Recent federal court rulings are showing more favor for victims of data breaches, giving precedent to class-action lawsuits against the businesses who are breached. The U.S. Court of Appeals for the Seventh Circuit recently ruled that victims of data stolen during a security breach at Neiman Marcus stores have standing—a right to file a lawsuit in federal court over concerns of on-going problems. This is potentially disastrous for all retailers, because insurance won’t cover all the legal costs and predicting victims’ future damage claims would confuse the world’s best actuaries. A class action lawsuit will cripple retailers.
Why Liability is Shifting
In the past, consumer class-action suits filed against breached businesses typically were dismissed, because it was difficult to link consumer harm to the data breach. And it’s true that when only payment card data is lost, most consumers don’t suffer major monetary losses, because breached credit cards can be cancelled and your bank will have a new one for you in 48 hours. No harm, no foul. But—and it is a massive BUT—there can be great harm in the case of stolen Personally Identifiable Information (PII), which is now a major focus of cyber thieves. PII is the Trojan Horse sitting in every data environment. Stolen PII has major long-term harmful ramifications that affect consumers—and a yearlong membership to a credit tracking service won’t right the wrong.
Why PII is a Prime Target
Cyber thieves want PII because they can build an entire identity around a social security number, address, and other pertinent personal data. Your social security number sells for $200, while your credit card garners only $25 on the black market. Once an identity is “stolen”, a consumer faces a miserable process trying to cleanse their records and reclaim their identity. The horror stories of identity theft litter the social networks. Retailers that lose their customers’ PII quickly become the target of bad press, leading to sudden and severe management changes.
What Does This Mean for Your Business?
You are liable to your customers—legally, financially, and even morally—if you allow their Payment Card Information (PCI) and PII to be exposed in a data breach. If these recent legal precedents gain momentum, retailers will be devastated by the sheer cost of class-action lawsuits when customer data is stolen from their business systems. Target is approaching $1 billion in data breach costs from their breach two years ago. The resulting payouts from class action lawsuits are in addition to the almost $200 per file recovery cost that business incur for EACH file breached. Until this recent court decision, retailers have been rather insulated against class action suits, but when PII is the target, negligence is now the key challenge to data security strategies. The solution? Tokenize and securely vault PCI and PII in the cloud.
Tokenization is the Solution to Protect PCI and PII
With a true cloud tokenization platform, you can remove PII, PCI, PHI, or any other data set from your business systems. Tokenization removes the toxic data replacing it with values that are meaningless to hackers, but still useful to your business processes. So even if your systems are breached, it’s good to know that “You can’t steal what’s not there!” With PII becoming a primary target of cyber thieves, a PCI-only tokenization solution will not keep your customers safe—or your business out of the courts. The TokenEx Cloud Security Platform offers unlimited flexibility in tokenizing all types of data sets.