Greenbaum, Rowe, Smith & Davis LLP Client Alert
9.21.17

The Equifax breach of consumer data, as has been widely reported in the media, may have exposed the sensitive personal information of as many as 143 million people in the United States, along with the credit card accounts and related documents of many customers.  The breach exemplifies the potential scope and damage a cyberattack may have on both companies and individuals. 

Every company should use the Equifax breach as a learning experience in order to sufficiently plan to protect itself from cyberattacks.  The current adage concerning cybersecurity breaches is that there are three types of companies:  (1) those that have been hacked, (2) those that don’t know they have been hacked, and (3) those that will be hacked. 

A company’s data can be breached intentionally (e.g. disgruntled employee, nation-states, hacktivists) or unintentionally (due to inadvertent disclosure by an employee or independent contractor).  Every company should be aware of the following:

Issues related to cybersecurity bring innumerable complex issues into play, and there is no one-size-fits-all solution.  Planning should involve a coordinated effort by the company’s IT advisors, a cybersecurity forensic firm and legal counsel to establish the maximum level of cybersecurity protection. 

Individuals who believe their personal information may have been compromised due to the Equifax breach are advised to review the official guidance of the Federal Trade Commission (FTC) which can be accessed at: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do.

If you have any questions regarding the issues outlined in this Alert, please contact the authors, Matthew J. Schiller, Peter B. Phillips and Mitchel S. Kay, members of our Cybersecurity, Privacy & Data Protection Practice Group.

Attorneys