Outdated machines, software or employee practices can lead to major security problems. These big companies faced painful fines for their IT mistakes.
As companies increase their online activity, data collection and eCommerce, the stakes will continue to rise. Companies that are lax, poorly prepared or sloppy are facing disastrous tech breaches. Equifax, Uber, TJX and Visa are just a few of the companies that have had to face hefty payouts for data breaches. The public relies on companies to act professionally and secure their information. Many companies that face a security breach or lost data will not be able to stay in business.
With a security breach, the customer’s trust is lost. Not only will the reputation harm business, but fixing the issue will cost more than preventing it. Fines and payouts will also add to that cost. And, the more consumers affected by a major problem in the company’s security, the more painful the clean up. You can’t afford to slack when it comes to IT security.
The infamous Equifax data breach of 2017 has lead to 147 million affected customers. The settlement announced by the credit reporting company included $175 million to 48 states, $300 million towards free credit monitoring services for the impacted customers and $100 million to the Consumer Financial Protection Bureau for civil penalties.
Federal Trade Commission (FTC) Chairman Joe Simons said, “Equifax failed to take basic steps that may have prevented the breach that affected approximately 147 million consumers. This settlement requires that the company take steps to improve its data security going forward, and will ensure that consumers harmed by this breach can receive help protecting themselves from identity theft and fraud.”
The FTC smacked Facebook with a $5 billion fine for the Cambridge Analytica incident. This privacy violations fine was in response to personal data taken from over 87 million Facebook users to create more persuasive and personalized ads.
In 2016, Uber had over 57 million user accounts compromised–and then tried to cover it up by paying the perpetrator $100k. This lead to the largest data-breach payout at the time of $148 million because they broke data breach violation laws.
When the US health insurer Anthem was hacked in 2015, over 79 million customers had their names, birthdates, social security numbers and medical IDs compromised. The company paid out $115 million in a class-action lawsuit in 2017 regarding the breach. The US Department of Health and Human Services fined them an additional $16 million for HIPAA (Health Insurance Portability and Accountability Act) violations.
When over 96 million credit and debit accounts were hacked in a widely-publicized data breach that lasted from 2003 to 2007, TJX promised pay outs. This came under the terms that 80% of card issuers agreed to the recovery offer and promised not to take further legal action. TJX agreed to fund the settlement as a resolution to those U.S. Visa holders with cards from taking further legal action. This amount was not part of the $256 million the company said it had budgeted to deal with the breach.
Between 2012-2013, the University of Texas MD Anderson Cancer Center lost one unencrypted laptop when it was stolen from an employee’s house and two unencrypted USBs that contained sensitive patient data. The health information of over 33,500 individuals was compromised and the center faced a $4.3 million fine for HIPAA violations.
In 2012, Fresenius Medical Care North America (FMCNA) was fined $3.5 million for HIPAA violations after five separate breaches in different company locations. The Office for Civil Rights noted that FMCNA could have avoided this with a thorough risk analysis to find the potential risks and vulnerabilities. Many of their breach problems included lacking security policies and failing to encrypt sensitive health data.
A good company will take proactive IT security measures with a great tech team. By outsourcing IT security through a managed IT service company, you can get the best security without hiring a team full-time. Your IT team will provide an audit of your company to help you find the places where your security, devices or practices might be a threat to your company. Ensure you are using the right equipment and your employees are trained to meet compliance standards, privacy laws, customer expectations and more so your company can succeed.