Shareholder Suit Pins Data Breach Liability on Board, Execs

Liability for data breaches may extend to the C-Suite, if a Wyndham Worldwide Corporation lawsuit becomes a  precedent. A shareholder in the global hotel chain filed a derivative suit claiming Wyndham’s board of directors and officers, as well as the company, failed to protect customer information, after sensitive personal and financial data of nearly 620,000 customers was exposed in three data breaches between 2008 and 2010. “[A]s risk management becomes more of a focus as it relates to IT, it’s not just going to be IT folks that get canned when there’s a problem, but those business people higher up the chain,” Rick Doten, CISO at DMI, a provider of mobile solutions and services, told SC Magazine. Meanwhile, the massive 2013 data breach at Target claimed a top-tier victim, when CEO and 35-year veteran of the company Gregg Steinhafel agreed to step down.