Originally Published in Insurance Law360.
In the first seven months of 2011, a number of companies and institutions have reported large-scale data breaches. The causes of the breaches range from misplacement of data by employees to malicious hacking by organized hacker groups.
Direct and indirect victims of these attacks include many well-known names. In February, Nasdaq reported that its confidential data sharing service had been compromised. In March, the security firm RSA revealed that data related to its popular SecurID token technology had been stolen in a cyberattack. In April, Epsilon, the world’s largest email marketing provider, reported that data on customers of 50 retailers, including US Bank, JP Morgan Chase, Capital One, Citi, the Home Shopping Network, Best Buy, Target, and Verizon, was exposed to an unauthorized entry into Epsilon’s email system. Also in April, the Office of the Texas Comptroller realized that it had inadvertently disclosed the Social Security numbers of 3.5 million people. In May, Citigroup reported that hackers had obtained information on over 360,000 credit card accounts. In June, a programming bug that left cloud service provider Dropbox’s 25 million user accounts accessible with any password sparked a class action lawsuit over potential personal information exposure. In July, the Pentagon revealed that it had suffered massive losses of sensitive data after a cyber attack by a foreign government. Perhaps drawing the most media attention, Sony fell victim to what has been called the largest data breach ever, affecting nearly 77 million users of Sony’s Playstation and Qriocity services by an organized group of hackers. These serial breaches have led some commentators to appropriately nickname 2011 “The Year of the Breach.”
Please see full publication below for more information.