As Halloween approaches on October 31, so does the end of National Cyber Security Awareness Month. Unfortunately, to the horror of many consumers nation-wide, October also appears to have been Corporate Cyber Theft Month, with no fewer than four large national corporations reporting data security breaches with the potential to compromise sensitive consumer information.

The first report came when credit house Experian revealed that a data breach compromised the personal information of 15 million people who applied for T-Mobile phone services. Next came online broker Scottrade, which disclosed earlier this month that the information of up to 4.6 million customers had been compromised in a data security breach.

Following Experian and Scottrade, financial services firm E*Trade Financial and publisher Dow Jones both began warning thousands of consumers that an apparent cyber attack campaign compromised significant amounts of personal information.  Frighteningly, some of the data stolen in those breaches contained sensitive customer payment information.

Even “The Donald” himself could not escape the reach of hackers mining for customer information. The Trump hotel chain recently disclosed data breaches compromising the customer payment systems of seven Trump hotels.

The specter of identity theft will continue to haunt individuals effected by these corporate data breaches well after their Halloween decorations have been stored away and their stashes of candy depleted.

Fortunately for consumers, American corporations may be forced to start taking the security of sensitive customer data a lot more seriously.

On August 24, 2015, the U.S. Court of Appeals for the Third Circuit released its ruling in Federal Trade Commission v. Wyndham Worldwide Corp., unanimously upholding the Federal Trade Commission’s (FTC) authority to regulate companies’ data security practices under Section 5 of the Federal Trade Commission Act (FTC Act).

The case involved a suit brought by the FTC against the Wyndham hospitality company, alleging that data security failures led to three data breaches at Wyndham hotels in less than two years. According to the complaint, those failures resulted in millions of dollars of fraudulent charges on consumers’ credit and debit cards.

The Third Circuit ruling sends a strong message to corporations who archive customer data electronically, and solidifies much needed federal oversight of corporate cyber security practices. Companies will now be required to implement reasonable and appropriate security measures to protect customer information.

Exactly what types of security measures will qualify as reasonable remains, for the moment, unclear. However, there is no doubt that perceptions of cyber security are changing, and the protection of customer data is finally – to the relief of millions – being treated with the importance it deserves.

Aaron Kennedy

Comments are closed.