BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Who Pays For Security Breaches?

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 24 Jun 2014 19:13:32 -0600
http://www.nacsonline.com/News/Daily/Pages/ND0624141.aspx#.U6m1ZJRX-uY

With data breaches on the rise and seemingly no end to the damage that a
breach can have on an organization, the issue of who pays is heating up. At
the same time that NACS and a coalition of retailers have challenged the
National Association of Federal Credit Unions’ a credit union's call to
shift greater liability for breaches to retailers, an insurer has
petitioned a court to find that it's not required to defend Michaels
against a bevy of class action lawsuits resulting from a breach and a
retail group challenges.

Safety National, which issued a commercial general liability insurance
policy to Michaels, told a U.S. District Court in Texas last week, that it
shouldn't be required to defend Michaels in the breach cases because those
lawsuits don't seek payout for bodily injury or property damages that the
policy covers, according to an article in SC Magazine.

The insurer notes that “at least four class action lawsuits” have been
filed against the retailer claiming Michaels didn't adequately protect
customer data and asking for damages for the denial of privacy protections,
unauthorized charges and bank fees incurred, identity theft costs as well
as other costs. In turn, Michaels petitioned “Safety National provide [it]
with a defense” against those claims, according to court documents.

The issue of who pays and how much will grow increasingly important as
companies struggle to mitigate the financial damage done by a breach. SC
Magazine cites a report by the Ponemon Institute, stating that the average
cost of a data breach is $3.5 million. But as Target's December breach
proves, organizations often don't have a firm fix on just how much a breach
might cost. In fact, associated costs can ripple out for months, even years.

While financial institutions have routinely eaten the costs of fraudulent
charges resulting from a breach, the wind is beginning to shift, with
growing support for putting the onus on retailers.

In SC Magazine's 2014 Data Breach Survey, 36 percent of respondents favored
national legislation that places the burden on the company, not the banks,
to cover fraud-related costs — 32 percent opposed the measure.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: