Feel like you're personal information is under attack, and nobody is doing much to protect it? We hear you.
According to a report by the Identity Theft Resource Center (ITRC), there were 719 data breaches reported in the U.S. in the first half of 2017. That's a 29% increase over the same period as last year, well on pace to eclipse 2016's record tally.
However, a recent U.S. Court of Appeals decision is being seen as a victory against companies that are failing to safeguard their customers' personal information.
The CareFirst Decision
Health insurer CareFirst was the target of a cyber attack in 2014 that resulted in the theft of up to 1.1 million customer records. Some of the affected customers sued CareFirst, and lawyers sought to bring a class action suite against the company.
In May 2016 the DC Federal District Court ruled they couldn't prove harm and dismissed the case. But in August the D.C. Circuit Court of Appeals found that just the risk of future identity theft was enough to bring the consumers' case against CareFirst. This was the second victory for consumers against companies claiming that there was no provable harm done after the Third Circuit U.S. Court of Appeals earlier this year ruled for the plaintiffs in a suit against Horizon Healthcare Services in a similar data breach case.
These two rulings suggest some courts are starting to understand the potential long-term damage that can be caused by the loss of personal information. One big caveat: It remains to be seen if or when the U.S. Supreme Court will revisit this issue. In 2015, the U.S. Supreme Court ruled in Robins vs. Spokeo that the plaintiff, Thomas Robins, could not sue Spokeo, a company that had published his personal information, because he couldn't show that he had suffered any actual harm at the time of the case.
For now, consumers have legal precedence to sue companies that have lost their personal information to hackers. More importantly, the potential expense of these lawsuits will be a financial incentive to companies to safeguard your personal information.
In the meantime, be vigilant about looking for red flags that your identity is in someone else's hands, including:
- Monitor your accounts and statements for any information that looks off.
- Check your credit report regularly to see if inquiries or new accounts appear that you don't recognize.
- Use strong passwords and change them if you feel they've been compromised.
- Consider an online product to help you protect your identity and monitor your credit.
- Know how to respond immediately to suspicious activity.
By staying on top of potential issues, you can help minimize the impact if your personal information does fall into the wrong hands.