Data Breach Lawsuit: Will IT Service Provider Capgemini Owe Damages?
IT service provider and consulting firm Capgemini is facing a lawsuit related to a June 2020 data breach. The plaintiff — gaming company Razer — is seeking $7 million in damages. A trial in Singapore’s High Court regarding the dispute is underway, according to Vulcan Post.
Razer claims it has suffered approximately $6.85 million in profit losses from its online website due to the data breach, Vulcan Post reported. Razer is pursuing damages for an unquantified sum for profit losses from the rejection of its digital bank license application.
In addition, Razer is seeking a declaration that Capgemini pay full compensation for damages, losses and expenses incurred and any that the company may incur going forward as a result of the breach.
100,000 Customers Impacted
The Razer data breach occurred due to an issue with an IT system, Vulcan Post said. It may have exposed the personal information of about 100,000 Razer customers.
Security researcher Volodymyr Diachenko in August 2020 discovered that the Razer data breach may have occurred due to a misconfigured Elasticsearch cluster, Ars Technica reported. The cluster contained records of Razer customer orders and information such as items purchased, customer email addresses and phone numbers. It also was exposed to the public and indexed by public search engines and took more than three weeks to fix.
Experts from Razer and Capgemini agreed that the data breach was caused by a security misconfiguration, Vulcan Post noted. However, Razer now claims that a Capgemini employee recommended the IT system that led to the breach and is responsible for the incident.
Capgemini Business Background
Capgemini specializes in consulting, technology services and digital transformation. It has a Top 250 MSSP business unit and delivers cybersecurity services to organizations in nearly 50 countries.
MSSP Alert has reached out to Capgemini for comment, but has not received one as of press time.