In 2017 data breaches were one of the most harmful threats to businesses. As discussed in previous articles, a data breach is an event where an individual or a business has its sensitive information exposed. This sensitive information is commonly referred to as Personally Identifiable Information (PII) and includes not just user names and street addresses, but also social security numbers, medical records, or even bank and credit card account numbers.
There are three primary ways in which PII becomes exposed: (1) malware which enters a computer system through hacks and phishing attempts; (2) accidental internet exposure; and (3) internal employee error or theft. According to the Identity Theft Resource Center, the U.S. saw 1,579 total breaches in 2017, amounting to the exposure of over 175 million sensitive records. This was an increase of 389% in total records exposed since 2016. Moreover, the industry most impacted by data breaches last year was the business category which took the brunt of over 91% of breaches. Some of the most notable impacted businesses were Equifax, America’s Joblink Alliance, Sonic, and Dow Jones & Company.
What is even more worrisome is that in many cases the number of records compromised is reported as “unknown.” This occurs when either the number of compromised records legitimately cannot be identified or the exposed information includes things like usernames, passwords, and email addresses. The reason the latter “cannot be identified” is because this type of information does not usually trigger breach notification laws.
Naturally, a data breach is not cheap to remedy. Remedying a data breach includes everything from investigations, to legal and PR costs, to consulting and information technology fees. According to a 2017 IBM study, the average cost per capita of a data breach in the U.S. was $225 and the average organizational cost totaled $7.35 million.
Currently, most state laws do not afford much protection or legal recourse to victims of a data breach. However, Illinois has been on the forefront of data breach legislation. In early 2017 amendments to the Personal Information Protection Act (“PIPA”) took effect. These amendments include more categories of sensitive information, including health insurance information, medical information, and usernames with access credentials. Despite Illinois legislative action, it is still imperative that businesses become familiar with the issue of data breaches and take steps to protect the sensitive information they process.
While it is important to address a data breach when it happens, recent trends have taught us that it is even more important to develop measures to prevent data breaches. Employee training and education is the primary strategy to protect against a data breach. The attorneys at Rock Fusco & Connelly have been following data breach trends and are ready to assist your business in implementing appropriate safeguards as well as helping in the aftermath of a breach.