Recently, Target agreed to pay $39 million to financial institutions including MasterCard and banks, linked to a data breach in which hackers obtained access to 40 million credit and debit card numbers. According to reports, Target allegedly knew about the data breach for 12 days but failed to take appropriate action on it. According to EndGadget (12/2/15), Target has already agreed to pay $67 million to Visa and $10 million to individual consumers who were affected by the breach.
Lawsuits were filed by individuals against Target in 2013, alleging consumer information was stolen between November 27 and December 15, 2013. Plaintiffs claimed Target was negligent in failing to implement and maintain reasonable security measures to protect customer information. In 2015, a settlement was announced, with customers who have documentation of their losses being eligible for up to $10,000 in damages. Customers who cannot document their losses will be paid out of the remainder of a fund.
Meanwhile, Wyndham Hotels and Resorts has agreed to settle claims from the FTC that the company “unfairly exposed the payment card information of hundreds of thousands of consumers to hackers in three separate data breaches,” according to a news release from the FTC. The settlement does not require Wyndham to admit liability, nor will Wyndham have to pay damages to the FTC.
Rather, the settlement requires the company to “establish a comprehensive information security program designed to protect cardholder data - including payment card numbers, names and expiration dates.” Wyndham will also be required to conduct yearly security audits.
READ MORE DATA BREACH LEGAL NEWS
According to the FTC’s initial complaint, Wyndham failed to take security measures, including firewalls and network segmentation, and complex user IDs. More than 500,000 payment card accounts were reported compromised in the data breaches.
Consumers whose personal information is compromised due to inadequate security measures on the part of businesses or other organizations may be able to file a lawsuit to recover money lost to fraud or damages linked to identity theft.