Every month it seems there is a new and major data breach. Companies from all areas have been affected, and it seems like it is just a matter of time before your personal information will be discovered and distributed to whoever is willing to pay for it.
Not all data breaches are the same, though. Some are more serious than others. While all of your personal information should be kept private, some data breaches implicate relatively innocuous details like your name and address, others involve financial information like your bank and credit card accounts, and still others include personal details that you have voluntarily divulged on social media.
The lawyers at Gilman & Bedigian recognize that your interests are seriously impaired when your personal information is taken, distributed, and used against your wishes. The threat to your finances can be significant, and the possibility that someone else is making use of important details of your life to your own detriment can be extremely bothersome.
What is a Data Breach?
A data breach is simply the unauthorized access of personal information. Data breaches technically happen all the time – you can look over someone else's shoulder and catch a glimpse of their personal information on a piece of paper or on their cell phone. These moments rarely lead to anything, though, and the type of breadth of information obtained is too trivial or small to sell or use for nefarious reasons.
However, many companies today collect vast amounts of data about their customers, potential customers, and even just random members of the public. Buying something at a department store with a credit or debit card allows both the store and your bank to track what you are buying. Stores use this information to funnel you advertisements targeted to your purchase history and what it says about what you like. Signing up for a customer discount loyalty card lets them track your purchases even more closely, and also gives them access to contact information that they use to notify you of more deals that stand a chance of leading to another purchase.
As more and more companies collect more and more data, though, hackers have learned how lucrative it can be to infiltrate the databases that house this information, copy it, and then sell it to marketing firms, governments, and identity thieves who could use it to their benefit.
Personal Information Implicated in a Data Breach
In order for an unauthorized access to rise to the level of a data breach, though, “personal information” has to be implicated in the incident. Most state laws define “personal information” as your first and last name, plus at least one of the following:
- Social security number
- Your date of birth
- Physical or mailing address
- Website login information, including username and password
- Email login information, including username or email address and password
- Driver's license state and number
- Bank account number, with the associated personal identification number (PIN)
- Credit, debit, or other financial card numbers, along with their associated PIN
- Passport number
- Medical records and information
Some types of personal information are more important or more private than others. Data breaches that implicate things like your address and purchase history might make you worry about your privacy, but little else. Those that implicate data critical to the security of your financial accounts, though, can make you rush to call your bank and change them.
The kinds of information that are implicated in a data breach, then, largely determine how severe it was and how much you will be affected. Data breaches impacting millions of people, but which only implicated minor pieces of information, are often less severe than breaches that touched on a hundred thousand people, but stole extremely sensitive details. For example, consider the following 6 data breaches.
1. The Marriott Hotels Data Breach
In late 2018, Marriott International – the company that owns thousands of hotels across the United States and the rest of the world – announced that a data breach had been detected in one of the databases of its subsidiaries, Starwood Hotels. Starwood Hotels includes the following popular brands of hotels:
- Four Points by Sheraton
- St. Regis
While the breach was announced in 2018, the unauthorized access was discovered to have been ongoing since 2014, allowing the unknown hacker to continue to copy and encrypt records. Those records implicated personal information of all of the Starwood Hotel guests, including their:
- Email address
- Passport number
- Date of birth
- Reservation date
- Arrival and departure date
Additionally, the credit card numbers of some guests could have been implicated, as well.
The Marriott Hotel breach has affected the estimated 500 million guests who have stayed at a Starwood Hotel-affiliated property in the past few years.
2. The Equifax Breach
Equifax, a credit reporting agency who is supposed to monitor their customers' credit scores and protect them from fraud, was the victim of a massive data breach in 2017. This breach impacted almost every last one of Equifax's customers to some extent. Some, however, fared far worse than others. The personal information implicated in the Equifax breach included:
- Names, date of births, and Social Security Numbers of nearly 150 million customers
- Credit or debit card numbers of 209,000 customers
Other identifying information, including passport and driver's license numbers, of anyone who disputed a credit report with Equifax
The Equifax data breach was also significant in the fact that Equifax knew of the security loophole that was exploited by the hackers well beforehand. However, Equifax did nothing to fix it.
3. Multiple Data Breaches at Yahoo!
Despite two data breaches occurring in August, 2013, and in late 2014, the internet company Yahoo! did not disclose either one of them until late in 2016, and little is known for certain about the extent of the breach.
What is known, though, is that there was an unauthorized access of information in 2013 that impacted nearly 500 million accounts on the website and its email services. A little over a year later, there was a second unauthorized access that was thought to have uncovered personal information of a staggering one billion customers at Yahoo! The company, however, later admitted that it impacted all of the estimated three billion user accounts that had been created.
