Phishing Case Ruling Leaves Liability Implications For Business Owners
A judgement in Curry v. Schletter puts increasing pressure on employers to safeguard the sensitive data of their company.
When the relatively fast moving world of cybersecurity intersects with the slowly turning wheels of civil justice the results can be precedent setting.
That’s the case in a recent suit, Curry v. Schletter Inc., №1:17-cv-0001-MR-DLH (W.D.N.C. Mar. 26, 2018). The catalyst for the case was a phishing email recieved by the comany in question’s HR department where an imposter posed as an executive requesting employee W2s. After the employer disclosed the data breach to employees, some of those who were not satisfied with the company’s remedy, to offer identity theft services and credit monitoring, and took the firm to court.
A W2 form is a veritable treasure trove for a scammer. It contains practically everything a criminal needs to assume another person’s identity, so it’s reasonable to assume that an employer would be selective about who they provide access to one, let alone all of them.
In their filing plaintiffs contend that the phishing email was one in a series of widely known attacks and that insufficient training was provided to employees to safeguard against such attacks on part of the defendant.
In response to the event the employees sued for negligence, invasion of privacy, breach of implied contract, and breach of fiduciary duty. The judge dismissed the charge of fiduciary duty on grounds that employers have no such duties in a standard employer and employee arrangement. However, the rest of the charges were not dismissed and the employer’s motion to dismiss the case was denied.
While it may be obvious that it’s in the best interest of businesses to keep sensitive data out of the hands of nefarious entities, this case sets the stage for a legal precedent to be considered alongside those concerns. To limit liability, business owners need to consider cybersecurity among their top necessities for infrastructure.
As the methods of fraudsters become more complicated, means of determining legitimate actors versus the myriad of phishers is a chief concern. To fight back it takes adequate training, and the proper tools.
MetaCert is building tools for businesses, and consumers alike, to protect themselves from imposters like the phisher who got their hands on employee W2s in the case mentioned above. Businesses who are interested in exploring security solutions with MetaCert will be able to purchase access to the world’s largest registry of categorized URIs, and integrate it into their platforms.
Find out more about how our blockchain project can deliver security solutions to your business at https://metacertprotocol.com.
MetaCert is protecting people from scams with the MetaCert Protocol. You can find out more about the MetaCert Protocol by joining our Telegram community to stay up to date on our blockchain project. Remember to install Cryptonite, to protect yourself from phishing scams before it’s too late.
