Data Breaches- Personal Data
What Is A Data Breach?
A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment. As more and more of our personal information becomes accessible online, the risk of that information being lost or stolen by negligence or criminal activity grows every day. Recent breaches such as the 2017 Equifax breach, the 2015 Ashley Madison breach, and the 2018 Panera Bread data breach show that no company that stores personal information, whether it be a credit bureau, dating site, or restaurant, is immune from the risk. Protecting your personal information seems like an impossible task these days, but it is important to know in the aftermath of a data breach, you do have legal rights to pursue damages against those who were responsible for your private information.
How The CCPA Protects You
As of January 1st, 2020, California consumers have a powerful new tool to help protect their privacy- the California Consumer Protection Act. Under this new statute, Californians will be able find out exactly what personal information companies have compiled about them, and sue them if that information is stored incorrectly or leaked.
The California Consumer Privacy Act (CCPA) is a comprehensive new consumer protection law set to take effect on January 1, 2020 that offers new protections for the personal data of Californians. The CCPA introduces new privacy rights for Californians, such as the right to know what personal information a business has collected about them and the details on how the business uses and discloses the data.
The CCPA gives every Californian the right to demand a full accounting of the information a company has compiled about them, as well as full transparency as to any third parties whom that company may be sharing that data with. In addition, the California law allows consumers to sue companies if the privacy guidelines are violated, even if there is no breach.
Any company that serves Californian consumers and has annual revenues of $25 million or more must comply with the CCPA. Also, the CCPA regulates any company that keeps personal data on at least 50,000 people, as well as those that collect more than half of their revenues from the sale of personal data. Companies don’t have to be based in California or have a physical presence there to fall under the CCPA.
Now that the CCPA has come into effect, companies doing business in California are mandated to have a clearly visible footer on websites offering consumers the option to opt out of data sharing. If that footer is missing, or if you can’t find out how your information is being collected (and get copies of that information), you have the right to sue under the CCPA.
The CCPA also assigns specific penalties should any unauthorized access to your data occur. The CCPA allows for penalties of up to $750 per consumer per incident, or actual damages, whichever is greater.
Recent Data Breaches
T-Mobile recently disclosed that a data breach exposed the personal information, including SSNs and drivers license numbers, of over 56 million of its past and current customers. More information about the T-Mobile breach can be found here
In 2020, a Twitter breach targeted 130 accounts, including those of past presidents and Elon Musk, resulted in attackers swindling $121,000 in Bitcoin through nearly 300 transactions.
In 2020, Marriott disclosed a security breach impacted data of more than 5.2 million hotel guests.
The 2019 MGM data breach resulted in hackers leaking records of 142 million hotel guests. (CPO Magazine)
500 million consumers, dating back to 2014, had their information compromised in the Marriott-Starwood data breach made public in 2018.
In 2018, Under Armor reported that its “My Fitness Pal” was hacked, affecting 150 million users.
In 2017, 147.9 million consumers were affected by the Equifax Breach.
The Equifax breach cost the company over $4 billion in total.
In 2017, 412 million user accounts were stolen from Friendfinder’s sites.
100,000 groups in at least 150 countries and more than 400,000 machines were infected by the Wannacry virus in 2017, at a total cost of around $4 billion.
In 2016, Uber reported that hackers stole the information of over 57 million riders and drivers.
Uber tried to pay off hackers to delete the stolen data of 57 million users and keep the breach quiet.
In one of the biggest breaches of all time,3 billion Yahoo accounts were hacked in 2013.