(800) 869-8643

admin@hayesbrokers.com

Case Study: Cyber Liability Third-Party Data Storage

Case Study: Cyber Liability Third-Party Data Storage

When it comes to your customer and business data, who can you trust?  There is no question that it is safer to store data offsite than keeping it on your premises. Most businesses lack the capital to privately store data at an alternate location, so they depend on third-party data storage companies. A cannabis dispensary found out the hard way that third-party data storage isn’t always the safest bet. The dispensary contracted their data storage needs through MJ Freeway, a compliance solutions provider that offers point of sale and data storage. Here’s What Happened In November 2016, MJ Freeway experienced several outages. In January 2017, a cyber attack was discovered, and the ensuing investigation into the attack revealed that confidential client data had been breached November 2016. In November 2017, MJ Freeway notified customers via email and an online press release that the data breach had occurred. It took MJ Freeway nearly a year to notify their customers of this breach. In that time, the data may have been disseminated to other parties, though it is unclear whether that has occurred. Why This Is A Problem In the event of a data breach, most states and the federal government require that consumers be notified “as soon as possible” of a data breach, and usually no more than 60 days after the discovery of said breach.  Regulations may also stipulate that if a breach is in excess of $250,000 or exceeds 500,000 customers, website posting and media notification may be used. So this begs the question: was the data breach that large, or was the notification of customers made too...