I just stumbled upon the news that Stratfor -- the global security analysis company that was hacked by Anonymous on Christmas of last year, and was the butt of jokes for some time because of the irony -- has announced its intention to settle. The proposed settlement, if accepted, leaves my head scratching. It's the one of the most self-serving settlements I've run across for an instance where a company is sued for not engaging in proper data security practices.
According to news outlets, The settlement called for Stratfor to offer class members who opt in to it one month of free access to its service, worth $29.08, and an electronic book published by Stratfor called "The Blue Book," priced at $12.99. The two together may cost Stratfor approximately $1.75 million, according to estimates in the settlement. The settlement also calls on Stratfor to pay for a credit monitoring service for class members who ask for it, as well as to continue paying for additional security to protect its networks. A $400,000 lump sum will go to paying plaintiff attorneys and various fees. [reuters.com] The figure of $1.75 million, compared to the original lawsuit for $50 million is remarkably low. In fact, it appears that the figure represents the cost of supplying the proposed goods and services at no charge. So...the figure represents Stratfor's current operating expenses? The book is already paid for, and it costs almost nothing to distribute it. And, it's an extra month of access to Stratfor's intelligence for members who are already signed up, so there isn't much additional work but to just keep on trucking on Stratfor's part. What a deal! For Stratfor, that is. Makes one wonder why the lawsuit was even filed to begin with. I mean, if it was to "teach them a lesson," I think they already got that from the P.O.'ed clients they have and the global negative PR hit they took. When it comes to compensating clients whose data was breached, this is one of the most self-serving settlements I've heard of, only topped by TJX: Plus, there was the settlement with a [TJX] customer class-action lawsuit that resulted in the "customer appreciation sale," a three-day shopping spree where customers would have big, big! savings. There was a lot of disapproval regarding this: critics noted that this would benefit TJX, since lower prices drive higher traffic. Despite all the criticism that Stratfor has received due to the hack, including the observation that it's a joke of an intelligence/security company, if Stratfor can manage to get a case like this to settle in four months while recompensing basically nothing, it must know what it's doing. (The heavy lifting was probably done by the lawyers, certainly, but choosing the right lawyers is more than an art; it takes know-how).
According to news outlets,
The settlement called for Stratfor to offer class members who opt in to it one month of free access to its service, worth $29.08, and an electronic book published by Stratfor called "The Blue Book," priced at $12.99. The two together may cost Stratfor approximately $1.75 million, according to estimates in the settlement. The settlement also calls on Stratfor to pay for a credit monitoring service for class members who ask for it, as well as to continue paying for additional security to protect its networks. A $400,000 lump sum will go to paying plaintiff attorneys and various fees. [reuters.com]
The settlement called for Stratfor to offer class members who opt in to it one month of free access to its service, worth $29.08, and an electronic book published by Stratfor called "The Blue Book," priced at $12.99. The two together may cost Stratfor approximately $1.75 million, according to estimates in the settlement.
The settlement also calls on Stratfor to pay for a credit monitoring service for class members who ask for it, as well as to continue paying for additional security to protect its networks. A $400,000 lump sum will go to paying plaintiff attorneys and various fees. [reuters.com]
The figure of $1.75 million, compared to the original lawsuit for $50 million is remarkably low. In fact, it appears that the figure represents the cost of supplying the proposed goods and services at no charge.
So...the figure represents Stratfor's current operating expenses? The book is already paid for, and it costs almost nothing to distribute it. And, it's an extra month of access to Stratfor's intelligence for members who are already signed up, so there isn't much additional work but to just keep on trucking on Stratfor's part.
What a deal! For Stratfor, that is. Makes one wonder why the lawsuit was even filed to begin with. I mean, if it was to "teach them a lesson," I think they already got that from the P.O.'ed clients they have and the global negative PR hit they took.
When it comes to compensating clients whose data was breached, this is one of the most self-serving settlements I've heard of, only topped by TJX:
Plus, there was the settlement with a [TJX] customer class-action lawsuit that resulted in the "customer appreciation sale," a three-day shopping spree where customers would have big, big! savings. There was a lot of disapproval regarding this: critics noted that this would benefit TJX, since lower prices drive higher traffic.
Despite all the criticism that Stratfor has received due to the hack, including the observation that it's a joke of an intelligence/security company, if Stratfor can manage to get a case like this to settle in four months while recompensing basically nothing, it must know what it's doing. (The heavy lifting was probably done by the lawyers, certainly, but choosing the right lawyers is more than an art; it takes know-how).
Related Articles and Sites:http://www.databreaches.net/?p=24638http://in.reuters.com/article/2012/06/28/us-stratfor-hack-lawsuit-idINBRE85R03720120628http://articles.chicagotribune.com/2012-06-27/business/sns-rt-us-stratfor-hack-lawsuitbre85r037-20120627_1_settlement-class-action-preliminary-approvalhttp://www.statesman.com/business/stratfor-aims-to-settle-suit-over-data-breach-2415237.htmlhttp://www.information-age.com/channels/security-and-continuity/news/2110348/hacked-stratfor-settles-customer-lawsuit.thtml