Employers Liable for Employee Personal Info Leak

Back in 2014, the University of Pittsburgh Medical Center confirmed a data breach that release that caused over 60,000 employees’ personal information to be released. Hackers then used that information to file and receive fraudulent tax return monies.  Employees sued the company, but the case was discarded from lower courts.

Now, the Pennsylvania Supreme Court has reinstated the case. “An employer has a legal duty to exercise reasonable care to safeguard its employees’ sensitive personal information stored by the employer on an internet-accessible computer system,” states the Court. So what does this mean for you as an employer?

When hiring an employee, employers collect a large sum of sensitive personal information. Things like social security numbers, date of births, driver’s license, and insurance information are just a few examples.  If this information is stolen, you may very well be held responsible.  AN IBM study this year found that the average total cost of a breach ranges from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records.  Your company is more at risk for a data breach of at least 10,000 records than you are at risk to catch the flu.

These numbers hammer home the point that security needs to be the number one priority for any company. Employees are still the biggest infiltration point.  Phishing and social engineering are still the lead attack methods in 2018.  The best defense is to make your employees part of your security plan with Security Awareness Training. Security Awareness Training provides employees with the education necessary to identify fake emails, fake websites, and scams.

Contact us today to get started on a Security Awareness Training today!