Data Breaches

San Francisco downtown

Data Breach Attorneys – How we can help

Losing your customer’s data, or personal information to a hacker/cracker can overwhelm a small company.  It is critical to protect your company against lawsuits that result from a data breach.  But, if your company has been attacked already, or you think you may have lost some data – it’s even more important to get legal advice from an experienced data breach attorney immediately.

Not every breach is actionable in every situation.  Actual damages may be required in order to pursue a claim. In Ruiz v. Gap, 622 F. Supp. 2d 908 (N.D. Cal. 2009), the Court held that a Plaintiff failed to prove any loss or actual injury as a result of the breach of his personal information. A data breach that does not result in real losses will fail in Court. Exposure to potential harm is not enough.

However, when the breach results in actual damages, the resulting liability can be devastating. In the matter of TJX Companies, the business suffered a data breach that affected over 45 million credit card numbers. The banks that issued these credit cards lost over $60 million, the card holders had their bank accounts frozen, and some had to get new driver’s licenses. The Federal Trade Commission, and 41 State Attorney Generals (AGs) brought suit against TJX.

While being the defendant in a lawsuit is never comfortable, being a defendant in a lawsuit against deputy AGs and the FTC is considerably worse – deputy AGs and FTC attorneys are often very experienced prosecutors and litigators. However, the difference between private plaintiff’s lawyers and a deputy AG is that the deputy often only has one case to apply all of his or her time, focus and energy and they have resources that private firms often do not have (like uniformed law enforcement officers, surveillance helicopters, etc.).

TJX ended up paying almost $41 million in damages in addition to being subjected to audits and having to implement security safeguards. Albert Gonzalez pled guilty to the TJX hack and 19 counts of conspiracy and is serving a 20 year prison sentence.

California requires businesses to notify any California resident whose unencrypted personal information, as defined, was taken, or reasonably believed to have been taken, by an unauthorized person.

If you have any questions about data security, or your company’s liability in a potential data breach, please give our office a call at (408) 816-2311.