Recently, employees of Citrix have assembled to sue their employer, who they allege was negligent and careless in protecting their personally identifiable information (PII), enabling a breach. What is interesting about this class action lawsuit is that there is no specific data breach law being used for this case. The affected Citrix employees claim that Citrix demonstrated negligence by not protecting against password-spraying attacks, which is a method used to gain access to accounts with commonly used passwords. Strategies for addressing these attacks have been published and recommended by DHS for some time – long before Citrix was breached. Employees claim that this demonstrates the company’s negligence.
This is big. We are starting to look at the failure to protect data as a traditional legal action as opposed to one requiring specialized legislation for data breaches. This also means that the community has understood the significance of protecting its data and is taking steps to ensure that it is safe; in this case, by suing organizations who do not protect it.
For information about how CASBs like Bitglass help secure data, download the Top CASB Use Cases below.
*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Ben Rice. Read the original post at: https://www.bitglass.com/blog/can-private-attorneys-help-prevent-cybercrime