Financial penalties for data breaches

Consequences abound, lately, for major companies across industries.  Most recently, T-Mobile and Uber have had to face the music regarding their respective data breaches.  In the latter, Uber has admitted to covering up its 2016 data breach in testimony to the Department of Justice (DOJ), reaching a deal with the agency to escape prosecution.  The breach in question saw hackers exploit stolen credentials in order to access a private source code repository; from there they were able to expose the confidential data of 57 million customers, which included around 600,000 drivers’ license numbers.  Uber paid the hackers a $100,000 ransom for their silence and to delete the data.  Only a year later did Uber report the breach. 

Oddly, the company’s willingness to report the breach is cited for its exemption from prosecution, even though the public disclosure only came a year later.  More compelling might be Uber’s agreement with the FTC in 2018, and especially a $148 million fine to settle civil lawsuits.

Overall, the situation could’ve been a lot worse for the ride-sharing service, who nevertheless incurred some embarrassment and financial damages.  T-Mobile has now also reached a settlement for a data breach it had in 2021.  Nearly 80 million US residents had their information compromised in the breach – including more drivers’ licenses and Social Security numbers.  Unlike Uber, T-Mobile claims no negligence in the incident.  The carrier’s CEO instead has stated measures were being taken to prevent recurrences.  The settlement T-Mobile has reached in the class action suit extracts a $350 million penalty, along with $150 million to be budgeted for data security spending over the next two years.

These are decent enough sums for businesses of Uber and T-Mobile’s scale, though nothing they can’t afford (indeed, T-Mobile expects to record around $400 million in the second quarter of 2022).  Smaller firms, which lack the resources of larger organizations, will find themselves in more dire straits should they face their own fines for data breaches.  Maintaining both a solid reputation with customers and financial health demands that organizations take all measures available to secure their data from compromise.

Companies can go further to protect their data and mitigate financial penalties by being in compliance. While this doesn’t necessarily mean full protection against bad actors, it goes a long way against potential fines for leaving data exposed. 

NetLib Security’s data security platform simplifies the process and takes the guesswork out of meeting the ever-changing compliance paradigm. We provide the key components for the standard protection protocol necessary for businesses to meet compliance requirements for PCI, GDPR, HIPAA Omnibus/HiTECH and FIPS 140-2 across the enterprise from physical, virtual and cloud environments.

In addition to securing data for large, medium and small organizations and government agencies, we also enable application developers to make their applications compliant while protecting their intellectual property and distributed applications. We help you simplify security for stored data and assist in becoming compliant.