My data has been breached 3 times now, officially, AFAIK. (and more times unofficially) Can I even blame the breach sources at this point?
Is there any kind of legal standard of liability when a victim of a data breach suffers from someone exploiting their data? If you are only breached once, obviously it’s easy to point the finger to whoever leaked your data.
But I’ve been hit 3 times now. So all those shitty corps who sloppily handled my data can point the finger to each other. Would a court say the most recent sloppy custodian is responsible if my data is used against me? Or would it be the most reckless custodian? Or would it be equal blame? Or does everyone get off the hook when a victim cannot prove which leak leads to an exploit?
It’s a hypothetical question. Not saying my data was exploited after the breaches, but I wonder about the overall trend. What I’m getting at is there may be little incentive to actually invest in good data security because when a breach happens amid so many other breaches there is perhaps a diffusion responsibility.
It was always hard to point the finger. Basically the problem stems from the idea that for breaches there just are no significant repercussions for the parties involved. They pay for (or set up) some form of credit monitoring and then just go on about their merry way. In the event that they are held accountable at all it's usually something like a fine, which to the vast majority of these companies is less than a slap on the wrist. These corps consider it the price of doing business.
As someone who's data has been exploited (and who's data was actually leaked by breaching the federal government), I'm gonna say there's just not a lot to be done except doing your due diligence to change the PII you can change (locking your credit, monitoring credit reports, changing PII like your SSN or other ID number etc).
But I doubt even a class action suit would do much in most of these cases.