Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Breach

Subscribe to Data Breach RSS Feed

Massachusetts Appeals Court Set to Consider Scope of Employer Liability for Employee Data Breaches

Posted in Cybersecurity, Data Breach, Employee Privacy, Uncategorized

By Breton Leone-Quick Many of the highest-profile and headline-catching data breaches involve external breaches of a company’s electronic systems. But the reality that these headlines obscure is the fact that internal data breaches are generally more prevalent and represent a primary source of concern for data security managers. The legal liability of employers for data… Continue Reading

Data Breach = Class Action Suit. Again.

Posted in Class Action Litigation, Data Breach, Data Breach Notification, HIPAA/HITECH

Originally posted in Mintz Levin’s Health Law & Policy Matters Blog Written by Jordan Cohen In yet another data breach affecting millions of individuals, UCLA Health System (“UCLA”) reported on Friday – July 17, 2015 – that hackers had accessed portions of its health network that contained personal information, including names, addresses, dates of birth, social security numbers, medical record… Continue Reading

Change in the Prevailing Winds in Consumer Data Breach Cases?

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Seventh Circuit Rules Consumers Have Standing to Sue in Neiman Marcus Payment Card Data Breach Case In Remijas v. Neiman Marcus Group, LLC, the Seventh Circuit reversed a district court decision dismissing consumer payment card data breach claims for lack of standing.  The appellate panel held that injuries consisting of 1) lost time and money resolving… Continue Reading

Privacy Monday – July 20, 2015: Hack Attack on Adultery Site Ashley Madison

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Monday

It’s Monday!   Once again, data breaches and hacks are front and center, so here are three stories you should know about to start your week. 1.    The Site that Promises “Discreet Encounters” Hacked — Karma? If you have not heard the provocative ad campaign launched by a site called AshleyMadison, it may surprise… Continue Reading

Home Depot Moves to Dismiss Bank Data Breach Claims on Standing and Ripeness Grounds

Posted in Class Action Litigation, Data Breach, Privacy Litigation

In its recently-filed motion to dismiss claims of card-issuing banks arising from the September 2014 theft of payment card data from Home Depot point of sale terminals, Home Depot employs an approach typically used to respond to consumer claims.  In payment card data breach cases, defendants typically argue that consumers lack standing to sue because card… Continue Reading

Privacy Monday – June 22, 2015

Posted in Cybersecurity, Data Breach, Events and Webinars, Privacy Monday, Security

The first Privacy Monday of the summer! It’s appropriate that the “boys of summer” feature prominently in today’s post. Strike three for the St. Louis Cardinals? On another summer Privacy Monday in 2014, we made note of a reported hack into the Houston Astros’ vaunted “Ground Control” database and GM Jeff Luhnow said he intended to prosecute whoever… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

Home Depot Moves to Dismiss Consumer Data Breach Claims for Lack of Standing

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Home Depot has staked its defense of consumer claims arising from the 2014 theft of payment card data from the home improvement retailer on the asserted absence of injuries sufficient to confer standing to sue.  Because consumers rarely sustain out-of-pocket losses when their payment card numbers are stolen, lack of standing is typically the primary… Continue Reading

Failure to Obtain Required Retailer Approval Scuttles Target-MasterCard Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Target’s attempt to resolve claims of MasterCard-issuing banks through a $19 million private settlement with MasterCard has been terminated for failure of issuers of 90% of the affected cards to accept the settlement by the Wednesday, May 20 acceptance deadline.  Press reports on Friday, May 22 indicated that both Target and MasterCard had confirmed that… Continue Reading

CNA Denies Cyber Insurance Claim

Posted in Cybersecurity, Data Breach, Insurance, Privacy Litigation

Key takeaway:   The insurance applications and underwriting questionnaires prepared in connection with cyber insurance do matter. Cyber security, and cyber insurance, have dominated the industry headlines for several years now, but even as companies, brokers and insurers work to develop these products, there has been a dearth of case law interpreting key provisions.  This is beginning to change… Continue Reading

Privacy Monday – May 18, 2015

Posted in Children, Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars, Mobile Privacy, Online Advertising, Privacy Monday, Security, Uncategorized

