Lawsuit confirms that companies can be held liable for failing to provide adequate security
Security pros, take heed: If you don't do your job, you may not only be fired -- you may end up in court.
A Billings, Mont., law firm has filed a class-action lawsuit in federal court against Davidson Companies, claiming the company was negligent when it allowed a hacker to penetrate its systems, resulting in a data security breach and the exposure of some 226,000 customer records, according to a report.
The breach, which was revealed in January, occurred when a hacker broke into a Davidson Companies database and obtained the names and Social Security numbers of virtually all of the Montana-based financial services company's clients. Details on how the hacker accessed the database weren't published.
In the past, companies have been held liable for more overt data losses, such as the loss of a laptop or backup tape. Recently, however, companies have been sued for things their IT departments didn't do, alleging that the IT security department's negligence led to a hack. (See FTC Deal Suggests Enterprises Could Be Liable for Poor Security.)
This latest class-action lawsuit alleges "the Davidson Companies failed to comply with the industry standards designed to protect such confidential personal and financial information from theft" and that the company did not provide "adequate safeguards in its storage and handling of its clients’ confidential personal and financial information."
The lawsuit, which doesn't specify a monetary demand, was filed even though the plaintiffs aren't aware of any identity theft resulting from the breach. Attorneys for Davidson Companies said they haven't seen the paperwork and declined comment.
— Tim Wilson, Site Editor, Dark Reading
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024