Defense Dept. hit with $4.9B lawsuit over data breach
Proposed class action suit involves TRICARE, seeks $1,000 per victim
Computerworld - The U.S. Department of Defense has been hit with a $4.9 billion lawsuit over a recently disclosed data breach involving TRICARE, a healthcare system for active and retired military personnel and their families.
The lawsuit, filed in federal court in Washington D.C. this week by four people whose data was allegedly compromised, seeks $1000 in damages for each of the 4.9 million individuals affected by the breach.
The suit charges TRICARE, the Department and Defense Secretary Leon Panetta with failing to adequately protect private data and of "intentional, willful and reckless disregard" for patient privacy rights.
TRICARE did not respond immediately to a request for comment.
In the complaint, the four plaintiffs faulted TRICARE for failing to properly encrypt the private data in its possession and for taking too long to notify victims of the breach.
The four plaintiffs are Virginia Gaffney, a Hampton, Va.-based individual who described herself in court papers as the spouse of a decorated war veteran; her two children; and Adrienne Taylor, a Glendale, Az. Based Air Force veteran.
TRICARE in September disclosed that sensitive data including Social Security Numbers, names, addresses, phone numbers and personal health data belonging to about 4.9 million active and retired U.S. military personnel may have been compromised after unencrypted backup tapes containing the data went missing.
The information on the tapes was from an electronic healthcare application used to capture patient data. The backup tapes were stolen from the car of an employee at Science Applications International Corp. (SAIC), a TRICARE contractor. The breach affects all those who received care at the military's San Antonio area military treatment facilities between 1992 and Sept. 7. 2011.
Lawsuits such as this one have become increasingly common in the immediate aftermath of a major data breach.
Earlier this month, for instance, Stanford Hospital and Clinics was hit with a $20 million proposed class action lawsuit for a data breach involving a third-party contractor. And major breaches such as the ones at Heartland Payment Systems, TJX and Hannaford Bros. have all prompted their share of consumer lawsuits charging the companies with negligence, breach of contract and other charges.
In many cases, courts however have tended to dismiss lawsuits in data breach cases. Several courts have held that consumers cannot claim compensatory or punitive damages in data breach cases unless they can demonstrate that they have suffered actual monetary damage as the result of a breach.
The notion that someone might become the victim of ID theft in future because of a data breach cannot be used as a basis for claims, courts have held.
One exception was in the Heartland case, where the company agreed to pay $4 million to settle claims stemming from several class-action lawsuits.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
- NSA used 'European bazaar' to spy on EU citizens
- Target CIO resigns following breach
- Evan Schuman: Mobile IT Roach Motel: Data checks in, but it won't check out
- Sears finds no evidence of data breach -- yet
- Gameover malware is tougher to kill with new rootkit component
- Mobile app for RSA Conference exposes personal data
- UK man charged with hacking Federal Reserve
- Bloomberg clamps down with data-access policies after scandal
- Amazon.com security slip allowed unlimited password guesses on mobile apps
- Huge turnout at RSA shows hackers are winning
Read more about Privacy in Computerworld's Privacy Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Privacy White Papers | Webcasts