A phishing scam breached a third party vendor’s email systems, enabling hackers to access sensitive personal information for employees of a multinational conglomerate (including official IDs, banking information, benefits applications and birth/marriage/death certificates); the court found it plausible that the conglomerate was negligent in its handling of employee data, and that its employment and compliance policies formed an implied contract with the employees, which was breached when the employer failed to ensure adequate safeguards.
#cyber #phishing #valueprivacy #dataprivacy #CCPA #GDPR #NYDFS