News

Kari Rollins discusses legal implications of the rise in ransomware attacks, and how certain data files such as those in human resources and customer information may be used as leverage in negotiations with attackers. “The fact that data’s being exfiltrated creates greater risk for companies,” she said. “When you notify individuals, there could be a regulatory inquiry or private class action litigation. That type of litigation frequently alleges negligence or similar claims accusing the company of failing to adequately safeguard user data.” Rollins also points out that press coverage and lawyers tracking public data breach lists could result in lawsuits. “Because of the profile and ubiquity of data breaches today, there’s a greater likelihood you’ll receive some sort of follow-up request from regulators after filing a notification.”