Brian Jackson - Fotolia
The Neiman Marcus data breach lawsuit has brought up an interesting debate. Specifically, the company has argued that there was no harm to customers because the credit card companies reimbursed them for any fraudulent charges as a result of the breach. While the lawsuit was initially dismissed on these grounds, it's now back in court on appeal. Does Neiman Marcus' argument hold water? Or could this suit, if successful, set a precedent for corporate data breaches that may lead to more lawsuits?
In 2013, the Neiman Marcus Group experienced a breach that exposed credit card data for 350,000 customers. In 2014, the company found 9,200 of those accounts were used for fraud and shortly after, a class action lawsuit was filed for $5 million in damages. The case was dismissed in September 2014 because there was no injury to customers. However, on July 20, 2015, a U.S. Seventh District appeals court reinstated the case because the customers of as many as 350,000 cards had, in fact, suffered injuries, including the cost of credit monitoring services and replacement card fees.
Does this reversal set a precedent for corporate data breaches that may lead to more lawsuits? Lawyers associated with the case feel that this is a good starting point and expect other courts to follow suit, so it's possible that a new trend has begun. In addition to the Sony and Neiman Marcus breaches, this opens up the possibility that the ruling by the U.S. District Court for the District of Minnesota in Carlsen v GameStop could be overturned.
Customers want restitution whether or not the loss was monetary because after a hack, it's likely that not all of the affected customers' personal information is immediately used. Sometimes it's years before someone faces identity theft and then has to deal with the repercussions of a corporate breach. Stay tuned on this channel.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Learn some ways to improve corporate data protection
Find out how the Sony hack is different from other attacks
Discover when breach detections systems are better than IDS or NGFW
Dig Deeper on Information security laws, investigations and ethics
Related Q&A from Mike O. Villegas
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading
Yahoo reportedly rejected a forced password reset after numerous data breaches compromised user data. Expert Mike O. Villegas discusses whether this ... Continue Reading