Consumer Remedies for Data Breaches

Personal Injury Lawyer Brookhaven, GA

Rarely does a week pass without news of another data breach. Hackers have stolen credit card numbers by breaking into databases maintained by retailers. They have stolen social security numbers and other personally identifying information by breaking into databases maintained by health insurance companies. They have stolen private information about individuals from financial institutions, credit reporting bureaus, social media sites, government agencies, eBay, Uber, Dropbox, Delta Airlines, Snapchat, and countless other online entities.

A data breach occurs when a hacker breaks into a database and gains access to private information. While the news is filled with election-related data breaches, consumers are personally affected by data breaches that expose them to financial losses or invasions of privacy. Data breaches that commonly affect consumers include the theft of:

  • Credit and debit card numbers
  • Checking and saving account numbers
  • Website login credentials
  • Social security numbers
  • Driver’s license numbers
  • Dates of birth, addresses, and other personally identifying information
  • Medical records
  • Browsing histories
  • Financial statements
  • Employment records
  • Military records
  • Email addresses

Data thieves use stolen information to make credit card purchases, to siphon money from bank accounts, and to impersonate consumers in order to open charge accounts. Data thieves also use stolen information to target consumers with fraudulent offers and spam advertising.

Recent Data Breaches

Half of all U.S. retailers have suffered data breaches in the last two years. In some cases, hackers stole credit card numbers and/or personally identifying information. Examples of recent retail data breaches include:

  • Macy’s
  • Bloomingdale’s
  • Sears
  • Best Buy
  • Saks Fifth Avenue
  • Lord & Taylor
  • Forever 21
  • Gamestop

Restaurants that have been hacked during the last two years include:

  • Arby’s
  • Sonic
  • Panera Bread
  • Chili’s

Other notable data breaches in 2018 include:

  • Ticketmaster
  • ComplyRight (an HR firm that processes W2 and other employee forms)
  • Boys Town National Research Hospital
  • Metro Public Health in Nashville (thousands of HIV records stolen)
  • Algonquin College
  • Timehop (an app that stores users’ “memories”)

While the amount of confidential information that is compromised every year by data breaches is staggering, the true scope of the problem is unknown. Too many companies conceal facts about data breaches and are often slow to notify affected consumers, if they make any notification at all.

Accountability for Data Breaches

About 25% of all data breaches result from human error rather than criminal activity. When hackers steal information, investigations usually reveal that the business could have prevented the breach but failed to undertake basic security measures to protect their customers’ data.

While no federal law yet requires businesses to notify customers who may be affected by a data breach, some states have required notification as part of their consumer protection laws. In addition, the failure to notify a consumer of a known breach may constitute negligent or fraudulent behavior for which a business can be held liable.

Other laws that address the data breach problem include:

  • The Family Educational Rights and Privacy Act (protects the privacy of student records).
  • The Fair and Accurate Credit Transactions Act (requires credit reporting bureaus to notify consumers of suspected fraud and to provide consumers with a free annual credit report upon request).
  • Banking regulations involving cybersecurity.
  • Federal privacy laws that regulate federal agencies
  • State laws governing the confidentiality of medical records

Lawsuits for data breaches are typically based on the theory that a company was negligent in maintaining the privacy of its customers. Other legal theories that might be raised depend on the nature of the breach and the kind of data that was compromised.

Consumer Harms Caused by Data Breaches

Even if consumers know that their private data has been compromised, they do not always know whether it has been misused. If an unauthorized credit card charge occurs shortly after a customer is notified of a data breach, the link may be obvious. However, if identity theft occurs because of a data breach, it may be more difficult to trace the harm caused by an identity impersonator to a specific breach.

Courts are beginning to evolve theories that give a remedy to consumers who were exposed to a data breach, even if they cannot prove that their data was misused. Consumers are typically required to expend time and resources after learning of a data breach. They may need to cancel credit cards, to check credit reports, or to change login credentials. Those are tangible harms that deserve compensation. Some courts are also recognizing that intangible harms, like exposure to risk and anxiety, also deserve compensation.

If you have been notified that you are the victim of a data breach, you may be entitled to a remedy. Even if you do not know whether you have experienced financial harm because of a breach, obtaining legal advice from a skilled attorney, like a personal injury lawyer Brookhaven, GA trusts, will help you understand whether you have the right to pursue compensation.

Thanks to our friends and contributors from Butler Law Firm for their insight into consumer remedies for data breaches.