back to article Man loses fight against firm that suffered data breach

A Missouri man has lost his legal battle against an online prescription processor that suffered a security breach that exposed highly sensitive subscriber information. John Amburgy alleged that Express Scripts was negligent because it failed to adequately safeguard customer data, including names, dates of birth, social …


This topic is closed for new posts.
  1. Anonymous Coward
    Paris Hilton

    Maybe that is why ...

    ... cloud stuff is important?

  2. Brian Miller

    Bogus lawsuit, judge is right

    Consider: I can *potentially* be harmed when I walk across the street by a car running over me. Therefore, the automobile makers are liable for my *potential* future injuries.

    Umm, no. However, a company that has a data breach should be requited to pay for monitoring.

    1. John O'Hare
      Thumb Up

      A better analogy (involving cars) would be...

      This is more like this person was placed blindfolded in the middle of the motorway.

      No harm has been done by the company that actually placed him there. The harm will be done by the bus who will eventually hit the person standing in the middle of the road, after which that person can try to connect him being hit by a bus with the fact of this company actually placing him in the middle of the road to begin with (if he survives).

      On the other hand, the cars may evade this person for quite some time.

      1. Anonymous Coward
        Anonymous Coward

        A bit harsh on bus drivers

        The buses I catch swerve all over the place to avoid stuff.... or is it to try and hit stuff but they keep missing.

    2. Anonymous Coward
      Anonymous Coward

      @Bogus lawsuit, you're wrong

      The example you give is childish and irrelevant.

      When you suffer from loss of data as in this case, depending on how important the data is, you may have to spend some time and money replacing and investigating exactly how these details being lost can affect you or your business.

  3. Matt 143
    Thumb Down

    Think about it...

    Why should it matter if it is person suing a company, or a company is sue another company for negligence?

    Bank, sues TJMAX cause TJMAX was negligent in keeping credit information secure. Banks will sue and recover after a breach of Payment Card information to recover their risk, and "potential damages", and cost incurred for monitoring (which I believeTJMAX actual paid for, not the banks or other credit card companies). Does it have to be that each and every one of those credit cards was used or the credit card companies or banks couldn't sue and try to recover costs due to this companies negligence? Why should this differ for a consumer and a company?

    What if start up company A tries to make it big in cloud computing, putting information out in the cloud. Well that database gets hack, and it is known that the lots credit card information, social security numbers, addresses and work history was taken. My identify at that time, isn't stolen or my information used... but I get free monitoring for 2 years, but 1 or even 4 years later company A is gone, has been dissolved, failed, closed its doors and then my identify gets taken and it can be proven to be related to that breach that occurred 4 years ago, should I be the one SOL though that company was negligent?

  4. wobbly1

    fine in a singular loss...

    However , 3 organisations tell me that they have suffered data security breaches. If I subsequently have my identity stolen and suffer actual loss, Would I then have to prove which company loss provided the data was used to steal my identity?

    The structure of the laws governing corporate culpability are built with lobbyist induced loopholes. Really creaming any company that loses data is the only option. Companies can take out insurance against losses In the same way they carry public liability insurance. The treating of personal loss should not be any different because it involves data.

    The Individual HAS suffered a loss and injury (the time taken to change any user controlled temporal data (e.g. passwords) . And the time taken to clarify what has been stolen and how it was protected by encryption ; one government agency gave bland assurances that bore no scrutiny ("they would need an identical network set up to extract the data"). and of course the attendant anxiety.

    Corporate law allow a water muddling disconnect , that usually protect s the individual who's (in) actions allow the breach and the chain of command above them. The "I was only following orders" and " I can't be held responsible for the actions of everyone under my direction" bifurcation.

    Perhaps ensuring that liability stretches all the way to the board room or minister's office is enshrined in the corporate liability laws might make companies take the protection of other people's valuable data more seriously.

  5. umacf24

    The judge is right and wrong

    Right: He's not entitled, federally, to disclosure. Missouri fail.

    Right: Creation of some random risk for someone else can't be actionable or there'd be even more lawsuits than there are....

    But surely placing a person into a risk that a reasonable man would spend money to mitigate -- and identity risk is such -- allows the possibility of damages?

  6. AndrueC Silver badge

    They should learn from the UK DPA then..

    ..although what they should learn is unclear. It obviously doesn't stop people leaving laptops on trains or posting data to each other via careless courier.

  7. Anonymous Coward
    Anonymous Coward

    Which shows me.......

    That Judges are just as large arsehole;s in the USA as they are in the UK, in the main I should say. It also shows me ,again, that there is no such thing as "Justice" , the Court system is just a plaything for rich people will taxpayers money to burn ,luke Bankers. To the ordinary man on street the Court system is like paying with a grenade, it may blow up and destroy you in your pursuit of justice.

  8. Anonymous Coward
    Paris Hilton

    @ J O'H

    Duty of care?

    Is it culpable negligence or contributory negligence for one person to knowingly place at increased risk another person?

    Should harm then follow as a consequence then the person left at risk and consequently harmed has two parties in sight: the one creating harm and the other negligent in fact placing a person in increased risk of harm.

    Now suppose that rather than two living parties one party was alive.

    I chained a person ('bots note bien: one is speaking/writing/typing metaphorically now) to a beach for a laugh so that they would get wet when tide came in. I made sure that it was on part of a beach that gets 6" of sea water (well it did in the last 48 hours).

    What i did not realise was that there was going to be a major tide this night and rather than 6" of tide there were 18"

    Who be culpable/ negligent now?

  9. Anonymous Coward
    Anonymous Coward

    A better car analogy would be ...

    ... pedestrians are terrorists and buses are paedophiles. Therefore road tax is a communist.

This topic is closed for new posts.