In November 2013, in the midst of the holiday shopping season, hackers targeted Target Corporation with one of the largest security breaches of its kind. The hackers installed malware on the company’s security and payment systems to steal credit card information. The result impacted over 100 million customers. Given the magnitude of the breach, it may be surprising to learn that Target had prepared for an attack. It invested over $1.5 million in malware detection software in 2013 alone and hired a leading security firm to monitor for suspicious activity and alert the company in the event of a breach. Obviously, that wasn’t enough, according to a wave of recent lawsuits.
In the midst of the attack against Target, its security firm detected the breach and issued an alert to the company. Reportedly, however, Target did not appropriately react. Many are now alleging that the company sat idly as millions of customer credit card numbers, addresses, phone numbers, and other personal information were siphoned off of its mainframes.
Just as the company has begun to piece together the scope of the breach and its immediate impact, it must now contend with the legal fallout, which some experts say could cost the company billions. Over 140 lawsuits have already been filed by customers and banks, asserting claims for negligence and compensatory damages. The cases were consolidated before the District Court of Minnesota. If class action status is eventually granted, millions of consumers could potentially join the lawsuit.
The professional liability community knew these lawsuits were coming. The litigation may help to shape the landscape of cyber liability and develop a relatively new area of law. In the meantime, the Target litigation places all professionals on notice of the potential impact of cyber crime and the importance of diligently safeguarding all sensitive data. Target’s case is an extreme example of the evolution of cyber-crime, but it can impact anyone, even the solo practitioner.
In particular, professionals who maintain confidential client information such as financial data or health records are prone to an attack. Professionals can take simple steps to reduce the likelihood of a data breach by utilizing passcodes on all electronic devices, logging off computers when not in use, avoiding suspicious emails and attachments, and timely deleting personally identifiable information. Making data security a priority can help to reduce the risk of exposure and avoid costly litigation.