A regional retailer contracted with a third party service provider. A burglar stole two laptops from the service provider containing the data of over 80,000 clients of the retailer. According to applicable notification laws, the retailer – not the service provider – was required to notify the affected individuals.
Total expenses incurred for notification and crisis management alone was nearly $5,000,000.
A business' data is breached by a hacker using a seemingly innocent email. He proceeds to steal social security numbers and bank account data from customer files and selling the information to an internet website which used it to create false identities for criminals to use.
The business incurred notification and credit monitoring costs, and the legal expenses as well as the damages from potential lawsuits resulted in more than $500,000 in damages.
An employee learns she may be terminated, and in response, she steals names, addresses, social security numbers and other personal information from customer files. She sold the information to her cousin who used the identities to fraudulently obtain credit cards. The affected individuals filed suit against the company for identity theft.