NEWS ALERTS - Breaking News Alerts from IDT911

Small Breach Settlement Could Set Precedent

RockYou breach suit seen as legal trailblazer

Wednesday, November 30, 2011
Small Breach Settlement Could Set PrecedentA relatively minor settlement following a massive 2009 data breach might end up being remarkably important in the way court cases concerning these incidents are heard for years.

The data breach itself, which exposed the personal information of more than 32 million consumers who had their personal information exposed in a December 2009 hacking attack, led to a class-action suit in which the primary plaintiff was awarded the relatively minor sum of $2,000, according to a report from Dark Reading. RockYou - a developer of games for social networking sites like Facebook and MySpace - will also pay his more than $290,000 in lawyers' fees.

The RockYou breach happened because the company stored all of its user account data in plain text files on its database, and left them unencrypted, the report said. The hack exposed users' passwords for outside sites, and the company failed to notify users for several days. When it did alert victims to the incident, it also incorrectly stated that the breach only affected older applications.

But more important than the money is what the case will mean for data breach litigation going forward, as it will likely open the door for more suits brought by consumers whose private personal, financial or medical information was exposed in a data breach, the report said.

In the past, consumers have had to prove that they've suffered damages as a result of having this data exposed in a data breach, but a few court cases in recent months may indicate that a sea change is coming for this type of decision, according to a separate report from Data Privacy Monitor. Another recent decision in the case of the grocery chain Hannaford - in which its credit card readers were hacked, exposing the payment information for millions of consumers - found that the company was liable even to those who did not lose money as a result of fraud.

Of course, consumers typically face a number of costs as a result of many data breaches, such as those related to the cost of mitigating the threat of fraud.

Ondrej Krehel, chief information security officer for Identity Theft 911, writes regularly on his official blog about ways in which consumers can better protect their sensitive information in the wake of data breaches.

© IDT911, LLC. All Rights Reserved.
If you need identity theft assistance, call your provider organization to be put in touch with the IDT911 Resolution Center. More information for individual consumers.