Feeds

Man loses fight against firm that suffered data breach

Harm? What harm?

Beginner's guide to SSL certificates

A Missouri man has lost his legal battle against an online prescription processor that suffered a security breach that exposed highly sensitive subscriber information.

John Amburgy alleged that Express Scripts was negligent because it failed to adequately safeguard customer data, including names, dates of birth, social security numbers, and prescription drug histories. He argued that the breach in October 2008 that exposed an unknown number of subscribers' details put him at risk of identity theft for which he was entitled to compensation.

A federal judge late last month disagreed. For the case to go forward, he said, Amburgy had to show his alleged injury was beyond mere possibility.

"In short, plaintiff does not claim that his personal information has in fact been stolen and/or his identity compromised," US Magistrate Judge Frederick R. Buckles wrote in a decision dismissing the case. "Rather, plaintiff surmises that, as a result of the security breach, he faces an increased risk of identity theft at an unknown point in the future."

In November 2008, the company offered a $1m reward for information leading to the conviction of the group that targeted it in a cyber-extortion scam. The group provided data that in some cases included prescription information for 75 users and claimed to have data for millions more. The blackmailers threatened to make the records public unless the company paid a ransom.

Express Scripts offered free credit monitoring services, but only to users who could prove they suffered identity theft as a result of the breach.

The judge rejected Amburgy's argument that the breach put him at risk for identity theft for which he needed to spend considerable time and money to reduce. The judge also pointed out that Amburgy wasn't entitled to timely notification of the breach because Missouri had no laws mandating such disclosures.

Amburgy's lack of standing is worth remembering the next time a bank or pharmacy tries to convince you life would be easier if you moved your business online. As things stand now, a patchwork of inconsistent and often toothless laws often provides generous loopholes to companies that expose customer data.

Federal legislation that would require companies that store sensitive personal information to establish a strict data-privacy regimen has recently moved out of the Senate Judiciary Committee, but Marc Rotenberg, executive director of the Electronic Privacy Information Center, said it's unclear if it will ever make it to the floor for a vote.

"We think it's a pretty good bill, and it will fill the gaps in the states where there currently isn't security breach notification" requirements, he said. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Red Hat, Apple scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.