Data security breaches—no industry is immune. These hackers can phish, spoof, skim, packet sniff, and key log their way into your system. Once a hacker successfully hacks into a corporation’s server, the breach will go undetected for more than two weeks over eighty percent of the time. Even one breach can have disastrous consequences and cost companies hundreds of thousands of dollars.
While individuals used to have difficulty successfully asserting a claim against corporations for breaches, times are rapidly changing. More claims are successfully being asserted by individuals against corporations for harm that resulted from data breaches, including a recent wave of class actions. Lowe v. CVS Pharmacy, Inc., No. 1:14-cv-3687 (N.D. Ill. filed May 20, 2014); Bush v. Mercedez-Benz Fin. Servs., LLC, 2:14-cv-03868 (C.D. Cal. filed May 19, 2014); Kirk v. Target Corp., No. CV-13-5885 (N.D. Cal. filed Dec. 19, 2013); Resnick v. AvMed, Inc., 693 F.3d 1317 (11th Cir. 2012); Claridge v. RockYou, 785 F. Supp. 2d 855 (N.D. Cal. 2011).
Shareholder derivative suits for claims of breach of fiduciary duty, waste of corporate assets, and unjust enrichment are also starting to be seen. See Palkon v. Wyndham Worldwide Corp., 2:14-cv-01234 (D.N.J. May 2, 2014). In addition to individual, class action, and shareholder suits, the FTC is also beginning to take action against corporations. The FTC recently filed suit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries for alleged data security failures. F.T.C. v. Wyndham Worldwide Corp., No. 13-1887(ES), 2014 WL 1349019 (D.N.J. Apr. 7. 2014).
The best offense to these claims is a good defense. Companies should take all steps necessary to safeguard data and ensure that processes are in place to begin immediate reparative action should such a breach occur.