Cloud Data Breach Disclosures: the Consumer and their Personally Identifiable Information (PII)?

The incidence of cloud computing data breaches across the world is increasing as retailers, financial institutions, health providers and businesses of all sizes rely on infrastructure, platform, software, and anything as a service (IaaS, PaaS, SaaS and XaaS respectively). As cloud provisioning requires the Internet for the realization of services, security has become paramount. Companies have adopted cloud services to allow for agility in response to growth, particularly of digital services, while reducing their overall costs and maintenance issues. At the same time, the personally identifiable information (PII) of hundreds of millions of end-users is now at risk of being hacked, through insecure cloud computing practices that lead to data breaches. In this article, we explore three cases of significant cloud computing data breaches: 2011 Sony PlayStation Network (PSN); 2014 eBay, Inc.; and 2014 Yahoo!. This paper employs a qualitative methodology, using mini case studies to demonstrate the significance of data breaches. While class action lawsuits by citizens have brought attention to potential matters of disclosure, the misuse of data, and identity fraud in the context of cloud computing, US courts continue to rule that the direct costs to the individual end-user are merely speculative and not provable. The role of consumer class action for data breaches in the cloud are presented in this article.