Study finds many turn to lawsuits following a data breach

Share this article:

More than half of American consumers would sue a company that loses its personal information, according to a survey released Wednesday by IT firm Unisys.

The twice-a-year Unisys Security Index, which polled 1,000 Americans on information security concerns, found that 53 percent would take legal action in the event of a data breach. Another 87 percent would change their passwords, and 76 percent would close their accounts.

Legal complaints against breached firms seem more common now than ever, especially when the defendants are organizations with which the claimant has no close relationship. For example, the U.S. Department of Defense recently was hit with a $4.9 billion class-action lawsuit stemming from the breach of computer backup tapes containing the personal information of nearly five million current and former U.S. soldiers.

"The larger the breach, the larger the possibility that some legal action would follow," lawyer Brendon Tavelli, an associate at Washington, D.C.-based Proskauer, told on Wednesday. "There's not that personal connection with the company. They're just consumers, in the broadest sense of the term."

Still, the likelihood of a courtroom victory is unlikely for consumers, unless they are able to show that the breach personally led to damages, such as non-reimbursed credit card fraud charges.

"So far, they've been notoriously unsuccessful," said Tavelli, whose firm successfully defended Bank of New York Mellon several years ago following the loss of a backup tape containing the personal data of millions. "Most of the case tort laws require you to suffer some type of harm."

But legal sentiment may be changing, if a recent court ruling is any indication. An appeals court in Boston last month ruled that a lawsuit could continue against grocery chain Hannaford Bros., which was compromised of more than four million credit and debit card numbers in late 2007. A three-judge panel ruled that fees paid by consumers for identity theft insurance and new cards, taken as a proactive measure following the breach, could constitute as financial damages.

The decision by the 1st U.S. Circuit Court of Appeals reversed a lower court's ruling and could pave the way for similar judgments. Experts said they are not familiar with any other example in which a federal appeals court allowed such a case to proceed.

"It was only a matter of time before someone would demonstrate harm to get over the lack-of-damages hurdle," Tavelli said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Florida Supreme Court rules warrants a must for real-time cell location tracking

Florida Supreme Court rules warrants a must for ...

The Florida Supreme Court put the kibosh on warrantless real-time tracking using location data obtained from cell phone providers.

Modular malware for OS X includes backdoor, keylogger components

Modular malware for OS X includes backdoor, keylogger ...

The modular malware was named "Ventir," by researchers at Kaspersky.

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.