What is a “Data Breach”?
Data breach refers to the release of data from a system without the knowledge or consent of its owner. Common examples of data breaches include hackers accessing a business’ systems to steal information; an employee or ex-employee stealing customer information; or the theft of computer devices (like laptops or USB drives) with consumer information on them. Generally, hackers or thieves are looking for personally identifiable information (PII), financial information, and/or customer data.
1. Personally Identifiable Information: Any data that could potentially identify a specific individual, or that could be used for de-anonymizing data.
Examples: Name, Address, Social Security Number, biometric information, medical information, passport numbers, driver’s license numbers.
2. Financial Information
Examples: Credit card numbers, bank account numbers, paypal credentials.
3. Customer data:
Examples: Login information (username/passwords); tracking data; usage data. Examples of businesses which have failed to secure consumer data and therefore been held responsible for data breach incidents include: insurance companies; medical providers; retail stores; credit bureaus, social networking sites, and employers.
Notification of a Breach
Forty-Eight states*, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have a law which requires some form of notification to consumers when a business has a data breach which affects consumers. Only
A business which fails to notify customers as required by law may be subject to liability to those customers.
The Risks for Consumers
Both Private Health Information and Personal Identify information is highly coveted and a frequent target of hackers. This information is targeted not only for identity theft purposes, but also for committing health care fraud, obtaining medical services under another’s insurance. As
the FTC recognizes once identity thieves have personal information, “they can drain your bank account, run up your credit cards, open new utility accounts, or get medical treatment on your health insurance.” Further, as of 2013 a Javelin Strategy Study found “In 2013, data breaches became more damaging, with one in three people who received a data breach notification letter becoming an identity fraud victim.”
In order to avoid or limit such problems it is necessary for consumers to regularly monitor their accounts for suspicious activity and credit reports for fraudulently opened accounts as well as regularly review any explanations of benefits (EOBs) received from insurers. Further, customers may need to cancel credit cards, close bank accounts, and pay out of pocket for fraudulently charged items or medical services. Some consumers may also enroll in identity theft protection services at a monthly fee.
If Your Data has been Compromised in a Data Breach
If your personal information has been compromised in a data breach, and you’d like to discuss your rights a lawyer who specializes in data breaches and privacy issues may
be able to help. Our attorneys have represented individuals in data breaches against some of the largest corporations in the country.
*As of the writing of this post, the 2 states without such laws are Alabama and South Dakota.