Corporate Third Party Liability for Getting Hacked
It seems that at least a few times per year, there is some major hack of a major corporation. This month, the big hack involved the massive credit reporting agency, Equifax, which is quite frightening given the nature of the information the company processes.
The Equifax hackers made off with over 140 million American's information, including their names, birthdates, addresses, social security numbers, and potentially some driver license numbers. A smaller group, numbering in the hundreds of thousands, also had credit card information and documents stolen as well.
While no company wants to be hacked, not having up-to-date cybersecurity can be an invitation to hackers.
Getting hacked is becoming regarded as a cost of doing business. In fact, corporate insurers offer policies to mitigate the risk. However, insurance alone will not protect a company from damages related to a hack, and sometimes insurance companies may not want to cover a hack at all.
Apart from the loss of consumer confidence and goodwill, which can be devastating, getting hacked can lead to individual and class action lawsuits. Fortunately, proving that individual claims were caused by your company's hack is no simple task. Nevertheless, class claims and state actions can lead to large, seemingly punitive, statutory and compensatory damages.
Don't Trick or Lie to Affected Consumers
An important lesson any company can learn from the recent Equifax hack is to not attempt to dupe consumers into giving up rights. Controversy erupted after the website that identified whether an individual's information was part of the hack and provided free monitoring services, required people to submit their claims to arbitration. Although Equifax quickly cleared up the controversy and explained that the arbitration clause only applied to the free monitoring services and not claims related to the hack, this sort of negative press could have been avoided by making the arbitration clause clearer for consumers.
- Alabamans File Class Action for Patient Data Hack (FindLaw's US Eleventh Circuit Blog)
- Who Will Be Responsible in Our Driverless Car Future? (FindLaw's Technologist)
- How Much Immunity Is Provided by CDA Section 230? (FindLaw's Technologist)