Canon USA has reached an agreement with employees affected by the company’s 2020 ransomware attack to pay those affected up to $7,500 in monetary losses and US$300 for out-of-pocket expenses in a deal that has been filed in US federal court.
Nine named plaintiffs had filed a lawsuit against Canon USA for allegedly failing to protect their personal data adequately and not providing timely notice of the breach. Canon was hit by a ransomware data breach attack in August of 2020, with a group called Maze claiming responsibility and claiming to have stolen 10 terabytes of data.
Canon USA’s settlement agreement includes the company paying approximately $2.25 million in total. Affected employees can claim up to $7,500 in losses from the attack and $300 for out-of-pocket costs. Canon USA also agreed to provide affected employees with two years of free credit monitoring and other services.
The August 2020 ransomware attack was the latest in a string of data security breaches suffered by Canon USA, with the company’s computer systems being victim to a separate attack in 2010 and cybercriminals successfully stealing the company’s employee and customer data in 2017.
In response to the latest attack, Canon USA has reportedly implemented stronger data security protocols and spent millions of dollars on additional investments in security, such as phishing simulations, malware detection and prevention, and a 24/7 cybersecurity operations center.
Canon USA’s settlement agreement marks an important step in providing some form of recompense and protection to those affected by the 2020 ransomware attack. It also serves as an important reminder to businesses and organizations that robust security protocols must be in place to protect customer data lest they face significant financial and reputational repercussions.