Data Breach? You WILL Be Sued...

describe the imageIt's almost 10 years ago that the first big data breach happened. That was data broker ChoicePoint and 160,000 consumer records were stolen. Dan Kaplan at SC Magazine had a long article about the legal ramifications of a data breach, and one thing caught my eye that you should be aware of.

He quotes a lawyer saying: "I think it's an arguable virtual certainty that you're going to be breached," said Jason Weinstein, a Washington, D.C.-based partner at Steptoe & Johnson law firm, which represents corporate clients, in a recent interview with "And if you're breached, it's an absolute certainty you're going to get sued."

I have been keeping an eye on the bar these last few decades. The first big class action lawsuits were asbestos. Next came tobacco as a major "source of revenue" for lawyers. At the moment, pharmaceutical companies are targeted for literally billions of dollars related to antidepressants but in my humble opinion, the future of class action money for lawyers are data breaches.

Edmund Normand, a civil trial lawyer based in Florida who currently is involved in about a half-dozen lawsuits filed on behalf of data breach victims, said he's finding that state and federal courts are recognizing the potential fallout that could result from breaches and are calling on organizations to step up their protections.

"Now, more than ever, the damage from these data breaches is astounding and limitless," Normand told "And it may not happen today, but you're at risk to worldwide exploitation over decades." Seeing that stolen data is bought and sold in a flourishing underground economy makes his statement quite relevant.

Lawyers at this moment are suing for a variety of issues. Not to say all of the cases will be successful in court, either through settlements or outright wins, but "plaintiff's attorneys are remaining steadfast in their attempt to establish working theories of liability and carve out new ground for legal standing."

What that means for your organization is that complying with various regulations (like PCI) is becoming a very high priority. Here is a whitepaper written by a lawyer who is also CISA, CISSP, CIPP, ISSMP, and CRISC that will help you understand better why having an effective security awareness program can prevent a significant amount of legal fees:




Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews