From Cyber Attacks and Data Breaches now Sony Pictures Entertainment. Not a week goes by when news headlines aren't filled with announcements that another American-based company is the victim of a data breach or cyber attack. While larger companies are grabbing the most attention, small and medium-sized businesses (SMBs) are also at risk of having their sensitive customer (and even employee) data breached. Though less publicized, these breaches have occurred throughout the country and can have substantial impacts on "mom and pop" companies with limited resources. Depending on the motives, SMBs may make more attractive targets for cyber-thieves. Because SMBs typically have fewer resources to combat these threats, cyber-thieves see SMB customer data as "low-hanging fruit." Hackers and other data thieves know these smaller companies often possess valuable customer information and may not be theft or inappropriate disclosure. A data breach can be far more devastating for an SMB than a larger company. Although SMBs typically hold less customer data, hackers and data thieves who target SMBs are most likely motivated solely to use the customer data in an inappropriate manner. In contrast, hackers or data thieves who attack large corporations may have different motivations that are not solely for financial gain. For instance, some of the international hackers who have breached large corporations' data were politically motivated. Some are merely chasing the thrill of breaching large corporations' IT security systems and the resulting publicity, possibly never using or selling the stolen data. The motivation to use customer data is particularly important. In consumer lawsuits dealing with data breaches, one of the key issues is whether the inappropriate or criminal manner. Financially-motivated hackers and data thieves typically sell the customer information they acquire or use it themselves to create fraudulent accounts or access existing accounts. Whether customers actually suffer economic losses from the misuse of their stolen information during a data breach could be paramount in determining the level of a company's potential financial exposure in litigation following a data breach. Remijas v. The Neiman Marcus Group, LLC, 2014 U.S. Dist. LEXIS 129574 (N.D. Ill. 2014). While data breaches for large companies may not always be financially motivated (and therefore may not result in the misuse of stolen customer data), if a cyber attack occurs against a SMB, it can be presumed that the hackers/ criminals targeted the business in order to misuse the customer data for their broad range of matters. He is a member of the firm's cyber and data breach liability, business and commercial litigation, insurance, labor and employment, and technology and emerging growth companies practice groups. and commercial litigation in the areas of cyber and data breach liability, technology and emerging growth companies, trade secrets, insurance, and class action and complex litigation. He is a member of The Sedona Conference Working Group 1 and co-chair of CLM's eDiscovery and ESI Committee. and has been an integral member of the firm's litigation group his entire legal career. His practice focuses primarily on complex and corporate litigation for clients in the financial services, health care and construction industries, as well as corporate entities in other industries. 505 North 20th Street Suite 1800 Financial Center Birmingham, Alabama 35203 205.328.7234 Fax jpz@csattorneys.com resmith@csattorneys.com csattorneys.com |