It’s Monday morning — do you know your privacy/security status? Here are a few bits and bytes to start your week. SEC to Registered Investment Advisers and Broker-Dealers:  It’s Your Turn to Pay Attention to Cybersecurity The Division of Investment Management of the Securities & Exchange Commission (SEC) has weighed in on cybersecurity of registered investment companies… Continue Reading

Judge in Target Data Breach Litigation Declines to Block MasterCard Settlement

Posted in Class Action Litigation, Data Breach

Senior U.S. District Court Judge Paul Magnuson issued an order  on Thursday, May 7 denying a request by counsel for card issuer banks to enjoin the settlement of data breach related claims negotiated between Target and MasterCard.  As we have previously reported, the proposed settlement would provide compensation to MasterCard-issuing banks for fraud losses and… Continue Reading

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Litigation, Security

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response.  The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches.   The guidance is not perfect, and in some respects is simply a recitation of existing best practices, but it is still valuable because… Continue Reading

Privacy Monday – May 4, 2015: Shaping Up — Update on the EU’s Draft General Data Protection Regulation

Posted in Data Breach, Data Breach Notification, EU Data Protection Regulation, European Union, Events and Webinars, Uncategorized

On this Privacy Monday, we can definitely say that the long winter of our discontent (at least for some of our readers) is over.    Happy spring! In case you missed it,  last Wednesday we presented the fourth in our Wednesday Webinar series on the progress of the EU draft Data Protection Regulation and what we… Continue Reading

Target and Card Issuers Dispute Use of MasterCard Settlement to Resolve Data Breach Claims

Posted in Class Action Litigation, Cybersecurity, Data Breach, Privacy Litigation

In the wake of Target’s April 15 announcement of a private $19 million settlement of the data breach claims of MasterCard-issuing banks, counsel representing the putative card issuer class in the consolidated Target data breach litigation moved to enjoin the proposed settlement, arguing that it is an improper end-run around the Minnesota federal court’s adjudication… Continue Reading

UPDATE: Target Confirms It Has Negotiated A $19 Million Data Breach Settlement With MasterCard

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Target confirmed a report in the Wednesday edition of The Wall Street Journal of a settlement with MasterCard concerning claims of card-issuers arising from Target’s 2013 data breach.  The data breach, which occurred during the post-Thanksgiving holiday shopping season, compromised over 40 million credit and debit cards used to make purchases at Target stores. The… Continue Reading

Report: Target Close To $20M Data Breach Settlement With Master Card

Posted in Class Action Litigation, Data Breach, Privacy Litigation

According to a report published today in The Wall Street Journal, Target and MasterCard are close to reaching a settlement of the claims of MasterCard-issuing institutions in connection with Target’s 2013 data breach.  The settlement would reimburse the cost of reissuing debit and credit cards compromised by the breach, as well as a portion of… Continue Reading

Precedent and the Price Explain Why Target and the Consumer Class Agreed to an Early Data Breach Settlement

Posted in Class Action Litigation, Data Breach, Data Breach Notification, Privacy Litigation, Uncategorized

On March 18, 2015 – just three months after denial of a motion to dismiss consumer claims arising from Target’s 2013 data breach – Target and the consumer class filed papers seeking approval of a settlement.  The proposed settlement agreement creates a  $10 million cash fund to be paid out to class members claiming actual damages arising from… Continue Reading

More than Employees Bargained For: Do Union Employees Have a Right to Bargain Over Company Data Breaches?

Posted in Data Breach, Data Breach Notification

Originally posted to Mintz Levin’s Employment Matters Blog These days most employers manage a vast amount of electronic information about their employees, including the employees’ personal identifying information. But, what obligations do employers have to unionized employees with respect to managing that information and bargaining with them in the event of a breach of their private… Continue Reading

Target Data Breach Price Tag: $252 Million and Counting

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Privacy Litigation

In a recently-released Form 8-K filing announcing fourth quarter and year-end financial results, Target Corporation reported that expenses incurred in 2014 relating to its 2013 data breach totaled over $191 million.  Those expenses were offset by $46 million in insurance proceeds, resulting in a $145 million charge against Target’s 2014 operating results.  The expenses incurred… Continue Reading