Will Home Depot be the one that’s “gonna get it”?
Based upon the information we are learning, it could be.
Way back in 2011 I wrote Data Breach — Who’s Gonna Get it? and it scared people. For good reason. In that piece I wrote of how one day, in the future, a company would come along that had clear and unequivocal knowledge of the risk posed by data breach and, despite that knowledge, ignored it.
Then, because it knew of the risks, but chose to ignore those risks, there would be no forgiveness when its time for judgment came and it would have to pay the price for ignoring this risk.
I expected that judgment to come from a jury. Data breach lawsuits based on privacy rights are are having a difficult time in the courts because the plaintiffs are unable to show they suffered any actual harm. However, enterprising lawyers are finding a way around these impediments by looking to companies’ contractual documents and websites to find things such as Privacy Policies, Terms of Service, and other literature making representations about security and using those documents to serve as the premise for deceptive trade practices claims. A case against Home Depot just may be able to get to a jury on these types of claims.
Or, the judgment could — and likely will — also come from elsewhere such as the FTC or attorneys general of many states.
If true, there will be a price to pay
Regardless of where it comes from, the ultimate price that Home Depot pays for this data breach could be of record proportions and make the costs Target paid for its breach pale in comparison. Why?
Because, according to the statements below, Home Depot knew the risks, was fully aware of scope of the risks, knew the consequences of those risks, could have taken steps to mitigate those risks, but instead, it consciously ignored them. If these statements prove to be accurate, sit back and get ready to watch because this one could get interesting:
The risks were clear to computer experts inside Home Depot: The home improvement chain, they warned for years, might be easy prey for hackers.
But despite alarms as far back as 2008, Home Depot was slow to raise its defenses, according to former employees. On Thursday, the company confirmed what many had feared: The biggest data breach in retailing history had compromised 56 million of its customers’ credit cards. The data has popped up on black markets and, by one estimate, could be used to make $3 billion in illegal purchases.
via Ex-Employees Say Home Depot Left Data Vulnerable – NYTimes.com.
This is great!
James J. Roskopf
INSURICA ®
2301 West Plano Parkway, Suite 108
Plano, TX 75075
P 469.443.3489 | M 214.697.4637 | F 972.419.5363
jroskopf@insurica.com
Thank you Jim!
Reblogged this on tomhulsey and commented:
Let this be a lesson learned! A breach is not a matter of if, but when.
Let this be a lesson learned! A breach is not a matter of if, but when.
Tom,
I thought there was some good info in this presentation, but maybe too many statistics!
Sometimes I wonder if IT people talk about the issues with cyber to such a degree that management gets a deaf ear.
Again, from the insurance side, until there are more disasters outside of the large retailer world, many clients still aren’t buying this a top concern.
Pretty sad.
JR
James J. Roskopf
INSURICA (r) 2301 West Plano Parkway, Suite 108 Plano, TX 75075 P 469.443.3489 | M 214.697.4637 | F 972.419.5363 jroskopf@insurica.com
Thank you for sharing. Let’s hope that this IS the worst. There are more threats out there today, if they don’t pull that movie. Good Grief! Bobbie
Bobbie Duke
INSURICA (r) 5100 N. Classen Boulevard, #300 Oklahoma City, Oklahoma 73118 P 405.556.2218 | F 405.556.2332 Bduke@insurica.com
Bobbie — if only it were just the movie! Thanks for your comment and for following my blog!