EPIC.org is joining those who believe that victims of the PayTime data breach should not have had their lawsuit dismissed for lack of standing. EPIC has filed an amicus urging a federal appeals court to overturn a decision that limits the ability of data breach victims to sue. The plaintiffs sued a payroll company after their Social Security Numbers and other identifying information were exposed. A lower court dismissed the case because fraudulent transactions had not yet occurred. EPIC argued that data breach victims can sue without having to wait for specific damages. EPIC cataloged the epidemic of data breaches in the US, and explained why companies should be liable when they fail to protect the consumer data they collect. EPIC regularly files briefs defending consumer privacy.
Matt Miller reports: Saying no legally compensable injuries have yet occurred, a federal judge Friday dismissed two would-be class-action lawsuits filed over last year’s massive data breach at the Paytime Inc. national payroll firm. The clients who sued the Cumberland County-based Paytime had sought financial damages for what they claimed was the threat they face of identity theft due to the April 2014 breach by unknown hackers. They contended that about 233,000 Paytime clients were put at risk nationwide. Also, the clients claimed in their suits that Paytime, which offered free credit monitoring and identity restoration services to those affected, had delayed informing them about the breach. Read more on PennLive.
It was only a matter of time, right? idRADAR has the story and a copy of the complaint.
WITF reports that the Paytime breach affected even more than previously disclosed: Cumberland County-based Paytime says as many as 233,000 people may be affected by a data breach. The payroll processor distributed about 88,000 W-2’s in 2012, but says in a filing with the North Carolina Attorney General that dependents and spouses information may have also been accessed. Read more on WITF, where they’ve posted an updated statement from Paytime.
When we think about consequences of hacks or breaches, let’s not lose sight that people may lose their jobs simply because their data was caught up in an incident – even if there was no evidence that their information was misused. idRADAR.com has a good example of that in the aftermath of the PayTime hack. They previously reported other examples of how becoming a victim of hack can cost security clearance and/or jobs, with a follow-up on one such case.