Joy’s $300K Ice Cream Disaster: Why CEOs Should Fear Sugar Cones and Section 5

Last week, I had an ice cream cone. The old-school sugar kind. Delicious, nostalgic—and apparently a hacker favorite.

Because back in February 2023, the folks at Joy, the ice cream cone company, got breached. That’s right—cone makers. And not just a few rows of flavor data. We’re talking names and social security numbers. Joy isn’t just sprinkles and smiles—they’re a full-blown manufacturing operation with nearly 1,000 employees. That means employee records. And hackers love records.

By April, employees were being contacted directly. The company had to disclose that sensitive data had been leaked. Cue the lawsuits. Cue the class-action settlement: $300,000 down the drain.

But here’s the kicker: this wasn’t a regulatory nightmare from HIPAA or some complicated alphabet soup of compliance. It was Section 5 of the FTC Act. That’s the one about “unfair or deceptive acts or practices.” The lawsuit claimed that failing to secure employee data was unfair. Not having a secure system is now considered an illegal business practice.

Let that sink in.

The Lie Business Owners Keep Telling Themselves

“I don’t have compliance requirements.”

Wrong.

If you have employees, you’ve got compliance requirements. If you have customers, you’ve got compliance requirements. You just haven’t read them yet.

Hackers don’t care whether you’re in healthcare, finance, or food. They care about data. And lawsuits care about one thing: who was asleep at the wheel.

Your Biggest Risk Isn’t a Breach—It’s the Courtroom

Let’s cut the fluff. Cyber insurance isn’t the safety net it used to be. Over 44% of claims are denied. Lawyers are circling like sharks with class-action bait, and regulators have started sharpening their teeth with FTC Section 5.

One in five ransomware attacks ends in a lawsuit. That means if you’re reading this and haven’t had an assessment done, you’re betting your business on luck.

What Would a Cyber Liability Assessment Tell You?

It’s not about compliance checklists. It’s about whether you can prove that you took reasonable steps to protect your business.

Can you show:

• That you recommended MFA before the attack?
• That your employees were trained?
• That your systems were audited?
• That your backups were segregated and secure?

If not, you’re not secure. Heck, even if you are secure and you can’t prove that you took the right steps…You’re liable.

Want to Avoid the Lawsuit? Get the Evidence Now.

At Galactic, we offer a Cyber Liability Assessment designed specifically for businesses that want to stay out of the courtroom. We don’t audit for checkboxes—we dig for the ticking time bombs you didn’t even know were there. And we help you fix them before someone decides to sue you for failing to act.

Remember Joy. They make ice cream cones, not credit cards. They didn’t think they were a target. But the hackers and lawyers didn’t care.

Neither will yours.