Implicated personal information included:
- Dates of birth
- Email addresses and associated passwords
- Telephone numbers
- Security questions and answers required for some logins
Additionally, many email accounts could have been accessed using the information obtained in the data breaches, putting even more personal information at risk of dissemination.
The severity and staggering scope of the data breach was reflected in changes to how much Verizon paid to acquire Yahoo!: News of the breaches reduced the purchase price of Yahoo! from $4.8 billion down to $350 million.
4. Records Taken from Anthem Blue Cross Blue Shield
In January of 2015, the medical insurance giant Anthem Blue Cross Blue Shield discovered that its information technology division had been hacked over the course of several weeks in December, 2014. The insurance company revealed the data breach the following month, and admitted that the hack had implicated many of its subsidiary insurance companies, as well. In the end, an estimated 78.8 million people had their personal information stolen, including their:
- Social Security Numbers
- Medical IDs
- Physical addresses
- Email addresses
While the medical records of Anthem's insured customers were not implicated in the data breach, the possibility of medical records being stolen in a hacking attempt was brought into the limelight by the breach.
A class action against Anthem settled in 2017 for $115 million, though Anthem refused to admit any wrongdoing as a part of the settlement. Government investigations into the hack have raised suspicions that a foreign government was behind the data breach, with Bloomberg reporting that China was a suspect.
5. Credit Card Information Stolen from Home Depot
Between April and September, 2014, hackers gained access to the self-checkout counters at all of the Home Depot stores in the U.S. and Canada. The length and the breadth of the breach allowed hackers to obtain credit and debit card information, including the numbers, expiration dates, and potentially the PIN numbers, of an estimated 56 million customers. The breach came hard on the heels of a similar incident with Target, though Home Depot eclipsed the severity of Target's data breach by around 16 million people, making Home Depot's the largest data breach impacting the financial information of its customers.
Affected customers were compensated with credit monitoring, or an equal amount of cash if they already had credit monitoring. Banks and credit card companies also won settlements from Home Depot, as well.
6. Data Breaches at Facebook Implicates All Sorts of Personal Information
More recently, Facebook has admitted to a data breach that allowed a third-party app developer unauthorized access to the photos of an estimated 6.8 million Facebook users.
To make matters worse, while Facebook knew of the breach as early as September, 2018, they did not disclose the breach to its users until December 14, 2018, preventing users from taking action. It also took months for Facebook to notify regulators and law enforcement, delaying investigations into the data breach.
This data breach was far from Facebook's only one. Numerous other incidents have implicated user data in the past. However, the nature of the data breaches on Facebook raises important questions about what constitutes “personal information” and “unauthorized access.”
The entire point of social media sites like Facebook revolves around people sharing details about their lives, from what they like to where they go to what they do. While users have power over privacy settings that allow certain people to access to certain information, questions of unauthorized access arise when users do not realize the nature of those privacy settings, or voluntarily provide information to third-party applications that then pass that information on to other actors. Additionally, the personal information implicated in Facebook's data breaches revolves around photos and personal preferences, rather than financial information or identification numbers. While this information poses less of a security risk, it could easily be considered more “personal,” implicating a victim's privacy to an even greater extent.
Victims Deserve Compensation
Even though data breaches are very different incidents than car accidents or other, more typical personal injury situations, they still have some very important similarities: The company who collected your information had an obligation to keep it safe, failed to protect you, and that led to your problems.
Regardless of whether the data breach was intentional or whether the company with your personal information was merely being negligent, the reality is that you were hurt because of their conduct. You deserve to be compensated for the difficulties you have been put through – after all, they were no fault of your own.
In many data breach cases, class actions are formed because there are so many people who suffered from the incident. Most of these class actions make use of the various state laws that protect someone's privacy as a way to recover compensation. Many of them also claim that principles of negligence also apply to the case and justify compensation, as an alternative to state statute.
Gilman & Bedigian: Lawyers Protecting Victims of Data Breaches
If you have had your personal information stolen because someone else could not be bothered to keep it secured, your future suddenly becomes very uncertain. The chances of your identity being stolen and used for nefarious purposes increase dramatically. Protecting against this possibility by getting credit monitoring services can be expensive.
The headache and the expenses that you face are not only frustrating; they are also not your fault. You deserve to be compensated for all of the foreseeable repercussions of someone else's negligence, including what that negligence resulted in a data breach.
The lawyers at Gilman & Bedigian can help. Contact them online for the legal help and representation that you need to recover the compensation that you deserve from the people who should be held accountable.