In the wake of high profile ransomware attacks, major companies like Colonial Pipeline and San Diego-based hospital system Scripps Health are facing major class-action lawsuits, exposing the reality that companies and organizations that are hacked are no longer just on the hook for reimbursing people who had their data stolen, but could now also be liable for all kinds of damages that go well beyond a heightened risk of identity theft or credit card fraud, reports the Washington Post. Cybersecurity lapses at major companies have led to class-action lawsuits and settlements in the hundreds of millions of dollars.
Retailer Target paid $10 million to consumers and $39 million to banks after hackers broke into its systems and stole personal information in 2013. Home Depot brokered a similar settlement with shoppers who had their credit card information stolen from the home improvement store’s computers. Meanwhile, the level of cybersecurity protection at most firms, even giant ones that handle information on millions of people, is still not where it needs to be and, after years of repeated hacks, more courts have begun to recognize that cybersecurity lapses can hurt real people in real ways. And while legislators are debating potential solutions, such as dissuading victims from paying hackers by providing them with government money to rebuild their networks, the potential for lawsuits will keep growing as ransomware attacks do. And if lawyers can reasonably show that a company made some kind of mistake in protecting its system, victims will have an avenue to sue.