Tag Archives: data breach

Credit Unions Continue to Demand New Data Security Standards for Retailers and Right to Recover Losses After a Breach

By Zac Ciullo on Posted in Data Breaches
On September 3, 2014, following the news of a possible breach at Home Depot (which was confirmed on September 8), the National Association of Federal Credit Unions (NAFCU) called on Congress to enact new legislation to hold retailers more responsible for data security breaches. “These continued data breaches will have a chilling effect on our … Continue Reading

What Companies Can Do to Protect Themselves in the Face of Yet Another Massive Data Breach

Photo of Pamela Jones HarbourBy Pamela Jones Harbour and Jenna N. Felz on Posted in Cybersecurity, Data Breaches, Information Security, Online Privacy
Last week it was reported that a small group of Russian computer hackers illegally obtained an unprecedented quantity of internet credentials, including 1.2 billion username and password combinations, and over 500 million unique email addresses. The compromised companies have not yet been identified, but it is believed that the information came from over 420,000 websites. … Continue Reading

Clapper Again Stymies Data Breach Class Action

By Judy Selby on Posted in Data Breaches, Online Privacy, Privacy Class Actions
Editor’s Note: This blog post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog. The U.S. Supreme Court’s decision in Clapper v. Amnesty International USA again has been relied on by a federal district court to hold that the “mere loss of data” in a data breach case does not constitute an injury sufficient to … Continue Reading

Kentucky Enacts Data Breach Notification Statute

By Cory J. Fox on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Information Security
On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation.  Prior to H.B. 232, Kentucky was one of only four states—including Alabama, New Mexico, and South Dakota—that had not adopted data breach notification legislation.  H.B. 232 also includes a separate section … Continue Reading

Is the 5th Time the Charm? – Nationalizing Data Breach Notification

Photo of Eric A. PackelBy Eric A. Packel on Posted in Breach Notification, Data Breach Notification Laws, Federal Legislation
Once the smoke and dust clears from the latest enormous data breach, the fried servers are hauled away and the ritual IT department purge takes place, the focus seems to turn to the lack of any comprehensive national data breach law. Although certain sector specific breach notification laws are in place, such as HIPAA/HITECH in … Continue Reading

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Photo of Lynn SessionsBy Lynn Sessions and Kimberly M. Wong on Posted in Data Breaches, HIPAA/HITECH, International Privacy Law, Medical Privacy
Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other administrative sanctions stemming from a breach incident affecting 13,336 Dual Eligible Medicare beneficiaries.  The breach incident occurred in September 2013 when Triple-S mailed to … Continue Reading

January 15 webinar: Managing Cardholder Data Security Risks in an Evolving Payments Landscape

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry
Please join us from 2-3:30 pm ET on January 15 for a webinar that will provide a look back on significant payment card security events that occurred in 2013 and the security, risk mitigation, and customer relations lessons that can be learned from them. We will also discuss what the continuing and emerging threats may … Continue Reading

District Court rejects supervisor liability for state employee’s motor vehicle record data breach

Photo of BakerHostetlerBy BakerHostetler on Posted in Privacy Class Actions
Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog and was authored by Matthew Moody and Sammatha Clegg In a recent decision, the Federal District Court of Minnesota found that state agencies were not liable in a data breach class action suit involving a rogue employee’s unauthorized viewing of personal information … Continue Reading

Highest Bidder Loses Spoliation Fight in Auction House Data Breach

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches
This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: Karin Scholz Jenson and  Ganesh Krishna A recent case out of the Northern District of Ohio is an unsung victory for proportionality in that the Court twice declined to sanction a plaintiff’s “failure” to forensically image computers where computer logs showing the … Continue Reading

New gTLDs Raise Data Security Concerns

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Online Privacy
Authored by: David A. Einhorn and Alan Pate ICANN is well on its way to the launch of new generic top-level domains (gTLDs) with the first ones being approved as early as April 23rd.  The handful of TLDs currently in use, such as “.com”, “.org”, and “.edu”, may soon be joined by over 1000 gTLDs … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Photo of BakerHostetlerBy BakerHostetler on Posted in Data Breaches
Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading

Court Denies Motion for Class Certification in Hannaford

Photo of Erica Gann KitaevBy Erica Gann Kitaev on Posted in Data Breaches
Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog.  For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. In an order surely to reverberate with both the plaintiffs’ and defense bar, on March 20, 2013, Judge D. Brock Hornby of the United States District Court for the District of Maine … Continue Reading

