Data breaches have unfortunately become a common occurrence. The 2021 Thales Data Threat Report found that 45% of US companies suffered a data breach of some sort in the past year. With more and more shopping happening online, most companies store consumer information in databases. Unfortunately, if a hacker targets these databases and steals your information, your privacy, finances, and peace of mind could be at risk. So how do you recover from a data breach? Read below to find out.
A data breach is defined by the National Association of Attorneys General as any “unlawful and unauthorized acquisition of personal information that could compromise the security, confidentiality, and integrity of personal information.” In these breaches, hackers can steal any information the company has about its customers. This could include your full name, home address, physical address, Social Security Number, and information connected to your taxes, credit cards, or medical information.
Typically, we only hear about large breaches in data because they make the news. However, they can affect companies of all sizes. In fact, according to Verizon’s 2021 Data Breach Investigation Report, 28% of all breaches occur in small businesses.
A breach in data can occur in a variety of ways. While not all breaches are intentional, they all have the potential to be harmful. If breaches happen unintentionally, it is usually because an employee made an error. Sometimes an employee may accidentally send sensitive information to the wrong person, attach an incorrect document to an email, or even leave a physical file where someone else can read it. In these cases, the breach is typically limited to a small number of people, whom the company will then contact. Although this type of breach is smaller, it can still be quite harmful for victims.
Most breaches, however, are done intentionally and maliciously by organized groups of hackers. In these types of breaches, a hacker will purposefully expose the personal information of thousands of customers. Hackers can do this by using malware or code injections to steal information directly from a company’s databases. After they collect the sensitive information of consumers or employees, hackers can sell this information for a high profit on the dark web.
Luckily, there are rules and regulations designed to help provide guidelines for companies if data breaches occur. For example, the The Gramm-Leach-Bliley Act (GLBA) requires financial institutions—any company that offers lines of credit, loans, insurance, or financial or investment advice–to explain their information-sharing practices to their customers and safeguard any sensitive data they may hold. Similarly, the Federal Trade Commission (FTC) Safeguard Rule requires financial institutions to have measures in place to keep customer information secure, and to ensure that their third parties or affiliates also safeguard their customer information. In situations of medical breaches, both the Health Insurance Portability and Accountability Act (HIPAA) and the FTC’s Health Breach Notification Rule requires health-related businesses to notify victims of a breach of unsecured, protected health information.
Additionally, all fifty states and the District of Columbia have created laws that determine how businesses, and the government in some states, should respond to a breach. While each state is slightly different, these laws typically require companies to do the following:
Unfortunately, a private individual cannot sue under most of these state and federal laws above. Instead, the federal or state government holds the businesses accountable.
However, if your information is lost in a breach and you experience fraud from it, there are consumer protection laws that you can file suit under. These laws include the Electronic Funds Transfer Act, which requires Credit Reporting Agencies (CRAs) to investigate claims of fraudulent charges, or the Fair Credit Reporting Act, which requires CRAs to investigate claims of fraudulent activity connected to your credit report.
If you are notified that your information has been leaked in a breach, you need to act fast to protect your security.
Some steps you can take to protect yourself include:
If you experienced fraud as the result of a breach of data, you may be able to seek legal action. Some situations include:
If these situations occur, it may be time to call a lawyer. The Fair Credit Reporting Act (FCRA) and the Electronic Fund Transfer Act (EFTA), could help to hold your banks, credit card companies, the CRAs, and the company that experienced the breach responsible for your loss, but you will need a lawyer that understands the complexities of these laws.
The lawyers at the Financial Justice Initiative are experienced in representing victims of fraud and identity theft, and we are passionate about helping you regain lost finances and peace of mind. Contact us online or at (206)737-0458 for a free case consultation to see how we can help.
