Data Breach Lawyer

 

How to Recover Damages When a Company’s Lack of Cybersecurity Compromises Your Private Information

 

You could face harsh and long-lasting consequences if a data breach invades your privacy and reveals your personal information. For example, identity theft is a common consequence of a data breach and occurs with roughly 65 percent of victims.

 

The statistics of data breach incidents are equally unsettling. 2024 was a record year regarding the total number of reported data breaches and the sheer volume of impacted personal data. Notable data breaches in 2024 include:

 

    • National Public Data (NPD) data breach that potentially impacted nearly three billion records.

 

    • Change Healthcare suffered the largest health-related data breach of the year, impacting over 100 million patient records. This could make it the largest healthcare breach in history.

 

    • AT&T suffered two significant data breaches that may have exposed the personal data of more than 110 million customers.

 

Approximately 68 percent of data breaches in 2024 involved some form of human error, such as falling for phishing scams. For context, a phishing scam is a type of online fraud where a threat actor sends an email, text message, chat message, or calls from what appears to be a legitimate source (like a credit card company, bank, or lender), to trick you into giving them sensitive personal information like passwords, credit card numbers and expiration dates, or social security numbers, to steal their identity or money.

 

The scope of a data breach can be wide-ranging and impact not just the personal data of adults but also the data of children and teenagers.

 

Large companies often fall short in safeguarding consumers’ personal data, which heightens your risk of falling victim to identity theft, fraud, and other harms and losses. The types of personal data most at risk and most sought after by cybercriminals include:

 

    • Social Security number
    • Driver’s license or passport
    • Financial information
    • Passwords and login credentials
    • Medical/health records that include HIPAA-protected health information
    • Biometric data

 

If a data breach compromises your personal information and data, you’re at an increased risk for identity theft. More importantly, you may have a viable civil action that allows you to recover money for your losses. Or, you may join a class action lawsuit that has already started. 

 

How a Data Breach Can Occur

 

Below are examples of methods and tactics used by cybercriminals to access your confidential information.

 

    • Hacking Attacks: Hacking means obtaining unauthorized access to information through a computer. Hackers (also known as threat actors or cybercriminals) take nefarious steps to access online databases and networks to exfiltrate the personal details of anyone found in a hacked database. 

 

    • Malware: Short for malicious software, cybercriminals can install malware over a network onto a victim’s device or database. From there, the malware program can wreak havoc, including scouring the device for private data.

 

    • Ransomware: Ransomware is malware that blocks you from accessing a device (via encryption) unless you pay a ransom (often in bitcoin or crypto currency) to the party controlling the program. Usually, a “trojan” delivers the ransomware. An example of a “trojan” is a file that seems harless but that installs malicious software when you open the file or program.

 

    • Online Systems That Lack Proper Security: Cybercriminals try to identify companies that have lax cybersecurity protocols and seek to exploit those weaknesses. This is a big reason why companies must update their online security systems often to guard the personal data of consumers, patients, clients, students, etc. However, not every company immediately conducts these necessary security updates, which increases the risk of a threat actor exploiting vulnerabilities.

 

These are just a few of the most common causes of data breaches; there are many others.

 

If you were the victim of a data breach, contact Corey Pollard Law today. I am an experienced data breach and cybersecurity lawyer in Richmond, Virginia, who understands the impacts of a significant data breach and can advise you of your legal options in the wake of a data breach. 

 

When a Company is Responsible for a Data Breach

 

If a cybercriminal accesses a company’s databases and customer information is compromised, that company may be liable in certain situations.

 

For a viable data breach lawsuit, you need evidence indicating the company that owned or possessed your data acted negligently. A few of the ways you can hold a company liable for a data breach include the following:

 

    • The company failed to maintain a security system as required by state or federal law

 

    • The company did not try to mitigate the harms of the data breach once it discovered its failure or the cyber attack.

 

    • The company failed to issue timely notice about the data breach.

 

Generally speaking, companies must protect the personal data of their customers, patients, students, etc., against third-party cyber attacks. You may hold these companies accountable for a data breach incident if they fail to protect your data adequately.

