Harmed By a Hacker

Q: I was a registered account holder with an e-business.  I signed up to utilize their social-networking application offered, and submitted my e-mail address and password in order to do so.  The website claimed to safeguard users’ personally identifiable information (PII).  “We use commercially reasonable physical, managerial and technical safeguards to preserve the integrity and security of your personal information.”

Despite this promise, it turns out that the business stored all PII in clear or plain text: they used no form of encryption, in order to prevent intruders from easily reading and removing our PII.  They failed to use hashing, or any other common and reasonable method of data protection.  In this way, the business made access available to even a small-fry hacker.

Sure enough, the site’s security flaws came to be actively exploited: through underground hacker forums, their database was breached.  At least one confirmed hacker managed to copy my e-mail and social-networking log-in credentials.

A: Suppose that the site’s privacy policy provides that the business “assumes no liability or responsibility for any unauthorized use of our secure servers.”  Your attorney will argue that the servers were not, in fact, secure.  This provision of the policy does not block your claim for breach of contract.

You will also need to prove damages or harm.  These damages must be ascertainable: an amount of money that can be determined at trial.  Sometimes, proving the damages can cost more than a lawsuit is worth.

By: Scott Baron,
Attorney at Law Advertorial

The law responds to changed conditions; exceptions and variations abound. Here, the information is general; always seek out competent counsel. This article shall not be construed as legal advice.

Copyright © 2011-2020 Scott Baron & Associates, P.C. All rights reserved. 159-49 Cross Bay Boulevard, Howard Beach, New York 11414 1750 Central Park Ave, Yonkers, NY 10710 718-738-9800, 914-337-9800, 1-866-927-4878