As usual during a corporation’s data breach, Ashley Madison issued a reassuring statement: “We are working with law enforcement agencies, which are investigating this criminal act.
“Any and all parties responsible for this act of cyber-terrorism will be held responsible.”
Eight of those customers (so far) have decided to hold Ashley Madison responsible. They have filed lawsuits against the company in California, Georgia, Minnesota, Missouri, Tennessee and Texas.
They seek class-action status to represent Ashley Madison’s 37 million users.
The lawsuits claim negligence, breach of contract and privacy violations. They charge that Ashley Madison failed to take reasonable steps to protect the security of its users, including those who paid the $19 fee to have their information deleted.
If they win–and force the owners of Ashley Madison to pay up big-time–this could set a precedent for lawsuits by other victims of such data breaches.
An October 22, 2014 “commentary” published in Forbes magazine raised the highly disturbing question: “Cybersecurity: Does Corporate America Really Care?”
And the answer is clearly: No.
Its author is John Hering, co-founder and executive director of Lookout, which bills itself as “the world leader in mobile security for consumers and enterprises alike.”
“One thing is clear,” writes Hering. “CEOs need to put security on their strategic agendas alongside revenue growth and other issues given priority in boardrooms.”
Hering warns that “CEOs don’t seem to be making security a priority.” And he offers several reasons for this:
- The sheer number of data compromises;
- Relatively little consumer outcry;
- Almost no impact on the companies’ standing on Wall Street;
- Executives may consider such breaches part of the cost of doing business.
“Sales figures and new products are top of mind,” writes Hering. “Shoring up IT systems aren’t.”
The key to sharply reducing data breaches lies in holding greed-obsessed CEOs financially accountable for their criminal negligence.
Only then will their mindset of “We don’t care, we don’t have to” be replaced with: “We care, because our heads will roll if we don’t.”