Cybercrime and Bankruptcy – Will You Be Caught in the Snare?

While cyber-attacks are nothing new, the recent publicity of the attacks of such prominent companies as JP Morgan Chase, Target, and Home Depot has brought this issue to the headlines.  And with good reason.  While larger companies may be better equipped to take the financial hit resulting from a cyber-attack, smaller companies may be left standing in the dust.  With the increased frequency of cyber-attacks and the increased demands for restitution from those whose personal information has been exposed, bankruptcy courts may begin to see an increase in debtors who are cyber-attack victims.

According to the National Cyber Security Alliance, one in five small businesses falls victim to a cybercrime each year and of those, approximately 60 percent go out of business within six months after an attack.

After the break-in at its headquarters, which lead to the electronic escape of detailed medical information for roughly 14,000 people, Impairment Resources LLC became one of those statistics.  Impairment Resources was a small company in the business of reviewing medical records in workers’ compensation and auto casualty claims for individuals, insurance companies, and employers.  The stolen information included patient addresses, social security numbers, and medical diagnoses.  In its Chapter 7 bankruptcy filing, the company explained that the cost of dealing with the data breach was prohibitive.  Impairment Resources spent approximately $142,000 in mitigation costs and estimated that it may owe an additional $2.5 million in penalties and costs to indemnify its clients for liability claims.  Impairment Resources indicated that it had a single business liability policy that its insurance agent did not believe covered the loss.

But the consequences of the breach aren't just limited to Impairment Resources.  The stolen health information belonged to individuals who submitted insurance claims to Impairment Resources' clients.  Those clients may now face liability for the breach.  In addition to facing liability claims, they may also find themselves in bankruptcy court asserting their own claims against Impairment Resources.

If you fall prey to a cyber-attack, you may have no choice but to seek bankruptcy relief.  But as the customers of Impairment Resources learned, the victims of an electronic theft aren't the only ones who suffer the consequences.  If you do business with a victim of cybercrime, you may also end up asserting your claim in bankruptcy court.  You may even face liability if your customer's information is exposed.  Such risks can be reduced with appropriate policies in place to manage third party relationships.  It is also advisable to consult an attorney early on to mitigate your exposure and to assert your claim.