As if getting hacked isn’t bad enough, customers and employees can sue your organization for not providing better computer security.
Lawsuits are building against companies that have been shut down when hackers seized their computer systems and demanded ransom.
The suits allege suffering caused to individuals and businesses when suppliers stopped working while they dealt with ransomware.
One example is Colonial Pipeline, the company whose network of fuel pipes was shut down last spring by ransomware.
A class-action lawsuit by gas stations and convenience stores says their businesses sustained major losses during Colonial’s shutdown. In another class-action lawsuit against Colonial, consumers say they had to pay higher gas prices when the pipeline was shut down.
And a San Diego based hospital system, Scripps Health, is being sued after it was hit by a ransomware attack.
Cybersecurity lapses at major companies already have led to big class-action lawsuits and settlements in the hundreds of millions of dollars, The Washington Post reports.
Target, a national retailer, paid $10 million to consumers and $39 million to banks after hackers stole personal information in 2013. Home Depot also made a settlement with shoppers whose credit card info stolen was from the home improvement store’s computers.
The proliferation of ransomware and lawsuits mean companies could be liable for injuries sustained by a company’s clients and vendors.
Lawyers are targeting companies for not having better security, said John Yanchunis, a class action lawyer with Morgan and Morgan.
Cyber-security protections at many companies are lacking, he told the Post.
“One thing they have not done and one thing they’re not good at is protecting their information system because it costs money, and it’s not money that goes to increase profit,” he said.
Even if the company feels it can win the case, it often will settle rather than go to court.
“Even if you’re going to win it’s a lot cheaper to settle than it is to fight,” Daniel Solove, a law professor, told the Post.