Archives: Identity Theft

Connecticut May Become First State to Require Identity Theft Protection

By Jenna N. Felz on June 15, 2015 Posted in Data Breaches, Identity Theft

A bill currently before Connecticut Governor Dannel P. Malloy would make the state the first in the nation to require identity theft protection for data breach victims. Senate Bill 949 was approved by both the Connecticut Senate and House on June 1, 2015. If passed, it would amend existing state law to require companies to … Continue Reading

California Attorney General Releases 2014 Data Breach Report and Recommendations, Finding More of the Same.

By Tanya Forsheit on October 29, 2014 Posted in Breach Notification, Data Breaches, Identity Theft, Retail Industry

Editor’s Note: The author thanks Jaysen Borja for his contributions to this post. On October 28, 2014, Attorney General Kamala Harris released the second annual California Data Breach Report. The report detailed the nature and scope of data breach notifications that her office received in 2013. Her office has been analyzing notifications of data breaches … Continue Reading

Florida Gives Breach Notification Statute More Teeth

By Cory J. Fox on June 30, 2014 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security

On June 20, 2014, Florida Governor Rick Scott signed the Florida Information Protection Act of 2014 (“FIPA”), which will repeal Florida’s current breach notification statute at Fla. Stat. § 817.5681 and replace it with a new statute at Fla. Stat. § 501.171 effective July 1, 2014. On the same day, Governor Scott also signed SB … Continue Reading

Iowa Breach Notification Law Now Requires AG Notification, Applies to Paper Records

By Cory J. Fox on April 16, 2014 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Identity Theft, Information Security

Iowa recently joined an increasing number of states that require notification of state regulatory authorities following a breach, as well as a handful of states in which paper records can trigger notification obligations. On April 3, 2014, Iowa Governor Terry Branstad signed S.F. 2259 into law, amending Iowa’s Personal Information Security Breach Protection statute (Iowa … Continue Reading

Once Again, Clapper Defeats Data Breach Class Action

By Judy Selby on February 14, 2014 Posted in Data Breaches, Identity Theft, Online Privacy, Privacy Litigation

Article III standing has once again proved to be an insurmountable hurdle for data breach class action plaintiffs whose personal information hasn’t been misused. In Galaria v. Nationwide Mutual Insurance Co., an Ohio federal court relied on the United States Supreme Court’s decision in Clapper v. Amnesty Intern. USA, 133 S.Ct. 1138 (2013), and held … Continue Reading

FTC Databook Highlights Consumer Fraud

By Michael Young on March 4, 2013 Posted in Cybersecurity, Identity Theft, Information Security, Online Privacy

The FTC last week announced the release of the Consumer Sentinel Network Databook for January – December 2012. The “Consumer Sentinel Network” is the FTC’s platform for law enforcement collaboration on issues affecting consumers. The program collects data from a wide range of sources, providing a comprehensive, nationwide picture of consumer complaints. Given the possible existence … Continue Reading

The HIPAA/HITECH Final Rule Has Been Released

By Theodore J. Kobus III on January 17, 2013 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, Federal Legislation, HIPAA/HITECH, Identity Theft, Medical Privacy

The long awaited HIPAA/HITECH Final Rule is out. The final rule is effective March 26, 2013, but covered entities (CEs) and business associates (BAs) will have 180 days beyond the effective date to come into compliance. While we are still conducting a comprehensive review of this 563-page document, below are a few of the changes we have found so far: … Continue Reading

Lame Duck Congress Acts on Privacy Bills, Mostly With an Eye Toward 2013

By William Weber on December 21, 2012 Posted in Identity Theft, Mobile Privacy, Online Privacy

While continuing congressional inaction on the fiscal cliff is getting most of the ink/pixels in news headlines over the last couple weeks, several privacy bills have advanced in the House and Senate. Though only one is likely to become law before the 112th Congress ends in a few days, they embody what will be the … Continue Reading

