You are here

California to Introduce $1,000 Payouts for Every Data Leak Victim

A Californian senator has introduced a bill to increase data breach liability. If the bill is approved by the local senate and then the Governor, people affected by a data breach will be allowed to sue for $1,000 or monetary damages–whichever sum is greater. As a result, any company failing to prevent a big data leakage may have to pay multi-million compensations.

California is the biggest state in the U.S., with nearly 40 million residents. It is now the world’s fifth largest economy, recently leaving the United Kingdom behind. The state is a residence of hundreds of large businesses, including such IT giants as Google, Apple, Facebook, Oracle, and eBay, each operating huge volumes of customer data.

This is a digest of recent major data leaks from both Californian companies and organizations that operate personal data of Californians, prepared by InfoWatch Analytical Center.

In October 2017, the database of analytics software vendor Alteryx, discovered in a misconfigured Amazon Web Services S3 cloud storage “bucket,” exposed a wide range of personal details about 123 million American households, including address, age, gender, education, occupation, marital status, phone numbers, as well as mortgage and financial information, number of children in the household, and other sensitive data. The discovered table contained a total of 3.5 billion fields filled with both original and modeled consumer details about virtually every American household. Even though no names were exposed, the leaked data would allow criminals to accurately identify any person using information from other media, researchers say.

The hottest topic of the spring 2018 was Facebook admitting that the data of up to 87 million users may have been improperly shared with a political consulting firm Cambridge Analytica through a Facebook personality quiz app. Facebook CEO Mark Zuckerberg apologized to users and said that Facebook would limit the types of data that can be harvested by software used by outside businesses.

In November 2017, Uber, the world’s largest taxi company headquartered in California, disclosed that hackers had stolen personal data from 57 million customer and driver accounts and that the company had kept the data breach secret for more than a year after paying a $100,000 ransom to delete the stolen data

At the end of 2017, Kromtech security researchers discovered an unprotected instance of MongoDB database that appeared to contain 19+ million records of California voters, all open for public access. The database was soon deleted by hackers who left a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery). The database might have belonged to one of the political movements.

Last year, Dun & Bradstreet, a business services giant, suffered a leak of its database containing just under 33.7 million unique email addresses and other contact information from employees of thousands of companies, representing a large portion of the U.S. corporate population. California was the most represented demographic, with over four million records.

In early April, the Department of Developmental Services of California said that private information of about 600,000 people might have been exposed during the burglary of its building in Sacramento during which the burglars ransacked files, damaged and stole state property and started a fire. Officials say the criminals could have seen personal data of customers, employees, and parents of minors enrolled in departmental programs.