Data Breach, Cyber Security & Biometric Data Lawsuits
Technology is reshaping society at a rapid pace. While advancements in technology empower consumers, they also have unintended consequences that raise novel legal issues. Technology changes much faster than the laws that regulate it. Staying ahead of legal technical issues requires a law firm that can see the full picture of innovation and apply past lessons to navigate fast-moving developments, in a manner that puts the interests of consumers ahead of corporate interests.
When we use our smart devices, conduct online banking, complete point of sale transactions, shop online, and view social media, our confidential personal data is routinely stored by the companies with which we do business. These companies are responsible for safeguarding our data from being stolen and used illegally, but in today’s digital environment, large data breaches occur regularly. Companies can also unlawfully harvest user data to serve their own ends, without consent from their customers. The lack of transparency regarding such practices raises many troubling concerns, including invasion of privacy, identity theft, fraud, and social engineering.
As a leader in the fields of cyber security, data breach litigation, and biometric data collection, Milberg has worked to change data security practices so that large corporations respect and safeguard consumers’ personal data. We have a proven track record of holding large corporations accountable for failing to protect data and privacy rights, including Equifax, Yahoo, Target, Anthem, Capital One, Quest Laboratories, Facebook, and Google.
Our data breach and privacy lawyers work at the cutting edge of technology and law, helping to create meaningful checks and balances against technology and the companies that wield it.
To discuss a data breach lawsuit or biometric data lawsuit with Milberg’s cyber security attorneys, please contact us.
Cyber Crimes On The Rise
Data breaches—and data breach lawsuits—are a regular aspect of the digital age. As our lives move increasingly online, the size of our digital footprint grows, and this creates more opportunities for cybercriminals to obtain our personal information. Americans are now more worried about being the victim of cybercrimes like the hacking of personal data and identity theft than they are traditional crimes.
According to a recent Gallup poll, 71% of Americans say they fear computer hackers will access their personal, credit card, or financial information, and 67% often worry about identity theft. These fears are not unfounded. A separate Gallup poll found that 1 out of 4 Americans experienced cybercrime in the past year. And a Value Penguin survey found that 43% of Americans have been the victim of a cybercrime.
But it’s not necessarily hackers and identity thieves that Americans fear the most. Respondents to Value Penguin’s survey said that more than cybercriminals targeting them, they feared companies selling or misusing their personal information. In total, 51% of consumers said corporate misuse of personal information is a bigger concern than a personal cyber attack (26% of consumers). Seventeen percent said they are concerned companies will use private information against them, while thirty-four percent are concerned about companies selling their private information.
Whether a company allows cybercriminals to obtain your personal information, or a company collects and uses your data without your knowledge or consent, it may be a violation of your privacy rights. Milberg helps the victims of cybercrimes enforce their rights and protect others. Speak to a data privacy attorney during a no-cost, no-obligation case review.
The Cost of Cybercrimes
Crimes that occur online have serious real world consequences. Cybercrimes are expected to cost global damages worth $6 trillion in 2021 and $10.5 trillion by 2025. If it were a country, cybercrime would be the third largest economy in the world.
The costs of internet crimes for business include damage and destruction of data, disruption of normal operations, embezzlement, forensic investigation, fraud, lost productivity, restoration and deletion of hacked data and systems, stolen money, theft of intellectual property, personal, and financial data, and reputational harm.
For individuals, cybercrime can cost them time and money spent trying to repair the damage, as well as emotional impacts, such as anger, fear, and paranoia, that crime victims typically experience. In addition, victims of identity theft can experience a wide range of negative impacts, from the inability to obtain loans and open new accounts, to employment and housing struggles, to nonstop collection agency calls about fraudulent accounts.
Growing Cyber Attack Surface
Cybercrimes exploded during the COVID-19 pandemic and show no sign of slowing down. The move to a cloud-based “working from home economy” was forced on many companies in a short period of time, but this shift reflects broader societal trends. Businesses of all sizes are becoming increasingly reliant on digital data, cloud computing, and workforce mobility. COVID-19 merely accelerated these trends.
In the cyber security industry, attack surface is the sum of all possible security risk exposures, across all hardware, software, and network components. More people joining the internet means more networked devices, more data, and more data stored in the cloud. And this growing cyber attack surface means more opportunities for cyber criminals.
The internet is nowhere near its full capacity. An estimated one million more people join the internet every day. From 2020 to 2030, the number of global internet users is expected to increase from 5 billion to 7 billion. By 2023, the number of networked devices on the planet will be three times greater than the number of people, predicts Cisco. One-hundred zetabytes of data (a zetabyte is equal to a trillion gigabytes) will be stored in the cloud by 2025. That’s expected to be half of the world’s data at the time—up from around 25 percent stored in the cloud in 2015.
Data is the fuel that drives the digital economy. Addressing CISOs (Chief Information Security Officers), CIOs, and CEOs from 123 companies in 24 industries, IBM’s President and CEO called data “the phenomenon of our time…the new basis of competitive advantage, and it is transforming every profession and industry.” If this is true, she said, “then cyber crime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
The risk of cybercrime to individuals is great, too. FBI statistics show that 2020 was the worst year on record for victims of internet crime in the U.S. In 2020, the FBI reported nearly 800,000 complaints of suspected internet crime—a massive increase of more than 69% from 2019—and losses exceeding $4.2 billion. However, this is likely just the tip of the iceberg, since the FBI estimates that only about 15 percent of fraud victims report the crimes to law enforcement.