Wow! Government Amends Red Flags Rule to Make it Narrower

By Barry Cutler on December 14, 2012 Posted in Identity Theft

Congress, FTC Restrict Definition of “Creditors” who must Adopt a Formal Plan to Prevent, Detect ID Theft In journalism, the adage goes, “man bites dog” is news. The regulatory equivalent should be “government amends Rule to make it narrower.” Yet that is what the Congress and the FTC have done to the definition of “creditors” … Continue Reading

It’s Raining PII in New York

By Judy Selby on November 26, 2012 Posted in Identity Theft

On November 25, 2012, the front page of the New York Post blasted the headline, “Drop Secret. Shred Alert! Covert cop files used as parade confetti.” The Post reported that shredded files appearing to contain material from Long Island’s Nassau County Police Department were dropped during this year’s Thanksgiving Day parade. The confetti reportedly contains … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

By Craig A. Hoffman on July 12, 2012 Posted in Financial Privacy, Identity Theft, Online Privacy

It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

Reading This Might Just Preserve Your Identity and Reputation

By Gerald J. Ferguson on June 7, 2012 Posted in Identity Theft, Information Security, Online Privacy

Authorship Credit: Dave Taylor, Director, Information Technology, Baker & Hostetler LLP We are seeing a dramatic increase in spam and email phishing schemes once again. These schemes have become very sophisticated in their ability to mimic the multitudes of legitimate on-line transactions that occur every day. Please consider the following when reading and reacting to … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

By Craig A. Hoffman on March 14, 2012 Posted in Financial Privacy, Identity Theft

Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats. The proposed rules are meant to implement Title X of the … Continue Reading

Hi-Tech & Low-Tech Social Engineering Used for Corporate Bank Account Takeovers

By Craig A. Hoffman on March 13, 2012 Posted in Identity Theft, Information Security

Hi-Tech Corporate bank accounts continue to be targeted by criminals who use various forms of malware to gain access to the account and then wire money out of the account. One variation of these cyberattacks occurs in the form of a virus that captures corporate online banking credentials combined with a DDoS attack against the … Continue Reading

FTC Report Shows Rise in Identity Theft Complaints

By Michael Young on March 6, 2012 Posted in Identity Theft

The Federal Trade Commission has released the Consumer Sentinel Network Data Book, its annual report of complaints filed with the FTC and other state organizations. The report tracks consumer complaints by categories such as fraud, identity theft, and other. Fraud complaints span 30 different categories, including debt collection, bank/lending services, prizes/sweepstakes/lotteries, impostor scams, shop-at-home and … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

By Theodore J. Kobus III on December 29, 2011 Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Identity Theft, Information Security, Medical Privacy, Online Privacy, Payment Card Industry

While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing. During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

Facial Recognition: The End of Privacy or a Precursor for New Laws?

By Craig A. Hoffman on December 2, 2011 Posted in Behavioral Advertising, Federal Legislation, Identity Theft

Do you feel compelled to wear a Richard Nixon mask or a baseball hat equipped with infrared signal emitters on the brim when you leave the house? If so, you may be trying to prevent a passerby on the street from guessing your name, interests, Social Security number, or credit score using only a pair … Continue Reading

Beware an Email Scam That Appears to be From a Friend in Need

By Craig A. Hoffman on April 20, 2011 Posted in Identity Theft

Authorship credit: Richard M. Lehrer The following reveals the importance of (i) selecting a strong password (one with at least a combination of numbers and letters) for association with your email account and (ii) confirming all information before sending money in response to any email. In the coming days you may receive an email from … Continue Reading

Hackers Are Using Compromised Personal Information to Further Hacking Schemes

By Gerald J. Ferguson on April 14, 2011 Posted in Identity Theft, Information Security

In talking to friends and clients, we are seeing a recent upsurge in attacks by hackers who appear to have access to compromised personal information and are using that information to further hacking schemes. We are sharing the facts of two recent attacks so that you can be on the lookout for these hacking techniques. 1. An individual reported receiving an authentic looking email … Continue Reading