Washington, DCThe $10 million preliminary settlement announced last week in the 2013 Target data breach, together with preceding settlements tied to prior data breaches affecting other retailers and organizations, signals corporate America’s willingness to settle in view of continuing thefts of and threats to a consumer’s personal information.
And while individual settlements can differ - for example, in the most recent settlement consumers have to show they were harmed in some way - the message continues to be that consumers hold corporations accountable for putting adequate protections in place, and are more than willing to litigate when those protections prove woefully inadequate.
It’s a serious issue, given the potential harms that can be associated with identity theft.
There is little doubt that online business and commerce is here to stay. And not just retail, but also the banking and health care industries have moved to electronic records accessible via secure connections. The sharing of health records and other patient data amongst physicians and other health care professionals increases efficiency.
In 2013, the Pew Research Center determined that 51 percent of Americans do their banking online now. While that’s barely the majority, that was also two years ago. It can be presumed that figure is higher today.
And more Americans than ever are shopping online, preferring to bypass the crowds inherent with, say, Christmas shopping, Black Friday and Cyber Monday sales, and so on. An increasing number of merchants are offering online specials on merchandise that cannot be found in the aisles of their brick-and-mortar locations.
To shop online, therefore, a consumer provides the retailer with their name, address, credit card number, and so on. For a bank or health care provider, a Social Security number and other personal identification can be involved - stored digitally and properly encrypted, of course.
Or, perhaps not. Americans assume that if a bank, a health care provider or a retailer offers services online, then it should also be presumed that all the necessary safeguards are in place to protect personal information, and keep sensitive data out of the hands of cyber hackers and crooks.
The hackers seem to be a step ahead
Increasingly, this isn’t happening. Part of the problem is that the crooks are outsmarting the professionals tasked with shoring up the security of sensitive data. Somehow, impenetrable firewalls are breached, secure protocols are bypassed and suddenly millions of pieces of sensitive data are stolen.
“Cyber criminals are becoming more sophisticated every day,” said Craig Spiezle, the executive director of Online Trust Alliance (OTA), in an interview with LawyersandSettlements senior writer Brenda Craig recently.
“They gather data like marketing companies do. They collect and append data from multiple sources, and the more information they have about an individual, the more valuable it becomes.”
Hackers often walk right into the system, according to Spiezle, employing “social engineering” to gain access to the company. Having somehow sourced the systems administrator’s e-mail, the cyber crooks then fake an internal e-mail asking the administrator to open certain files.
“They may ask that person to open up a pdf of the current financial plan saying they would like to get some feedback,” notes Spiezle. This, in a nutshell, is social engineering, Spiezle says. “More and more often we are seeing these malicious entries coming from a typical phishing e-mail.”
It seems so simple - that a myriad of checks and balances can be so easily bypassed through the misguided trust in an e-mail that appears legitimate.
Have Americans become too trusting? When we first began banking online or giving up our credit card number to a retailer to order something from a website, it was all so new - and scary. We didn’t trust the Internet.
Now, it seems, we have become desensitized. “Oh, everybody does everything online nowadays,” we hear ourselves saying. “And they make sure all our information is secure.” How often have we “friended” someone on Facebook just because they asked us to, without knowing who they are?
Corporations are increasing security vigilance. But is it enough?
There is little doubt that corporations are doing a much better job at bolstering security than they did in the early days of online retail and commerce.
The problem is that hackers and cyber crooks are doing a much better job too. And it seems, more often than not, the crooks are one step ahead.
To address the growing spate of data breaches and security hacks, President Obama in January proposed a new law designed to quash data breaches and further strengthen security. To that end, a conference organized by the Federal Bureau of Investigation (FBI) and the Secret Service last month brought together information technology specialists from a host of companies and major corporations, at a one-day symposium in New York City.
The strategy is to admit that cyber hackers will never go away. They will continue to challenge even the most secure data protection protocols, motivated either from a quest to steal data or simply from the challenge to penetrate the impenetrable. Thus, according to a report summarizing the meeting in the New York Times (2/13/15), the best way to beat the hackers is to increase and to quicken co-operation with law enforcement.
The suggestion is that companies with personal consumer data that warrants protection develop an ongoing working relationship with law enforcement - rather than attempting to start one after the hack takes place. The idea is that ongoing communication and the sharing (securely, of course) of information before a breach occurs could help prevent that breach - or at the very least, allow for a position of faster response if a breach occurs.
Most agree, however, that the presumed position is not to think in terms of “if” a data breach is attempted, but “when.”
Thus, an ongoing dialogue on the latest hacking trends could help mitigate a breach.
At the end of the day, however, a data breach coupled with the theft of personal and sensitive information is unnerving for the consumer - regardless of whether or not actual harm has been done. Akin to knowing that a stranger has been in your house even though nothing appears to have been taken is a violation of your privacy nonetheless and leaves you feeling unsettled.
And so you hire a security company. It provides you peace of mind. That is, until next time, when the crook either outsmarts the system or someone at the security company headquarters is asleep at the switch.
That’s when the consumer, weary of it all, litigates. Someone has to take responsibility. And if a bank, health care provider or retailer wants your business, they have to assure you that your data is secure. And to do so, they have to be one step ahead of the crooks, instead of the other way around…
If you or a loved one have suffered losses in this case, please click the link below and your complaint will be sent to a financial lawyer who may evaluate your Data Breach claim at no cost or obligation.