This week saw additional headaches for two US companies involved in major data breaches (we’re talking top ten in US history to date). Yahoo, now a part of Verizon, has agreed to settle a lawsuit for $50 million. In addition, Anthem, Inc. – the Indiana-based BlueCross BlueShield insurance company – has agreed to settle HIPAA violations by paying a $16 million monetary penalty to the US Department of Health and Human Services (HHS).
Earlier this year, Yahoo’s “other arm” – now known as Altaba, a separate entity from Verizon – settled with the SEC for $35 million. Likewise, just a couple of months ago, Anthem settled a lawsuit for $115 million.
The final tally so far for the Yahoo breach: $85 million in settlements, over $30 million in lawyer fees (for the plaintiffs), and a $350 million haircut when Verizon acquired the company. That’s a total of $465+ million.
For Anthem: a total of $165 million.
And let’s not forget that these figures do not include what each company paid for their own defense (the numbers certainly must be in the millions).
Conclusion: data breaches now suck for both breachees and breachers. It wasn’t always like that.
Historical Inflection Point?
Ten years ago, a lawsuit centered around a data breach would have been tossed from court. Today, that hardly seems to be the case… although exceptions do exist, like Equifax. (Still, it’s only been a little over one year since that particular data breach. Yahoo and Anthem’s travails took years to be resolved, and with Equifax’s data breach being in the top five information security incidents of all time, it’s still too early to tell whether the credit-reporting agency will join the two companies’ dubious circle of honor).
It may, perhaps, be too early to declare that the days of conveniently ignoring data security, in the belief that there will be little to no blowback when it happens, are really over. Still, there are many signs that this is a watershed year, including:
• People are leaving social media platforms or decreasing their use, mostly due to privacy and data security concerns.
• Over the course of ten years, pretty much everyone has been affected by a data breach. Chances are that everyone knows someone who has been affected quite negatively. Even judges who in the past couldn’t see what the big deal was. Nothing like hitting close to home to understand what’s what.
• Greater and greater fines are being imposed for data breaches, a direct result of continuing and ever-expanding information security incidents.
• The EU passed this year some of the strongest privacy laws yet.
Related Articles and Sites: