T-Mobile headquarters. Photo: VDB Photos/Shutterstock.comFollowing Data Breach, In-House Counsel Should Review Company Email Policies
Phyllis Sumner, a partner at King & Spalding in Atlanta, said a hack like T-Mobile's recent data breach should serve as a reminder for in-house counsel to review their policies and procedures regarding what information can and cannot go into an email.
March 10, 2020 at 04:10 PM
3 minute read
The diverse amount of personally identifiable information that may be compromised when employee email accounts are hacked should force in-house counsel to reconsider policies and procedures surrounding email use, according to experts in the wake of a recent T-Mobile USA Inc. data breach.
Over the weekend, Bellevue, Washington-based T-Mobile, a month before it is expected to merge with Sprint Corp., announced on its website that an attack on one of its email vendors allowed hackers to gain access to "certain T-Mobile employee email accounts." T-Mobile was able to determine that the email addresses compromised contained customer names, addresses, phone numbers, account numbers, rate plans and billing information. The company said in its notice that credit card and Social Security information was not compromised. It is not clear how many customers were impacted or how many email addresses the hackers had access to.
Brian Kint, a member at Cozen O'Connor in Philadelphia, said there is a variety of information that hackers can access through email addresses and it is difficult to track, unlike other cyber breaches.
"When a hack compromises a database, it is clear what kind of information was in there," Kint said. "There can be personal information in that email that you do not know about until you go into the actual email boxes."
Phyllis Sumner, a partner at King & Spalding in Atlanta, said a hack like T-Mobile's should serve as a reminder for in-house counsel to review their policies and procedures regarding what information can and cannot go into an email.
"That may help reduce the risk to organizations," Sumner said. "Employees should never include personally identifiable information or other sensitive data in emails."
One issue that in-house counsel should consider when reviewing policies and procedures surrounding business emails is how that will impact the business. Sumner said drastic changes to company policies and procedures could impact how employees conduct business.
|Tracking the Data
While T-Mobile appears to know which data has been compromised, that answer is not always clear. In-house counsel will likely need to hire an outside cyber forensic firm, under privilege, and comb through employee emails.
Kint said most companies have a policy statement in reference to cyberattacks and that in the U.S. an employee email address is regarded as the property of the employer.
"The first step is to put the notice out there that employee emails have been compromised," Kint said. "You don't want them finding out through a news story or through a letter in their mailbox."
Sumner said that notice is also important to distribute in case in-house counsel needs to search through personal devices that employees use for work.
"Organizations need to think about company culture, how they manage their employees and balance that with keeping the investigation confidential and privileged," Sumner said.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Elaine Darr Brings Transformation and Value to DHL's Business
PepsiCo's Legal Team Champions Diversity, Wellness, and Mentorship to Shape a Thriving Corporate Culture
Datasite's Ethics and Compliance Team Drives Transformation
SEC Obtained Record $8.2 Billion in Financial Remedies for Fiscal Year 2024, Commission Says
Law Firms Mentioned
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
