What Is Your Liability If Someone Hacks Your PC and Uses Information for Criminal Purposes?

Website Provided by HG.org

Large-scale security breaches receive massive media attention. Whether a person can be criminally or civilly liable for another’s actions while using their equipment or connection depends on the particular circumstances involved in the case.

Criminal Culpability

Whether a person would ever be subject to arrest for a crime depends on the actual state or federal statute that he or she would be charged under. Generally speaking, someone who does not willfully engage in criminal behavior is not held criminally responsible. This can apply to unauthorized usage of a Wi-Fi connection.

For many criminal offenses, the mens rea that is required is “knowingly” or “intentionally.” If the computer’s owner did not know or intend for criminal activity to be completed by using his or her computer, there would be inadequate grounds to support a conviction. The prosecution bears the burden of proof in a criminal case, so it would have to show that the owner of the computer did in fact have this required element of the case.

In some instances, negligence crimes can arise, but these tend to be much less serious crimes. Negligence crimes often require a much lower mental state than other crimes. Through the Communications Decency Act, Internet Service Providers are immune from prosecution if a person uses the Internet in order to engage in unlawful activity.

Civil Liability

Even if it is not a crime to leave your Wi-Fi connection open or for someone else to hack into your system and commit illegal activity with it, there may still be civil liability. In civil cases, the burden of proof is usually proof by a preponderance of the evidence.


A negligence claim may arise if the plaintiff can show that the defendant owed him a duty, breached that duty and the breach caused damages. A defendant may owe the plaintiff a duty because it is a business that stores private information. Alternatively, the defendant may simply owe the plaintiff a duty to act as a reasonable person in any given situation. The court is responsible for determining whether the defendant owed the plaintiff a duty. The question of whether a duty exists evolves with time and as technology changes. If there is no duty, there is no viable negligence claim.

A claim of this nature may allege that the defendant failed to act reasonably by not securing the computer or the Wi-Fi connection. Such a claim may arise in a case involving copyright infringement in which the plaintiff is the holder of a copyright and someone uses the defendant’s computer or Wi-Fi connection to download content illegally. A common question in negligence cases is whether it is “custom” to do or not do a certain act. For many, it is “custom” that Wi-Fi networks and computers be password-protected. While this may be custom, this characteristic only helps a jury to determine what a reasonable person would do in the situation and is not dispositive of the resolution of the case.

Negligence cases are decided on a case-by-case basis. The results in one jurisdiction can vary from the cases in another jurisdiction. Decisions made at higher levels of the court generally serve as precedent over state courts at a lower level. One federal court in California held that a user cannot be held legally responsible if someone else hacks into their computer network and commits a crime without the owner’s permission. A similar statement was made by a New York state judge.

Fiduciary Duty

In cases in which the defendant had a fiduciary duty to the plaintiff because he or she was a holder of confidential records, financial statements or other important information, the defendant may have a heightened duty to safely protect this information. Such an individual or entity may have the legal duty to protect themselves from a potential cyber attack.

Protective Steps

In order to avoid potential liability, individuals should ensure that they take all steps to protect their computer and connections. This includes securing their Wi-Fi connection and computer with unique, strong passwords. When using another person or entity’s account, individuals should be aware of reduced privacy expectations. Account owners can set up private networks or guest accounts when providing Wi-Fi connections to others or use wireless VLANs. Guest networks may include a legal disclaimer in case someone does use the connection to participate in criminal activity. Additionally, individuals may violate their ISP service agreement if they leave their Wi-Fi open to the public.

Copyright HG.org

Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.

Find a Lawyer

Find a Local Lawyer