By Joseph D. McClendon
Experian’s most recent earnings report shows that it has spent $20 million to date on its response to the September 2015 data breach that exposed the personal information of nearly 15 million wireless carrier customers. The exposed information included names, addresses, birthdates, social security numbers, driver’s license numbers, and passport numbers – all information Experian uses to process credit checks as part of the customer registration process. The $20 million spent so far on notification and credit monitoring for affected individuals may only be just the beginning of Experian’s financial woes – the credit monitoring firm still has several pending class action lawsuits to manage as well as cooperating with the government’s investigations in to the matter.
The Experian data breach is yet another in a long list of information security lapses that have affected tens of millions of individuals in 2015. Similar to other recent high profile breaches, Experian may be liable for tens of millions of dollars, even after insurance payouts, for its role in leaking personally identifiable information to unauthorized third parties. The vastness of breach-related damages, in addition to losing customer and shareholder confidence, underscores the need for companies to be vigilant about being proactive with their information security practices. Information security must be a pillar on which a company operates – it cannot be a secondary or collateral issue.
Polsinelli attorneys understand how important cybersecurity should be to a business. Whether your company is an established Fortune 500 business with an adaptive cybersecurity policy or a startup with no plan in place, Polsinelli's Technology Services practice has the experience to coach your business on the importance of having, creating, and following a robust cybersecurity policy. For more information, please contact the authors, a member of the Technology Services practice, or your Polsinelli attorney.