Which of the following steps should a data breach victim take?
Consumers entrust credit rating agencies and companies that conduct their business online with significant amounts of sensitive personal information, like Social Security numbers or credit and debit card information. This data could prove valuable for cyberthieves.
Cyberattacks against entities that collect sensitive information from consumers have become increasingly common. When personal data falls into hackers’ hands, consumers have turned to the courts to bring claims against parties that failed to keep that information safe. Courts have held the entities accountable for large payouts.
One recent high-profile example is credit reporting bureau Equifax’s 2017 announcement that hackers were able to break into its databases and sift through the personal information of some 147 million consumers, potentially accessing their home addresses, phone numbers, and dates of birth.
In January 2020, a federal judge approved a settlement between the Federal Trade Commission (FTC) and Equifax in which the ratings agency agreed to establish a $425 million fund intended to help consumers who may have fallen victim to fraud or identity theft over the course of the breach.
U.S. District Judge Thomas Thrash of the Northern District of Georgia called the unprecedented settlement “the largest and most comprehensive recovery in a data breach in U.S. history by several orders of magnitude.”
As part of the settlement, all Equifax customers in the United States customers are also entitled to seven free credit checks by the bureau each year.
In another recent case, an Illinois woman filed a class-action petition in state court in which she alleges data that jewelry and fashion accessories chain Claire’s failed to secure customers’ personal data from April 7, 2020 to June 12, 2020.
Claire’s stalled for almost a full month after discovering the breach before making it known to consumers, the plaintiff alleges.
Consumers are moving more of their lives online and should always be cautious when they agree to hand over sensitive information.
But when that data falls into the wrong hands, the companies and agencies that failed to secure them could be held financially responsible under federal and state law -- and Consumer Attorneys are here to help.
KEEPING DATA SAFE
Consumers who have fallen victim to a data breach may seek to file individual lawsuits against the companies that failed to safeguard their information, or pursue class-action proceedings.
Data-breach lawsuit plaintiffs have often relied on state law claims against entities for failing to protect their information, such as negligence, breach of contract or deceptive trade practices.
Plaintiffs may seek damages for financial losses as the result of a breach, as well as negative hits on their credit reports, time and costs related to researching the source of the problem, and even emotional distress.
Additionally, the vast majority of states have laws on the books requiring that companies notify consumers when they have experienced a data breach.
In 2020, California’s first-in-the-nation Consumer Privacy Act went into effect, making it the first state to allow data-breach victims to pursue statutory damages of up to $750 per incident. Under California’s law, consumers are not required to prove that they were actually harmed by a breach.
Consumer Attorneys are here to work for individuals whose personal information may have become compromised through a data breach.