Apparently there've been an onslaught of law suits resulting from the massive number of data breaches, and while I have no issue whatsoever with a company looking for actual damage --injury to a customer --meaning a customer can show that a loss of their privacy data actually cost them money, reputation, etc... I do have a problem with lawyers looking for the simple out by claiming that the stores owed legal or contractual obligations to protect a customers data.
So my question is this... is this legal wrangling or they really believe and practice this?
If this legal tract is real (I've not read the transcripts), this sets bad precedent. In this case both companies settled but still paid. Unfortunately there are many more breaches that I'm sure will end up in court with leagues of smart(er?) lawyers who'll figure out how to make effectively utilize this defense.
At the same time, at the other end of the legal spectrum, there's a movement afoot in the UK to hold CEOs legally responsible for ensuring that baseline controls are in place to ensure the security of computer-based data --which of course, is just about everything.
I'm keeping this short today. Heading out to WV to fly fish the Potomac with a friend. It's 5:30AM, so please forgive any typos. I attempted to get this written earlier in the week but...
Also, please have a look at the Wapack Labs blog. We've been posting analytic executive summaries. If we have indicators for the stories, we'll give you the link to either our own indicator database, Threat Recon, or our Soltra Edge location where you can pull indicators. It's a new form of publish for us. I'd love to hear your feedback.
So, until next time, I'm "Gone fish'n!"
Have a great weekend!