How to Respond to a Breach of Customer Data featured image

How to Respond to a Breach of Customer Data

by John DiGiacomo

Partner

Data Breach

How do you respond to a breach of customer data? If you operate an ecommerce store, you need to know. Revision Legal partner John DiGiacomo has published another article on Practical Ecommerce: How to Respond to a Breach of Customer Data.

Data breaches seem to be the norm these days, whether they are at Yahoo, Home Depot, or, more recently, Michigan State University. And ecommerce merchants are not immune. My firm has recently handled data breach responses for small ecommerce companies that were affected by a breach of the LemonStand ecommerce platform.

Ecommerce merchants must take the risk of a data breach seriously. A breach that exposes customers’ data carries enormous potential liability. It can cause a business to go bankrupt.

But there is some good news. According to “2016 Global Security Report” by Trustwave, the security firm, only 38 percent of global data breaches target ecommerce stores. Traditional brick-and-mortar retail stores are the most targeted — roughly one-third of overall data breaches target magnetic strip data obtained from point of sale machines.

Notification laws vary from state to state:

It can be difficult, however, to detect a data breach. Forty-one percent of worldwide breaches are detected by victims, while 58 percent of breaches are reported to their victims by regulatory bodies, credit card companies, and banks. This, again, is from the Trustwave report. The average median time between a network intrusion and detection is 168 days for external detection and 15 days for internal detection.

Develop a Strategy to Reduce Risk

… develop a strategy for reducing the company’s risk associated with the breach. Many breached companies have offered credit-monitoring services or identity-theft-monitoring services to victims of the breach, to reduce the further risk of loss or harm. Others have offered informational packets or even some form of compensation to reduce their risk of liability. Each circumstance is different.

You can read the entire article here on the Practical Ecommerce site.

Revision Legal has worked with businesses of all sizes to assess data retention risks. If you have concerns about your exposure or have received a notification that you have been a victim of a data breach incident, contact the experienced data breach attorneys at Revision Legal. Civil fines are available in some states for a failure to expeditiously notify those affected by breaches. You need the legal team from Revision Legal in your corner today. Contact us using the form on this page or call us at 855-473-8474.

Photo credit to Flickr user Maria Irwin.

Extra, Extra!
Recent Posts

Fairness Factors For Your College NIL Agreement

Fairness Factors For Your College NIL Agreement

Corporate

In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]

Read more about Fairness Factors For Your College NIL Agreement

Is a “Fanciful” Trademark the Best Type of Trademark?

Is a “Fanciful” Trademark the Best Type of Trademark?

Trademark

Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]

Read more about Is a “Fanciful” Trademark the Best Type of Trademark?

Put Revision Legal on your side