A data breach is “the loss, theft, or other unauthorized access … to data containing sensitive personal information, in electronic or printed form, that results in the potential compromise of the confidentiality or integrity of the data.” Though there are various ways in which personal information can be stolen, data breaches typically occur in one of three ways: (1) hacking, (2) physical theft, and (3) point-of-sale attacks.Hacking, the most typical form of data breach, occurs when “hackers [access] a company’s network and [steal] personal information.” Physical theft occurs when devices capable of data storage such as backup disks or laptops are stolen. Point-of-sale attacks occur when data such as credit card information that is recorded and processed at the time of purchase is stolen. In 2016 alone, millions of confidential records were compromised through these three types of data breaches. For instance, in March of 2016, Premier Healthcare reported a data breach, after a laptop computer which contained PHI of more than 200,000 patients was stolen from their billing department. In August of 2016, Oracle, the company that owns the MICROS point-of-sale system, used in more than 330,000 cash registers around the world, announced that its system had been hacked by a Russian cybercrime group. Then, in September of 2016, Yahoo announced that a hacker had stolen information such as e-mail addresses, passwords, full user names, dates of birth, and telephone numbers from at least 500 million accounts. When data is breached,businesses and financial institutions exhaust millions in financial resources to cover legal fees, fraud prevention, card reissuance, and lost revenue, while consumers, who also suffer loss of financial resources, are greatly disadvantaged by the fact that there are currently very few data breach liability remedies available.
