Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions

Cyber & Privacy Liability: Inside Data Breaches


Cyber & Privacy Liability Inside Data BreachesCyber & Privacy Liability: Inside Data Breaches

The national non-profit organization, Identity Theft Resource Center (ITRC), released figures for 2011 indicating that nearly 23 million confidential records were exposed through more than 414 reported security breaches. These figures represent a 44% increase in the number of records exposed, with a 37% decrease in the number of reported incidents in for 2010. While 2011 brought us fewer reported incidents many of the incidents that did occur were large in scale. For example, Sony, Sutter Health, Science Applications International Corporation (a third-party provider for Tricare), Epsilon and the Texas Comptroller’s Office saw some of the biggest data breaches in 2011.

NetDiligence, a cyber risk assessment services firm, took a look at these past data breaches and complied several key issues and trends of which companies should be aware:

  • Delaying notification of a breach can cost a company significantly. For example, in May 2011, lawyers for Honda customers filed a class action lawsuit accusing the automaker of putting 283,000 customers at risk, in part by waiting two months to inform them of a data exposure. The lawsuit seeks 200 million Canadian dollars ($206 million) on behalf of the plaintiffs.
  • The number of privacy violation lawsuits is on the rise, as evidenced by past breaches in 2011 and early 2012. Class-action privacy violation lawsuits have been filed against Apple, Samsung, HTC, Google, Facebook, Amazon, CVS Caremark Corporation, Aaron’s Inc., Michaels Stores, UCLA Health System, Comscore, and Royal Bank of Canada (RBC), to name just a few. Consumers and attorneys are testing the courts to determine whether a monetary value can (and will) be assessed when companies collect, share or retain customer information inappropriately.
  • Hackers are targeting critical infrastructure systems. In January 2011, hackers had attacked computers at an unidentified railway company in the Pacific Northwest, disrupting railway signals for two days in December 2010. In February 2011, perpetrators had repeatedly penetrated the computer network of the company that runs the Nasdaq Stock Exchange. In December 2011, an FBI official confirmed that Supervisory Control and Data Acquisition (SCADA) systems in three cities had been compromised but claimed the attackers had not done any damage.
  • A significant number of financial institutions were victimized in 2011, remaining a favored target. Among those publicly acknowledging breaches were Bank of America, Citigroup, Sovereign Bank and Royal Bank of Scotland (RBS). Hackers and phishers also targeted numerous smaller institutions.

The year 2012 is also on track for major data breaches, according to NetDiligence. Just take a look at some high-profile cases in the last ten months: Global Payments (1.5 million records), Yahoo! (400,000 passwords), Wyndham Hotels (600,000 credit cards), eHarmony (1.5 million passwords), LinkedIn (6.5 million passwords), Zappos (24 million records), Gamigo (3 million records), and the Texas Attorney General’s Office (6.6 million records).

As always, increased awareness and responsiveness about the risk of cyber and privacy liability exposures is critical in minimizing damage.  Understanding the need for privacy insurance and how it works and communicating with an insurer when a breach occurs also facilitates the process in responding to an incident.

Comments

comments

Blogged on: November 29, 2012 by Mike Smith
Error Omissions
Error Omissions
Submit your information below so we can contact you with a FREE quote
[All fields are required.]
Actual Annual Revenue:
Verify:
=
I have read and agreed to theTerms & Conditions
Error Omissions
Error Omissions