We haven’t published anything about the Defense Department for a while, the last news really was the whole RSA SecurID thing which affected some of the US DoD sub-contractors.
The latest news is they’ve been hit with a colossal lawsuit of almost $5 Billion! The lawsuit is regarding a recent breach involving a healthcare system for military personnel and their families.
It’s a pretty heavy suit, claiming $1000 for each of the 4.9 million people affected by the compromise.
The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families.
The lawsuit, filed in federal court in Washington D.C. this week by four people whose data was allegedly compromised, seeks $1000 in damages for each of the 4.9 million individuals affected by the breach.
The suit charges TRICARE, the Department and Defense Secretary Leon Panetta with failing to adequately protect private data and of “intentional, willful and reckless disregard” for patient privacy rights.
TRICARE did not respond immediately to a request for comment. In the complaint, the four plaintiffs faulted TRICARE for failing to properly encrypt the private data in its possession and for taking too long to notify victims of the breach.
The four plaintiffs are Virginia Gaffney, a Hampton, Va.-based individual who described herself in court papers as the spouse of a decorated war veteran; her two children; and Adrienne Taylor, a Glendale, Az. Based Air Force veteran.
It’s an interesting culture the US has, people are always suing each other, bringing up lawsuits with ridiculous amounts and trying to get a free ride out of something that didn’t really affect them adversely.
Seriously, do you really think this data breach affected the plaintiff in any negative manner – I don’t see how it could of to be honest. Either way it’s an interesting case and it could potentially cost the already struggling US government a boatload of money.
TRICARE in September disclosed that sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after unencrypted backup tapes containing the data went missing.
The information on the tapes was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military’s San Antonio area military treatment facilities between 1992 and Sept. 7. 2011.
Lawsuits such as this one have become increasingly common in the immediate aftermath of a major data breach.
Earlier this month, for instance, Stanford Hospital and Clinics was hit with a $20 million proposed class action lawsuit for a data breach involving a third-party contractor. And major breaches such as the ones at Heartland Payment Systems, TJX and Hannaford Bros. have all prompted their share of consumer lawsuits charging the companies with negligence, breach of contract and other charges.
In many cases, courts however have tended to dismiss lawsuits in data breach cases. Several courts have held that consumers cannot claim compensatory or punitive damages in data breach cases unless they can demonstrate that they have suffered actual monetary damage as the result of a breach.
The notion that someone might become the victim of ID theft in future because of a data breach cannot be used as a basis for claims, courts have held.
It’s a pretty huge breach seen as though the tapes stolen contained backups with 19 years of data on them, that’s a LOT of data. But then again, like I said above – they are unlikely to get anywhere with this as I don’t think they would have lost any money from this breach.
Once again it was due to a third party contractor being careless – as has been the case many times. And well in this case, if they do get hit with the lawsuit and need to pay out – they should pass it onto the contractor.
Source: Network World