Data Breaches Continue to Challenge Consumer Law
A data breach occurs when a hacker breaks into a corporate network to steal consumer information. Some breaches make national news, such as attacks reported by Target and Home Depot in recent years. Other victims, smaller companies that still collect and store data from their customers, have been reporting data breaches with greater regularity.
Target and Home Depot
As each new data breach is reported, two companies are frequent points of reference: Target and Home Depot. In 2013, Target’s database was hacked, affecting over 40 million customers. Banks lost millions of dollars reimbursing consumers, which led to multiple settlements paid out by the retail giant. In March 2015, a class action lawsuit filed by customers was settled for $10 million. Then, in August of that year, Target settled with Visa for $67 million. By the end of that year, the company agreed to a $39 million settlement with a group of banks that service MasterCard.
The number of Home Depot cardholders impacted by its data breach was reported to be over 50 million, surpassing Target as the largest retail data breach in U.S. history. Expecting to pay over $161 million for the consumer settlements and expected insurance proceeds, Home Depot hired a chief information security officer to oversee a two-year period of data security improvement. All legal fees and related costs accrued by affected customers have been paid by the company. Additional safeguards and improvements are still being pursued by both companies.
How does it work?
Hackers sell the information they steal on the “Darknet.” As the name implies, the Darknet is the dark or hidden side of the internet. You cannot reach it via Google or Bing. After criminals acquire your information, this is how they actually make money:
- Hackers sell payment card information in bulk to brokers. Brokers in turn sell to “carders.” Carders are cyber-criminals who buy, sell and trade the credit card information stolen from these massive retail data breaches.
- Carders use the stolen payment information to buy pre-paid credit cards. Pre-paid credit cards are used to buy gift cards to stores like Amazon or Best Buy. Big-ticket electronics tend to be the purchase of preference. Those items are ultimately sold on sites like ebay or Craig’s List.
- The above process ensures that by the time authorities can track and block the stolen information, the criminals are already making purchases with the gift cards. In order to make sure that no trail leads back to them, carders will ship whatever they re-sell to a “re-shipper,” who will then ship the goods to their final destinations.
Credit card companies have since responded with alternative methods of payment and improved security measures. There is the chip-and-PIN card, which requires users to insert their card, rather than swipe it. The end that gets inserted has an embedded security chip. Other businesses are accepting payments from “virtual wallets” via mobile devices, such as Apple Pay or Google Wallet. Despite these efforts, the attacks continue. Earlier this year, fast food chain Arby’s reported that malware found in their cash registers may have resulted in the breach of over 355,000 credit and debit cards. If you suspect you have been affected by a data breach, contact the Law Office of H. Benjamin Sharlin LLC for a free initial consultation with an experienced consumer law attorney.
Please be advised that this blog is for informational purposes only, is not legal advice and does not create an attorney-client relationship.
The Law Office of H. Benjamin Sharlin LLC
is owned and operated by H. Benjamin Sharlin and serves all of Mercer County, New Jersey and the surrounding areas. Mr. Sharlin is a bilingual Spanish-speaking attorney who vigorously represents the interests of all his clients.
Call (609) 585-0606 or click the button below to schedule an appointment