My Personal Information Has Been Compromised. What Should I Do?

Data Breaches And Personal Injury 

Author: Lucie Kossut

With the increasing number of cyberattacks and data breaches happening all over the world since the beginning of the global pandemic COVID-19, consumers, businesses, students, and patients want to find out what to do in case their information gets compromised. 

 

What Is a Data Breach? 

Data breach is a broad term used to describe the release of private or confidential information, such as financial or medical records, to an unauthorized environment. Data breaches usually occur as a result of a cyberattack that compromised the security and privacy of a private business or a public organization. Such attacks are performed in a variety of ways, such as through social engineering methods, phishing emails, remotely bypassing network security, or physically accessing a computer or network to steal local files. 

 

What To Do After a Breach?

After finding out that there has been a data breach and as a result, sensitive information was compromised and exploited, there are several steps that need to be taken to reduce further damages: 

• Call the bank and other financial institutions to inform them about the incident so they can suspend the accounts 
• Change login credentials to all of your accounts, including social media 
• Save all the information regarding the breach, such as correspondence with financial institutions and  the company that was the target of the attack 
• Keep track of everything that happened during and after the breach, such as any changes to the finances, including fraudulent charges or fluctuations in the credit score

 

How To Prove Injury? 

Laws regarding liability for leaked personal data, such as credit card information or home address, are frequently revised and modified. Even though we do not have to look far to find examples of big breach stories ending with settlements citing negligence, the reality is much different; most cases are dismissed because the prosecution is not able to prove that the incident resulted in true damage. In the past, simply being at risk of identity theft due to a data breach was not enough to go to litigation. Nowadays, courts are starting to believe that the threat of having one’s identity stolen is enough to seek compensation. In other words, those affected by a personal data leak may be able to hold the breached company liable for failure to keep consumer data safe. 

 

What Potential Damages May Be Recovered? 

There is no ‘standard’ compensation that may be awarded to the plaintiff involved in a data breach lawsuit. Factors that impact the outcome of such a case include the type of breach the plaintiff was a victim of and the damages he or she has suffered as a consequence of the incident. For example, a medical billing company could be the target of a cyberattack which would result in the release of patients’ sensitive data such as names, home addresses, credit card information, age, etc. In such a case, if one of those affected by the breach had their identity stolen, and large, unauthorized purchases had been made, the victim may be able to receive compensation that will cover the costs associated with that incident. Such costs may include credit insurance and credit reports, replacing credit and debit cards, correcting information damaged by the breach, any out-of-pocket expenses related to the incident. In more serious cases, the plaintiff may be able to recover additional compensation for emotional damages associated with the breach, such as distress experienced after the invasion of privacy, or damage to credit and/or reputation. 

 

To summarize, data breaches result from cyberattacks that may target any individual, business, or organization. Not every attack and breach are the same, and neither are the damages resulting from the incident. Consequently, the victims may not always be able to receive compensation, especially if no real damage was done. However, the risk of becoming a victim of identity theft, or damage to reputation and/or finances due to fraudulent activity after the breach may be reasons strong enough to seek a remedy through the legal route.