South Korea Court Opens the Door for Unintentional Data Breach Collective Actions

Photo of Erica Gann KitaevBy Erica Gann Kitaev on Posted in Data Breaches, International Privacy Law, Privacy Class Actions, Privacy Litigation
Authorship Credit:  Nathan A. Schacht This is a cross blog post with BakerHostetler’s class action blog.  For the latest in class action developments, visit classactionlawsuitdefense.com.  On February 15, 2013, the Seoul Western District Court in South Korea issued a judgment in a collective consumer action against a South Korean company for a data breach involving … Continue Reading

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Payment Card Industry, Privacy Class Actions
Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system.  Global Payments later disclosed that Track 2 data (card number, expiration date, verification code but not cardholder name or address) of 1.5 million cardholders were taken.  Three individuals brought a … Continue Reading

Healthcare Organizations are Suffering from Serious Data Security Ills

By Judy Selby on Posted in HIPAA/HITECH, Medical Privacy
The diagnosis is in, and its not good. Unless an aggressive treatment plan is put in place, the prognosis will be just as bleak. On December 6, 2012, the Ponemon Institute issued its Third Annual Benchmark Study on Patient Privacy & Data Security. The key findings were that a shocking 94 percent of healthcare organizations in the … Continue Reading

CMS’s Privacy Problem: Data Breaches, Medicare Numbers, and Inaction

Photo of Lynn SessionsBy Lynn Sessions on Posted in HIPAA/HITECH, Medical Privacy
Co-authored by: Cory Fox The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information by the Centers for Medicare and Medicaid Services (CMS), including Medicare numbers, affecting nearly 14,000 beneficiaries in the past … Continue Reading

Data Breach Class Action against Popular Video Game Developer Dismissed for Failure to Plead Adequate Damages

Photo of Gerald J. FergusonBy Gerald J. Ferguson on Posted in Data Breaches
Authored by: Alan Pate In a ruling this past Wednesday, November 14th, a Federal Judge in the Western District of Washington dismissed a class action against video game developer Valve Corporation. The class action stemmed from a November 6th, 2011 data breach of Valve’s popular online video game distribution platform, “Steam.” As a result of … Continue Reading

Congressional Update on Data Privacy & Security

By William Weber on Posted in Data Breaches, Online Privacy
The rumors of the death (or at least “dearth” — of activity) of the 112th Congress are somewhat exaggerated, to morph a phrase from Mark Twain; at least regarding the last couple weeks prior to the Independence Day recess. Not only did Congress pass major legislation related to the FDA, transportation programs and student loans … Continue Reading

Massachusetts Attorney General Settles Enforcement Action for $750,000

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Data Breaches, Enforcement, State Legislation
In June, 2010, South Shore Hospital announced on its website that unencrypted back-up tapes containing patient information went missing and were believed to have been discarded at a dump.  Reports state that this incident involved 473 tapes which contained information about 800,000 patients, including names, social security numbers, account numbers, and medical diagnoses. On May … Continue Reading

UPDATE: If There is Credit Card Fraud, There Must Have Been a Breach

Photo of Craig A. HoffmanBy Craig A. Hoffman on Posted in Data Breaches, Payment Card Industry
As we reported in December 2010, after an online merchant suffered chargeback losses of almost $12,000 on nine fraudulent orders, it sued the bank that issued the nine cards that were fraudulently used alleging that the most likely cause of the fraud was a data security breach at the bank that the bank ignored.  The merchant … Continue Reading

Senate Cybersecurity Bill Due Out This Week; Floor Action Not Likely Until March

By William Weber on Posted in Cybersecurity, Federal Legislation, Information Security
Odds are good that legislation to address online threats to the nation’s critical infrastructure assets will finally be released this week, but real action on it won’t take place until March: The Homeland Security and Government Affairs Committee, chaired by Joe Lieberman (I-CT), has scheduled a hearing on the ‘Cybersecurity Act of 2012’ for Thursday … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

Photo of Theodore J. Kobus IIIBy Theodore J. Kobus III on Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Enforcement, HIPAA/HITECH, Identity Theft, Information Security, Medical Privacy, Online Privacy, Payment Card Industry
While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading
LexBlog