Internet crime and punishment: What happens when your data gets leaked

All Security Reviews Staff · February 16, 2016

Internet crime and punishment: What happens when your data gets leaked

It’s all too common: a company, accidentally or not, exposes your personal information. Cue the stress of canceling accounts, changing passwords, monitoring your credit and — in the worst cases — repairing damage to your identity. But what consequences do offenders face? Let’s take a look at a few cases.

Who?

Ride-hailing service Uber

What happened?

The names and license numbers of a reported 50,000 drivers were leaked following a third-party breach in 2014.1 The San Francisco-based company failed to notify drivers of the breach in a timely manner.

So what?

New York Attorney General Eric Schneiderman investigated the breach — along with Uber’s use of driver and rider data in general — and concluded its policies didn’t do enough to protect users and Uber’s service providers. Uber settled with New York state authorities in January, agreeing to a $20,000 fine and beefed-up security measures, including encryption of rider geo-location information. Employees must also authenticate their identity before accessing rider info and employees will be trained in protecting user and driver data, among other measures. “We are deeply committed to protecting the privacy and personal data of riders and drivers," Uber spokeswoman Jessica Santillo said in a statement.

Who?

Multibillion-dollar retailer Target

What happened?

Flashback to the 2013 holiday season when hackers broke into Target’s payment system, capturing 40 million debit and credit card numbers, plus 70 million addresses, phone numbers, and pieces of personal information.

So what?

Following the attack, several card issuers banded together in the form of a class-action lawsuit. The financial institutions sought reimbursement for replacing debit and credit cards compromised in the breach. Meanwhile, Target worked with the big guys (Visa and MasterCard) to settle. In August 2015, Target agreed to pay Visa — representing banks and other card issuers — up to $67 million for costs incurred after the retailer failed to protect customer information. The settlement also prohibits card issuers from suing Target based in the future. In December, Target reached a similar settlement with MasterCard and other card-issuing banks: $39 million. In all, Target estimates $290 million in breach reimbursements.

Who?

New York and Presbyterian Hospital and Columbia University

What happened?

The health care organizations, which operate a shared data network, inadvertently exposed the patient status, vital signs, medication and lab results of 6,800 patients. The breach came after a Columbia University physician attempted to deactivate a computer server on the network containing patient files, opening it up to internet search engines. The U.S. Department of Health and Human Services Office for Civil Rights says neither health care group ensured the server was properly secured.

So what?

In the largest HIPPA settlement on record, the organizations paid out a combined $4.8 million, and agreed to implement correct action plans to prevent future records slip-ups.

Who?

Home improvement giant Home Depot

What happened?

About 56 million credit and debit card numbers were leaked after hackers used vendor login credentials. More than 50 lawsuits were filed after the 2014 attack, and Home Depot officials claimed $232 million in expenses about a year after the breach.

So what?

Ponem Research estimates the breach will cost the retailer $194 per comprised record. Forbes forecasted Home Depot will spent $10 billion over 5 years mitigating the breach. That figure includes investigation, remediation, notification, identity theft repair and credit monitoring, regulatory fines, disruptions in normal business operations, lost business, and related lawsuits.

All Security Reviews Staff avatar

All Security Reviews Staff

Our team at All Security Reviews (ASR) has extensive experience in the personal security industry. At ASR we bring this experience and expertise to you by reviewing security providers and grading each company through our proprietary Identity Protection Rating System.