Incident Details
Tennessee has provided a safe harbor to shield businesses from certain cybersecurity lawsuits. The law is tailored and not triggered by having a data security program.
Incident
How Did the Breach Happen?
The breach involved unauthorized access or misuse of non-public information stored on information systems, leading to class action lawsuits.
What Data has been Compromised?
Non-public information such as Social Security numbers, drivers’ license numbers, and financial account numbers.
Why Did the company's Security Measures Fail?
The legislation requires evidence of gross negligence or willful misconduct for legal action, setting a high bar for negligence claims.
What Immediate Impact Did the Breach Have on the company?
The breach resulted in mounting defense against class action lawsuits for not using reasonable security measures.
How could this have been prevented?
Implementing multi-factor authentication on access platforms and comprehensive risk assessments could have prevented the breach.
What have we learned from this data breach?
The importance of robust cybersecurity practices, timely breach notifications, and legal protections for companies facing cyberattacks.
Summary of Coverage
Tennessee's legislation offers a narrow safe harbor, raising the bar for legal action in cybersecurity breaches. Companies need to prioritize cybersecurity measures.