Credit Unions Continue to Demand New Data Security Standards for Retailers and Right to Recover Losses After a Breach

By Zac Ciullo on September 12, 2014 Posted in Data Breaches

On September 3, 2014, following the news of a possible breach at Home Depot (which was confirmed on September 8), the National Association of Federal Credit Unions (NAFCU) called on Congress to enact new legislation to hold retailers more responsible for data security breaches. “These continued data breaches will have a chilling effect on our … Continue Reading

Secret Service Raises Warning About Backoff POS Malware

By Craig A. Hoffman on August 25, 2014 Posted in Information Security, Online Privacy, Retail Industry

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems. The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g., … Continue Reading

Will the Driver’s Privacy Protection Act Fuel the Next Wave of Class Actions Against Retailers?

By Craig A. Hoffman on November 29, 2011 Posted in Federal Legislation, Privacy Litigation

Within a month of a California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc. (finding ZIP codes constitute personal identification information under California’s Song-Beverly Act), over 100 putative class action law suits were filed against retailers operating in California. A November 22 lawsuit against Best Buy (Siegler v. Best Buy Co. of Minnesota, Inc.) … Continue Reading