Washington State Consumers
I read an interesting post earlier today on one of WSJ’s blogs. It admitted that the pendulum has swung in favor of consumers in data breach cases. While defendant companies continue to get cases bounced on the flawed premise that no its data breach victims have not suffered any “actual harm,” more courts are sympathetic to the consumers.
Two big cases come to mind. One is the Wyndham data breach case (FTC brought the action). This past August, the Third U.S. Federal Circuit Court ruled against Wyndham, finding that the FTC can take action against organizations that adhered to poor IT security practices.
Several weeks before Wyndham was decided, the U.S. Court of Appeals for the Seventh Circuit reinstated a data breach case against Neiman Marcus. Why? It found that the risk of harm was enough to establish standing. The 350,000 affected customers “should not have to wait until hackers commit identity theft or credit-card fraud in order to give the class standing,” the court ruled.
The Seventh Circuit, however, reinstated both types of claims – those who had incurred expenses tied to the Neiman Marcus hack, and those who feared identity theft in the future. Chief Judge Diane Wood pointed out that a breach victim’s fear of hackers in the future is not too “speculative” for a day in court.
Wood asks: “Why else [other than to cause harm] would hackers break into a store’s database and steal consumers’ private information?”
WA AG Ferguson urges T-Mobile customers “…to take immediate steps to determine whether you have been a victim of ID theft, and to protect your information going forward,” he said in a statement offering advice to affected consumers.
According to T-Mobile and the credit-reporting company Experian, the breach compromised data that was used by T-Mobile to run credit checks of individuals who applied for T-Mobile services from Sept. 1, 2013, through Sept. 16, 2015. Unauthorized access was gained to Experian’s servers, exposing data including name, address, birthdate, Social Security number, other ID numbers (such as driver’s license, military ID, or passport numbers), and additional information used in T-Mobile’s credit assessment. An estimated 15 million consumers nationwide may have had their data compromised. Experian plans to notify affected consumers.
The Attorney General’s Office offers affected consumers the following advice to guard against identity theft.
- Monitor your credit reports. You are entitled to one free credit report every 12 monthsfrom each of the three nationwide credit bureaus (Equifax, Experian and Trans Union). You can request one free report from a different bureau every four months to monitor throughout the year.
- Consider placing a “fraud alert” with each of the three credit bureaus. An alert does not block potential new credit, but places a comment on your history. Creditors should contact you prior to opening a new account.
- Consider placing a “security freeze” with each of the three credit bureaus to prohibit the release of any information from your reports. A security freeze can help prevent identity theft since most businesses will not open credit accounts without checking a consumer’s credit history first. This increases the likelihood that if an ID thief tries to open a new account under your name, they will be denied.
- Beware of unsolicited calls or emails offering credit monitoring or identity theft services. Consumers should never provide their Social Security number, credit card numbers or other personal information in response to unsolicited emails or calls.
If you find unexplained activity on your credit reports, or if you believe you are the victim of identity theft, check these resources for information on steps you can take to protect yourself.
- Review the Attorney General’s ID theft website.
- Review the Federal Trade Commission’s ID theft website.
This entry is republished from an Oct. 9, 2015 blog entry at http://nw-injurylawyers.com/.