PayPal users change your password and setup 2 Factor Authentication (2FA)
Employees Sue Company For W-2 Phishing Scam
Federal Court Decides Triple Damages
According to a recent federal court decision, an employee who is tricked into sharing personal information in response to a phishing email can be seen as committing an intentional disclosure under the North Carolina Identity Theft Protection Act (NCITPA). As a result, the employer could face treble damages for the employee’s mistake, adding a new element to potential exposure for businesses.
Employees who fall for CEO Fraud commit an “intentional disclosure”.
Poyner Spruill’s J.M Durnovich was right to highlight this development, which was also picked up by the nationwide Law360 site.
The failure to train employees may quickly become more costly not only for North Carolina employers. This decision will be looked at by other courts who very well might come to the same conclusion that not taking reasonable measures to defend against scams like this merits treble (punitive) damages.
Here is a short extract from the Poyner Spruill post which I strongly recommend you read in full.