Cyber security is not the responsibility of companies alone. Each internet user is responsible in large part for their personal online security. If you fell victim to an email phishing scam, gave out personal information to a job offer scammer, used an unsecure public network, or were the victim of another type of cyber crime that targets individuals, you may have nobody to blame but yourself.
But a data breach that targets an organization is different. Data breaches occur when cyber criminals penetrate a company’s cyber security measures, exposing confidential, sensitive, or protected information to an unauthorized person. When a data breach happens, it’s usually because a company lacked sufficient security, or somebody at the company breached security protocols.
Like other types of cybercrimes, data breaches are on the rise. In 2020 the number of breached records exceeded 37 billion—a 141% increase compared to 2019. Data breaches are becoming not only more prevalent, but more complex, pervasive, and damaging. They’re also getting harder to detect. It’s typical for a company that suffers a data breach to not become aware of the breach for many months. In fact, according to IBM, the average time to identify and contain a data breach is 280 days.
Biometric-based technology is emblematic of the promise—and potential privacy pitfalls—of emerging digital tech.
Biometrics is the use of a person’s unique biological characteristics, such as their fingerprint, voice, and facial pattern, to identify and authenticate them. Around 75% of U.S. consumers have used some type of biometric technology. Maybe you’ve used your fingerprint to access an online banking account, facial recognition to unlock your phone, or voice recognition to activate a home smart device. When you enable this type of security feature, the identifier you use (e.g. your fingerprint or facial features) is compared to data stored in a database to provide verification.
Biometrics can add convenience and safety, but they also raise serious data privacy concerns. Companies store your biometric identifiers as data, and this data, like other types of personal information, could be accessible to cybercriminals in a data breach. Compromised biometric data, though, is potentially more damaging than other types of data that is stolen, like a credit card number.
You can cancel an old credit card and get a new one. You can’t change your fingerprints. Once that information is compromised, it will never be completely secure again.
Identity theft is a major concern with biometric data. A cybercriminal who obtains your fingerprints, retina, facial, or voice data could use it to, say, access the building where you live or board an airplane. Since the number of applications for biometric data will likely increase, there’s no telling how, exactly, this security threat will evolve. But the prospects are scary enough to prompt questions about how biometric data is safeguarded.
Again, cybercriminals are not the only privacy risk. Consumers are concerned, and rightly so, about companies collecting, storing, and profiting from their biometric data. These concerns are reflected in new biometric data legislation. Illinois was the first state to pass a law regulating biometric data. Texas and Washington also have biometric privacy laws, and New York and Maryland are expected to pass laws. In states that have biometric privacy laws, consumers may be able to sue organizations that fail to handle their biometric data in the ways specified under the laws.
Milberg is leading the way in biometric privacy litigation. For example, we recently filed a class action lawsuit on behalf of Instagram users who claim that parent company Facebook is collecting users’ protected biometric data in violation of the Illinois Biometric Information Privacy Act.
Milberg’s Data Breach Lawsuit and Data Privacy Practice
Milberg’s Data Breach, Cyber Security & Biometric Data practice litigates class actions alleging massive data breaches and other violations of consumers’ personal and data privacy. Our data breach attorneys have spearheaded many highly technical cases, successfully advanced novel legal theories to protect consumers from ever-evolving cyber security and data privacy threats, and recovered hundreds of millions of dollars in compensation for data privacy victims.
Representative matters include:
- Served on the Plaintiffs’ Steering Committee in In re Equifax, Inc. Customer Data Breach Litigation. Equifax agreed to pay up to $700 million to consumer and states to settle this data breach class action—the largest ever settlement for a data breach.
- Appointed as one of five members of the Plaintiffs’ Executive Committee in a data breach lawsuit against Yahoo (In re Yahoo Inc. Customer Data Security Breach Litigation). The class action settlement created a $117.5 million fund to pay for credit monitoring services, identity protection, and out-of-pocket losses.
- Represented a class of over 10 million Target customers whose personal information was stolen or compromised. The case (In re Target Corporation Customer Data Security Breach Litigation) settled for $10 million and individual consumers could recover losses up to $10,000.
- Served as plaintiffs’ counsel in a data breach class action lawsuit against Anthem (In re Anthem, Inc. Data Breach Litigation) exposing the personal information of 79 million consumers. The settlement created a $115 million cash fund, delivered more than $500 million in value to the class, and required extensive injunctive relief to prevent a future breach.
- Acting as plaintiffs’ counsel, helped to secure a $3.4 million settlement on behalf of Wendy’s customers over a 2016 data breach (Torres, et al. v. Wendy’s International, LLC).
Talk To Our Cyber Security and Privacy Lawyers
Cyber security threats will continue to evolve and pose new risks to consumers. Milberg will be there every step of the way to protect consumer privacy and hold big companies accountable. Specific legal matters can be discussed with our data security lawyers during a free consultation.