Go to Content

July 7, 2016

Data Breach: Who Becomes Responsible After

You find out about the escalating expenses of data breaches all the time, however, who’s economically responsible for all those expenses?


According to Federal Trade Commission info, a consumer’s liability for the unauthorized usage of their credit card tops out at $50 while a consumer might be out of pocket for as much as $500 or more, for a debit card breach depending upon how quickly the problem is reported.

Banks/Card Issuers?

Issuing financial institutions usually have to spend for fraudulent charges made on compromised cards. However, banks may sue the retailer/merchant for making use of inadequate information security systems. At the same time, some banks are being contacted for their slow shift to the more breach-resistant chip-and-pin EMV innovation.


A federal judge just recently– and surprisingly– authorized a suit by financial institutions that might put more of the breach cost onto retailers. It pertained to a big retail breach that happened in 2013. “The seller played a vital role in allowing the harm to happen,” ruled U.S. District Court Judge Paul Magnuson. According to a scmagazine.com story, the court is recommending that if a seller has a duty and breaches that duty, it is likely to need to take care of the resulting damages. “The balance is definitely shifting on companies to supply reasonable security,” stated an industry viewer in the story. Remarkably, a current Information Breach Survey showed that 61 % of consumers say retailers accountable for data breaches; 70 % of state sellers should be held economically responsible for consumer losses that arise from a breach.


After an information breach, a business typically takes care of informing clients, credit monitoring services, and processing claims for damages. It might also need to employ a crisis response consultant and other specialists, and information breach fines may have to be paid. The 2014 Cost of Information Breach Research study: the United States revealed the average expense for each lost or stolen record was $201; the overall typical expense paid by organizations was $5.9 million.

A threat knowledge specialist priced quote in the SC Magazine story had this to state about monetary obligation: “If a company or a company has taken reasonable steps in terms of security architecture and best practices and have encountered that reasonableness standard, there has to be some hearty discussion regarding where those organizations are still accountable.”

Here are info security recommended practices:

Cookie Policy

We use cookies and other tracking technologies to ensure you get the best experience on our website, assist with navigation, analyze your use of our services, and assist with our promotional and marketing efforts. If you continue without changing your browser settings, you are providing consent to our Cookie Policy. Click here to learn more about our privacy policy.