toggle accessibility mode
data security update

7 Reasons to Read FTC’s 2017 Privacy & Data Security Update

By John DiGiacomo

The Federal Trade Commission (“FTC”) recently released its 2017 Annual Privacy and Data Security Update (click here; for the direct link to the Update, click here and then click on the PDF link provided). We see seven compelling reasons to read the 2017 FTC Update and to take data breaches seriously:

1. The Number of Data Breaches Increases Every Year

There were over 850 computer security attacks in 2017. The number of breaches has been increasing every year. The data breaches involve billions of people around the world. Billions with a ‘B’ – this is not an exaggeration. For example, the recent Equifax data breach involved 145 million customers; a data breach from India mobile phone carrier involved 120 million consumers; data breaches from a number of popular Chinese websites resulted in the theft of personal and financial information on 1.85 billion customers.

2. Costs can be Massive

The cost of a data breach to your company can be massively burdensome. Vast amounts of employee time will be needed to:

  • Fix the security breaches
  • Deal with governmental investigators
  • Notify customers and clients
  • Handle the public and media relations
  • Respond to the lawsuits

Aside from loss-of-productivity costs, your business will be paying for outside legal counsel, experts, auditors, settlements, and fines. See our post on the high cost of data breaches.

When Target stores had a significant data breach in November 2013, filings with the Securities and Exchange Commission show that in the following four years Target spent an average of $50 million a year dealing with the after-effects of the breach.

In another example, Anthem, a health care provider, recently agreed to pay $115 million to settle 100 lawsuits filed against it for a 2015 hack of customer information. Anthem was hacked and the private data of 79 million customers was stolen. Anthem agreed to either pay each customer $50 or purchase for them two years worth of credit monitoring.

Pause to consider this for a moment – the per-customer settlement is minor, but due to the immense number of customers impacted, the $115 million settlement became the largest data-hack settlement at the time.

3. Cyber-Threats are Constantly Evolving

Threats to your computer systems are constantly emerging. Every software update and each hardware improvement is a potential target for exploitation by hackers and criminals. These activities are being directed at your company ON PURPOSE and with bad intent. Such threats demand your immediate and full attention.

4. Cyber-Threats are Now Internal

Most people focus on the external threats, but internal threats are becoming the new normal. We recently wrote about a rogue administrator in United States v. Thomas, No. 16-41264 (5th Cir. 2017). Mr. Thomas was the Company’s IT Operations Manager.  Unhappy that a co-worker had been fired, Mr. Thomas spent a weekend sabotaging his employer’s computer systems and network and then quit without warning. Mr. Thomas was convicted, but his employer’s business suffered significant disruption.

As another example, in a widely reported case from the United Kingdom, an IT auditor for WM Morrisons Supermarkets, a large grocery store chain in the UK, received a disciplinary warning for employee misconduct. Not happy about being disciplined, he retaliated by deliberately publishing personal and financial data on nearly 100,000 of his coworkers including names, addresses, phone numbers, bank data, etc. The employee was charged and convicted of various crimes. However, Morrisons was recently held liable in a class action lawsuit brought by several thousand of the affected employees. Recently, a UK court held that Morrisons was legally responsible for the data leak. See report here. These examples show that you cannot be too careful with respect to securing your computer and network systems from both external and internal threats.

5. Non-Monetary Costs can be Massive

Lax cybersecurity is not just a threat to consumer data, but also to your company’s trade secrets and property.

Dun & Bradstreet, for example, had a valuable asset stolen by hackers in 2017. It was an exclusive database for marketing and email campaigns. This database gave Dun & Bradstreet a significant competitive advantage that was lost when the database was stolen. Adding insult to injury, Dun & Bradstreet had acquired the database in 2015 as part of a $125 million purchase of a smaller company called NetProspex. Very likely, the largest asset owned by NetProspex was just this database. As another example, HBO lost confidential data which led to the unauthorized release of HBO programming, including a script of a then-upcoming episode of Game of Thrones.

6. Your Business can be at the Mercy of Hackers

Further, lax cybersecurity is a direct threat to your business and your ability to function. Ransom can be demanded and your business can be vulnerable to malware like WannaCrypt/Cry. WannaCrypt infected millions of computers in May 2017 across 74 countries. The malware encrypted as many files as it could on a given computer system and then demanded $300 or $600 in Bitcoin to restore the files. This malware also installed a backdoor to the computers and servers which allowed remote control and access. For those infected, business operations came to a standstill.

Your company can also be vulnerable to ransom demands to avoid bad publicity and legal liability. Uber had a data breach in October 2016 which the company tried to hide and then paid the same hackers $100,000 to help in the concealment.

7. Hackers can Damage Your Business Reputation

Nearly three-fourths of cyberattacks seek money, stealing money directly from financial accounts or credit card numbers, demanding a ransom, or something similar. But between 10% and 15% of security breaches are hacktivism — criminal behavior designed to punish or embarrass your company for political or social reasons. We’ve recently written on these types of breaches here.

Data Breach Attorneys: Contact Revision Legal Today

Contact us via email or call us at 855-473-8474.


You Might Also Like:

Cybersecurity Best Practices

Chipped Credit Cards and Internet Fraud

Cyber Attacks Explained

Tips To Avoid Data Breach Litigation

Put Revision Legal on your side