McCarter & English, LLP | Contents of this website may contain attorney advertising. | Results may vary depending on your particular facts and legal circumstances.

Share

Alternative Dispute Resolution & Mediation
Artificial Intelligence
Bankruptcy, Restructuring & Litigation
Blockchain, Smart Contracts & Digital Currencies
Business Litigation
Cannabis
Coronavirus Resource Center
Corporate
Crisis Management
Cybersecurity & Data Privacy
Delaware Corporate, LLC & Partnership Law
Design, Fashion & Luxury
E-Discovery & Records Management
Energy & Utilities
Environment & Energy
Financial Institutions
Food & Beverage
Government Affairs
Government Contracts & Global Trade
Government Investigations & White Collar Defense
Healthcare
Hospitality
Immigration
Impact Investing
Insurance Recovery, Litigation & Counseling
Intellectual Property
Labor & Employment
Life Sciences
Manufacturing
Products Liability, Mass Torts & Consumer Class Actions
Public Finance
Real Estate
Renewable Energy
Sports & Entertainment
Tax & Employee Benefits
Technology Transactions
Transportation, Logistics & Supply Chain Management
Trusts, Estates & Private Clients
Venture Capital & Emerging Growth Companies
Search By:

8.21.2024

A recent data breach became public following a class action filed in the Southern District of Florida. The suit alleged that a background check company failed to prevent a cyberattack by a “criminal gang” which claimed to have hijacked the personal information of nearly 3 billion people. Scott Christie spoke with The Recorder and said that companies may need to reevaluate and adjust their use of Social Security numbers for their security procedures to mitigate the risk of legal liability. “If your Social Security number and my Social Security number [were] not already a matter of public record before this incident, it probably is now, along with everyone else in the country,” Scott said. “That being the case, companies should think long and hard about using Social Security numbers as part of multifactor authentication. I can imagine, at some point in the future, some litigant is going to say, well, after this incident it is unreasonable for you to have been using Social Security numbers going forward since they are almost certainly out in the public domain and are close to worthless as a form of security for my account. I think companies should pay attention to that and perhaps adjust their multifactor authentication processes accordingly.”

“At the end of the day, most companies don’t think that their system is at risk until they experience something, and even though it’s certainly best practice to shore up the security of their databases for a variety of reasons, a company may not do it appropriately,” he said. “So I would hope that this, if not the prior incidents, wake[s] people up to the seriousness of the problem. I guess it remains to be seen. But yes, this should clearly be a situation where people are seeing what is happening and taking appropriate precautions and not leaving the data in a manner that it is apparently easily exposed. So hope springs eternal, but it’s a matter of dollars and cents and you have a limited budget. Sometimes companies don’t prioritize data security, and they pay for it for these types of in incidents.”

More information