- Cases
Data Breach in the SaaS Industry
Tech E&O Insurance Benefits: A Real-Life Data Breach Case in the SaaS Industry – Latú
Nowadays almost every new company that arises is a technology company, with an engineering team writing code and creating products that can change the world. Amazing!
At that moment, Saas.com CEO remembered he had invested in an insurance policy sometime before and filed a claim to the insurance company that covered them against this data breach incident covered by the Tech E&O policy. The company received the claim, made an analysis of what had happened, and discovered that there was a breach due to a bug in the Saas.com software that was allowing some employees access to this sensitive data.
However, the probabilities of a flawed product ending in the hands of a customer are increasing daily. One of today’s most common tech businesses are those denominated as SaaS, Software as a Service. Typically, these companies license software and eliminate the need to have an IT staff installing applications on each individual computer.
This business model allows for many advantages but comes with its own risks. Fortunately, at Saas.com the leaders of the company made the wise decision to acquire an insurance product after the company’s first year of operation.
Why was it a wise decision? Let us tell you the story…
Saas.com is a software-as-a-service company that distributes products focused on employee benefits. It claims to be the best in the industry and have been growing 20x in the last 2 years. Due to this accelerated growth, they hired a big new team of developers to update their platform to deliver a better product to their clients. The team work hard for a couple of months to deliver this new update, building an awesome product just in time as promised to clients.
The launching of the product was great for Saas.com, making upsells and cross-sells grow 10x thanks to the new features of the platform.
In the fourth month of operation, one of their biggest clients called Corporation.net, raised a concern to Saas.com, alleging that their employees were using the platform to see the compensation package of every other colleague that works in the company, causing a huge amount of complaints from some employees that didn’t have the same benefits or salaries than others.
- Some context: At corporation.net compensation packages were confidential and individually negotiated by every employee.
After this initial call, the customer success area (“CS”) warned the development team, who assured that the platform was good enough, disregarding any possibility that the problem comes from the new software update, something that was informed to the client days after.
However, the client kept complaining about the security failure of the platform for the next months without having the attention of the CS team.
Saas.com received a lawsuit filed by the client a couple months later, alleging that the problem caused by the platform ended up in employees suing Corporation.net for compensation discrimination. This was damaging the brand of Corporation.net and caused them a US$ 1 million loss per employee. This same amount was used as a reference to file the lawsuit against saas.com, alleging data breach affectations.
Then, the insurance company assumed all the defense costs for this litigation and settled with Corporation.com for a fixed amount much lower than the initial amount. This allows Saas.com to save a huge amount of money and a huge PR scandal that could end up bankrupting the company.
In today’s technology-driven world, Tech E&O insurance benefits have become increasingly crucial, especially for SaaS companies. In Latú we know how important it is to make quick important decisions in order to boost business growth. However, we encourage you always to cover the risk that can be covered, so you can keep reaching new heights.
This story is based on actual events. In certain cases incidents, characters and timelines have been changed for dramatic purposes. Characters may be composites, or entirely fictitious.