Announce Breach. Blink. Be Sued

There is only one thing that is faster than a cyberthief grabbing stolen card data: A lawyer suing that breached retailer. Only 13 days passed from the Dec. 15, 2009, announcement of a breach at social networking application development site RockYou until a lawsuit against RockYou was filed. The case, filed in U.S. District Court in San Francisco by RockYou user Alan Claridge, asserts that RockYou failed to use even rudimentary security to protect the personally identifiable information (PII), including E-mail addresses, of millions.

"RockYou stored users' PII in an unencrypted database with poor network security," Claridge said. "RockYou's willful failure to secure its users' sensitive PII led to multiple security breaches that exposed 32 million users to identity theft and other malicious conduct. Although security threats are unavoidable in a rapidly developing technological environment, RockYou recklessly and knowingly failed to take even the most basic steps to protect its users' PII by leaving the data entirely unencrypted and available for any person with a basic set of hacking skills" to access.