Several high profile data breaches have caused businesses to implement strict security measures to prevent cyber attacks. Malicious intrusions could occur through fraudulent emails, hacking or employee mistakes.

Exposing a customer’s personal information to hackers may result in serious legal consequences. If a customer experiences economic, physical or emotional harm, a company may face liability for damages.

According to statistics collected by the Identity Theft Resource Center, a record number of data breaches occurred in 2017. Retail businesses, especially online shopping sources, experienced more intrusions than the banking and health care sectors.

What is the most common form of breach?

A data breach generally takes place when a company’s information technology or online security system becomes compromised. Once inside an information system, an intruder may access customers’ private data for illegal purposes.

Data breaches may result in stolen credit card numbers, names and billing addresses. The stolen data could enable thieves to transfer funds to themselves or make purchases. While credit card companies may protect customers by reversing fraudulent charges, customers’ personal information may still find its way onto the dark web.

Identity thieves scour the dark web for names and social security numbers of living persons who they can impersonate. They may then apply for loans or commit crimes using another individual’s personal information.

Who faces liability when hackers access private information?

Federal law stipulates that certain companies take all reasonable steps to protect their customers’ personal information, such as private medical records. If an intruder accesses patients’ medical information, a company may face a $50,000 fine for each violation, as reported by Becker’s Health IT. Patients might also file legal action to recover damages that a breach of their private information caused.

Taking proactive steps to protect information systems, trade secrets and client data from a hacker or malicious intruder may reduce the risk of a harmful data breach. A company owes a duty of care to keep its customers’ private information confidential; a business may face legal action if a lack of cyber protection results in damages to its clients.