 

Virginia’s Data Breach Notification Law

 

A state law or regulation may obligate companies to issue breach notifications to impacted individuals when a data breach occurs.

 

Under Virginia Code Section 18.2-186.6, a data breach means an unauthorized access and acquisition of unencrypted and unredacted computer data that compromises personal information.

 

Notably, the definition of “personal information” is relatively narrow. Specifically, “personal information” is defined as your first name or first initial and last name in combination with and linked to any one or more of the following data elements:

 

    • Social Security number
    • Driver’s license number or state identification card number issued instead of a driver’s license number
    • Financial account number, or credit card or debit card number, in combination with any required security code, access code, or password that would permit access to a resident’s financial accounts
    • Passport number.
    • Military identification number.

 

This narrow definition means a company may not have to notify you of a data breach if a cybercriminal discovers only your name. The breach must involve your name AND another identifier. 

 

When a data breach occurs in Virginia, companies must notify impacted individuals “without unreasonable delay” following discovery or notification of the breach. The data breach notice must include a description of the following:

 

    • The incident resulting in the breach
    • The type of personal or medical information subject to unauthorized access
    • What the individual or entity has done to protect personal or medical information from further unauthorized access
    • A telephone number that the person may call for further details and help
    • Advice that directs the person to remain vigilant by reviewing account statements and monitoring free credit reports

 

Virginia’s data breach notification statute allows an injured person to recover economic damages through a civil action.

 

Recoverable Damages in a Data Breach Lawsuit

 

If you hire a Richmond data breach lawyer, they can assist you in filing a data breach lawsuit. You can use this civil action to hold a negligent company accountable for your damages. Types of recoverable damages in a data breach lawsuit include:

 

    • Direct Financial Losses: This category of damages generally covers any out-of-pocket expenses you incurred due to the data breach, such as unauthorized credit card or bank account charges.

 

    • Identity Theft and Fraud-related Costs: This category of damages includes expenses related to identity theft, such as credit monitoring services, legal fees, and costs associated with reclaiming and restoring your identity.

 

    • Loss of Income: If the data breach adversely impacts your income due to fraud or identity theft, you may be able to seek compensation for the wages you would have earned.

 

    • Emotional Damages: You may also be eligible for non-monetary damages intended to compensate you for emotional distress, loss of privacy, and other intangible harms from the data breach.

 

But remember, the availability and extent of damages vary depending on the facts of your particular case. 

 

Benefits of Hiring a Richmond, Virginia Data Breach Lawyer

 

A knowledgeable and skilled data breach and cybersecurity lawyer in Richmond can play a significant role in protecting your rights and interests regarding issues related to a substantial data breach.

 

If you hire a Richmond data breach attorney, here is a sampling of the key responsibilities and actions they will take on your behalf:

 

    • Compiling and Reviewing Evidence: Your Richmond data breach lawyer will gather and analyze evidence to support your case, which may include documents, digital records, witness statements, and expert testimony.

 

    • Negotiation and Settlement: Many data breach cases terminate through negotiation and settlement. Your data breach lawyer in Virginia will work with your opponent to reach a fair settlement that adequately compensates you for your harm and losses.

 

    • Taking Your Case to Trial: If you do not agree to a settlement with the company that failed to protect your data, or if it’s in your best interest to go to court, your Richmond data breach attorney will proactively initiate and manage the litigation process, which includes filing legal pleadings, presenting your case in court, deposing individuals, and advocating for your rights.

 

Have Questions About Your Legal Options Following a Data Breach? Contact an Experienced Data Breach and Cybersecurity Lawyer Today

 

If you are a Virginia resident who received a data breach notification from a company indicating that a cybercriminal may have accessed your personal information, then now is the time to schedule a free consultation with Corey Pollard Law.

 

Contact my firm today to schedule a no-cost, confidential consultation. You can reach us at (804) 251-1620 or (757) 810-5614. If you decide to initiate legal action with us, you pay no fees unless and until you win compensation.

Corey Pollard
Follow me
Latest posts by Corey Pollard (see all)