Identity Theft in New Jersey
Nj.com reported on September 17, 2010 in “Authorities say bank-fraud, identity-theft network was ‘sophisticated operation’” that federal authorities charged 53 people in New Jersey in connection with a network of bank-fraud and identity-theft. Based in the Korean neighborhoods of Bergen County, the groups scammed millions from banks by taking over identities of Chinese immigrants employed at warehouses and factories. Using the names of those workers, the suspects secured credit cards and equity lines, which they drained to buy jewelry and whiskey. Banks lost millions when they could not collect from names of people on the other side of the world. The arrestees were charged with bank fraud, wire fraud, identity theft and other crimes.
The news article did not describe how the people got their identities stolen, but if it had to do with a software security breach, there may be no specific standards based on case or statutory law for a software manufacturer to inform customers of security breaches in the US.
There is an unwritten rule among security professionals and under the Digital Millennium Copyright Act that the manufacturer needs to be informed of any security breaches relating to copyrights prior to informing the rest of the public when someone discovers a security breach. This is to allow the manufacturer an opportunity to resolve the problem prior to public disclosure to avoid any further breaches by hackers.
Under tort law, a manufacturer cannot sell unsafe products under product liability laws. To defend against product liability, the manufacturer needs to show that the product met the documentation and specifications, and met a duty to warn customers of known defects. There is the argument that product liability laws do not apply to software manufacturers because software may not be considered products/goods.
Under contract law, there is the duty of good faith and fair dealings. This duty obligates manufacturers to warn customers of known security breaches, unless there is a reason why the manufacturer should not inform customers, such as when disclosure may increase a customer’s damages. For instance, if someone may hack into a system to create more damage, a manufacturer may not have a duty to warn customers prior to creating a patch to fix the security problem.
Whether to warn customers of known security breaches depends on what happens if a manufacturer does not inform a customer versus what happens if the manufacturer does inform. If disclosure of security breaches results in customers likely being attacked by hackers, there may not be a duty to warn.
When technology is vulnerable to security breaches, identity theft becomes a means to financial fraud. Identity theft can lead to deportation, fines, and prison. Engage an experienced New Jersey criminal defense attorney to strategize on reducing sentencing or dismissing charges when faced with criminal allegations.