Thread regarding Canon Inc. layoffs

Excerpt

Despite learning of the Canon Data Breach in August 2020, Canon initially downplayed the significance of the breach and did not publicly announce the Canon Data Breach until November 25, 2020, at which time Canon disclosed that the data accessed by the attacker included employees’ names, social security numbers, dates of birth, driver’s license numbers or government-issued ID numbers, bank account numbers, and their electronic signatures.3
“Canon publicly confirms August ransomware attack, data theft,” BleepingComputer,
https://www.bleepingcomputer.com/news/security/canon-publicly-confirms-august-ransomware-attack-data-theft/
(last accessed January 25, 2021).
3
8

Case 2:21-cv-00414-SJF-ARL Document 1 Filed 01/25/21 Page 9 of 30 PageID #: 44

  1. Canon, however, failed to notify its former employees of the Canon Data Breach, including the fact that their Private Information had been compromised in the Canon Data Breach, until late November of 2020, over three and a half months after the breach occurred and was discovered by Canon.

Canon’s Data Security Standards were Inadequate

  1. Defendant was on notice of the very real risks of security breaches like the Canon Data Breach. In information and belief, Canon suffered several data breaches in 2020, the most recent being an unrelated data breach of its computer systems in July of 2020, when the image.canon site suffered an outage. Canon released the following user notice4 related to that security breach:
  2. Security breaches like the Canon Data Breach have been frequent and garnered significant media attention over the last decade, with significant data breaches dating back to 2005. The Privacy Rights Clearinghouse, a nonprofit organization which focuses on strengthening

“Canon confirms ransomware attack in internal memo”, BleepingComputer,
https://www.bleepingcomputer.com/news/security/canon-confirms-ransomware-attack-in-internal-memo/ (last visited January 25, 2021).
4
9

Case 2:21-cv-00414-SJF-ARL Document 1 Filed 01/25/21 Page 10 of 30 PageID #: 45
privacy protections, has recorded over 9,000 data-related security breaches in the U.S. since 2005, including numerous instances of hacking.5

  1. Despite the known risk of a data breach and widespread publicity and industry alerts regarding other notable data breaches, Canon failed to take reasonable steps to adequately protect its computer systems from being breached and failed to protect its own employees’ sensitive personal information entrusted to it. Canon could have prevented the breach and more timely notified affected individuals by ensuring that their systems established and maintained adequate security protocols that safeguarded against cyberattacks.
  2. Defendant should have been well-aware of the risk of falling victim to a data breach, given its prior breach history, and should have taken adequate steps.
by
| 861 views | | no replies yet
Post ID: @OP+1cBeraJT

There are no replies in this thread yet. Be the first to post a reply below:

Post a reply

: