florida – Following ransomware attack at Beaches Energy in Jacksonville Beach, News4JAX I-TEAM discusses consumer rights when personal data is stolen from a trusted company and what state laws require companies to do after a breach We investigated that.
Related: Leader of ransomware group that attacked Jacksonville Beach threatens further cybercrime
Credit reporting company Equifax has agreed to pay $575 million to the FTC and its customers following a cybersecurity breach in 2019, making it the largest data breach fine ever imposed on a U.S. company. They became one.
Investigators say the company failed to patch a critical vulnerability, resulting in the data breach of 150 million customers. The FTC also found that Equifax did not notify the public of the breach until weeks after the attack.
April Jones, who is concerned about hacking, said companies should be held accountable.
“Security is now so easy that companies should do more to secure it,” Jones said.
Although the ransomware attack on Jacksonville Beach residents was small compared to the attack on Equifax customers, attorney Shannon Schott said citizens can still take legal action against cities and local governments. , said there are limits.
“If you want to sue a government agency, it becomes very complicated because government agencies have what's called sovereign immunity,” Schott said. “To obtain the right to sue, certain conditions must be met, such as filing certain notices and complying with various laws and local ordinances. And once that right is established, the sovereign There are statutory caps on group recoveries, so the compensation available to you may only be up to $200,000.”
Schott said that under the Florida Data Protection Act, both public and private companies are required to notify customers within 30 days of a data breach. He said hacked companies must inform affected customers of the size and scope of the breach and the personal information stolen, or face fines.
Schott said individuals can take legal action against companies like AT&T, which recently reported a cybersecurity breach of more than 75 million customers, but only if they can prove the negative impact they are experiencing. He said it would not be possible.
She added that seeking financial relief in a class action lawsuit, where hundreds of people are suing at the same time, is more complicated. She also said accepting free credit monitoring services from companies could water down victims' cases.
“When a company sends you a notice, it may offer to resolve any claims or causes of action you may have as a victim of this infringement,” Schott said. “Whenever you receive an offer to settle a case, it is prudent to have it reviewed by an attorney. Particularly if significant harm has been caused in connection with the violation, it is prudent to waive your rights in connection with any cause of action against the entity.” That led to the data breach. ”
Schott said owning a social media company like Meta that requires users to sign a contract is a completely different animal legally. Experts said protections for businesses are often hidden in the fine print of consumer contracts. He said more needs to be done to protect consumers at the federal level.
“Our legislators are really leaving it up to us when it comes to protecting our data, which creates a lot of personal responsibility. And I hope you, too, keep in mind the worst-case scenario that could happen.” Schott said.
Lawyers said it's important for consumers to read the fine print of contracts they sign that require them to share personal information. Shareholders and managers can also seek financial settlements if company information is leaked, but they must be able to prove financial loss and reputational damage.
WJXT News4JAX Copyright 2024 – All rights reserved.
