phishing” techniques in order to trick employees or other victims into giving away passwords or other login information. Often, this is in the form of an email that comes with an attachment containing a piece of malicious software.
The cyber hacker(s) declare victory when they gain access to the database and are able to extract the desired information.
Legal Issues
While the company is the first casualty of a data breach, it can also be liable to the individuals whose sensitive information is exposed.
Federal and state statutes do not impose strict liability upon corporate entities for a data breach. However, there are two situations in which a company can be held legally responsible. One is if the company was negligent and failed to take reasonable steps to protect consumer data (i.e., reasonable protocols were not in place). Civil liability can also arise if the company took all proper actions up to the time the data breach occurred but then failed to immediately take steps to mitigate the damage.
Data Breach Lawsuits
While successfully suing a company for data breach is not always easy, there have been a number of high-profile cases in recent years in which major corporations have been ordered to pay sizable judgments.
In April of 2019, Yahoo, Inc. offered to pay $117.5 million to settle a class action lawsuit over data breaches that occurred between 2013 and 2017.ย Plaintiffs claimed that Yahoo failed to plug the data leaks once they were discovered.
At the same time, Washington State University settled a data breach lawsuit for $4.7 million.
Most recently, AMCA, a medical debt collector, reportedly filed for Chapter 11 bankruptcy protection in the face of dozens of lawsuits over a data breach that affected 20 million people.
20 thoughts onData Breach
Add me please
Add me to the mr cooper data breach I had Mr cooper as my mortgage company until they sold my loan in sept2023
When a insurance agent takes your information and email to another company, w/o your permission is this considered a data breach?
ADD ME
Add me please I was affected by this