Proving liability in a data breach

[professional inquiries]

Jurisdiction

California

Is there any recourse if a company leaks your information, if you don't know of / can't prove where exactly the information has been leaked? When information is leaked, the aftereffects may not be known for multiple years. So if the data that is leaked could cause you significant financial hardship and other difficulties, is there a way to sue the company for this? Isn't proving causation difficult because if our data shows up somewhere say, five years from now, you have no way of knowing if it was caused by this known leak or some leak you don't know of?

 

[adjusterjack]

Anybody can sue anybody for anything.

If you sued for information leaks the burden would be on you to present evidence as to who did what when. If you couldn't, you lose.

Is this something that has happened to you? Details count.

 

[zddoodah]

Is there any recourse if a company leaks your information, if you don't know of / can't prove where exactly the information has been leaked?

What information?

Please describe what happened. Don't include names.

When information is leaked, the aftereffects may not be known for multiple years.

Perhaps - especially when one doesn't know what "information" was leaked or the relationship between the company that leaked the information and person whose information was leaked (or even what "leaked" means in this context).

is there a way to sue the company for this?

Anyone can sue anyone for anything.

Isn't proving causation difficult. . . ?

Maybe.

 

[welkin]

Is there any recourse if a company leaks your information, if you don't know of / can't prove where exactly the information has been leaked?

I assume that you are speaking about your identity, SS#, credit cards, and bank and brokerage accounts from what you posted. But I don't know what you mean by leaked.

The vast majority of leaked information is from companies that get hacked. That information is then placed on the Dark Web where persons buy it to use in trying to steal money from individuals. The most recent mass data breach happened last month where AT&T was hacked, and 7.6 million customers had their personal information compromised. AT&T set up a website where you can go and find out if your data was included so you could take steps to combat the breach.

The best way to protect your identity; your SS#, and your banking information is to sign up with one of the 3 credit reporting companies to watch your accounts. Some, like Equifax, even routinely search the Dark Web for the information you give them (email address, CC#'s, SS#, and bank and brokerage accounts). You should also have your credit report locked so that no new accounts can be opened without the institution calling you first to verify that you are the person they are dealing with.

I use Equifax and cost about $125.00 a year. They found my primary email address for sale on the Dark Web and alerted me to it. For months, I was receiving (hundreds/per month) spam and phishing emails that I would just delete without opening until it finally stopped.

 

[professional inquiries]

@zddoodah @adjusterjack Is there a way to give more details privately? I see this forum lacks the function to edit or, preferably, delete posts so that information posted isn't accessible for millennia.

 

[adjusterjack]

You should be able to edit and delete your own posts. If not, and you want anything edited or deleted just ask for it in your post or send me a message.

 

[zddoodah]

Is there a way to give more details privately?

You can send private messages, but I won't respond substantively to such messages. Not sure why you can't just provide basic details of the issue.

 

[Redemptionman]

sure you can look for class action lawsuits against those companies, during the equifax thing a class action was filed and iirc they mailed me a check for $34.xx and some change.

YMMV though,