Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Data Breach

Subscribe to Data Breach RSS Feed

On the Sixth Day of Privacy, the hackers gave to Sony……

Posted in 12 Days of Privacy, 201 CMR 17.00, Cybersecurity, Data Breach, Data Compliance & Security, Security

many more than six different hacks…….and headaches…… Written by Jonathan Ursprung With the holiday season in full swing, many of us are struggling with that age-old question: “what do you get for the person who has everything?”  Well, if that person happens to be your supreme leader, the answer may very well be “a massive download… Continue Reading

On the Third Day of Privacy, the Shareholders Gave to Me……

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Data Compliance & Security, Privacy Regulation, Security

…….Shareholder Proposals on Cybersecurity and Privacy: Another Country Heard From  Written by Megan Gates As the holiday season slips into the rear view mirror, another season looms large for public companies —- proxy season.  Adding to the ever-growing chorus of demands for increased transparency by public companies on cybersecurity and privacy matters, institutional shareholders have… Continue Reading

On the Second Day of Privacy, Plaintiffs’ Counsel Gave to Me . . .

Posted in 12 Days of Privacy, Cybersecurity, Data Breach, Privacy Litigation

  . . . still more privacy litigation.  In 2015, we are likely to see further development of the law in data breach class actions, continuing growth in statutory privacy claims, and increased risk of privacy-related claims arising from burgeoning merger and acquisition activity. Written by Kevin McGinty and Meredith Leary “Trying to predict the future is a… Continue Reading

Issuer Banks’ Claims in Target Data Breach Litigation Survive Motion to Dismiss

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin Mc Ginty Federal District Judge Paul Magnuson has ruled that banks that issued credit and debit cards to customers whose data was stolen in the December 2013 Target data breach could continue to litigate claims against Target for negligence and violation of Minnesota’s Plastic Security Card Act (“MPCSA”), Minn. Stat. § 325E.64.  The… Continue Reading

Global Internet Threat Activity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, Security

Often, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading

Home Depot Data Breach Litigation: Venue and Consolidation

Posted in Class Action Litigation, Data Breach, Privacy Litigation

Written by Kevin McGinty Substantive litigation in the flood of lawsuits concerning the recent Home Depot data breach awaits a determination of where the cases will be heard.  Numerous overlapping lawsuits have been filed in courts throughout the United States asserting claims on behalf of consumers and financial institutions arising from the massive theft of… Continue Reading

Court Dismisses Shareholder Derivative Action Targeting Directors and Officers for Data Breaches

Posted in Cybersecurity, Data Breach, Privacy Litigation

Written by David Barres A federal district court in New Jersey has dismissed with prejudice a shareholder derivative suit, Palkon v. Holmes, No. 14-CV-01234 (SRC) (D.N.J.), that tried to blame the directors and officers at hospitality company Wyndham Worldwide Corporation (“Wyndham”) for a series of data breaches. The court’s decision is notable because it illustrates some… Continue Reading

Privacy Monday – October 6, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Security

A new month, a new Privacy Monday. JPMorgan Chase:  Baiting the Hook for Phishers  Cybercrime researchers say that the 83 million customer records (76 million consumer and 7 million small business) swiped from JPMC could be the fuel for years of fraud.  In its 10-K filing with the Securities and Exchange Commission, JPMC disclosed the nature and scope… Continue Reading

Privacy Monday – September 22, 2014

Posted in Cybersecurity, Data Breach, HIPAA/HITECH, Privacy Monday

Happy autumnal equinox — http://www.skyandtelescope.com/astronomy-news/observing-news/autumnal-equinox-2014-arrives-09222014/ Home Depot Breach – By the Numbers 56 million cards at risk (compare to Target = 40 million) $62 million in estimated costs (compare to Target  =$146 million and counting) $27 million insurance coverage (compare to Target = $100 million in cover) Lawsuits filed – at least 1 in US and… Continue Reading

Privacy Monday – September 8, 2014

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Privacy Monday

Back to school, back to traffic jams … back to Privacy Mondays! Our look at bits and bytes and goofs and gaffes in data privacy and security Home Depot Breach Update It has been nearly a week, and The Home Depot has still not confirmed that it is the latest victim of point-of-sale hackers in… Continue Reading

Another day, another data breach…..DIYers, beware. This time it’s Home Depot.

Posted in Cybersecurity, Data Breach, Data Breach Notification

It appears that the data breach victim of the week (perhaps of the year) is The Home Depot.  Brian Krebs has reported that it appears that two large dumps of purloined credit card numbers have made an appearance on the black market and that those numbers may have originated at Home Depot locations.   Krebs’ reporting is… Continue Reading

“Backoff” Update — More Widespread, PCI Council Issues Call to Action — If You Accept Credit Cards Via Point-of-Sale, You Need to Read This

Posted in Data Breach, Data Breach Notification, Security

Written by Cynthia Larose Some weeks ago, we wrote a piece “What You Need to Know About Backoff Malware:  The New Threat Targeting Retailers” .   It’s apparently gotten worse.   Any business utilizing point-of-sale (POS) terminals for “swiping” credit cards needs to pay attention to this threat and assess vulnerability.  Hospitals, physicians’ offices, veterinary clinics,  colleges… Continue Reading

Data Privacy and Security Roundtable: Anticipating the Inevitable

Posted in Cybersecurity, Data Breach, Data Breach Notification, Data Compliance & Security, Events and Webinars

Technology, retail, medical, financial services, education ….. and more experience data losses on a daily basis through employee negligence, poor controls, insider attacks, advanced persistent threats from malevolent outsiders or computer viruses. Join Mintz Levin Privacy team members and other privacy and security experts in San Francisco on September 30 for a roundtable discussion of… Continue Reading

Massive Data Breach Affects 4.5 Million Patients in 29 States

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH

Written by Julia Siripurapu, CIPP/US and Dianne J. Bourque Community Health Systems, Inc. (the “Company”), one of the largest hospital organizations in the country, announced via a public filing (Form 8K) made yesterday with the Securities and Exchange Commission (“Report”) that the Company was the target of a cyber attack that compromised the health data… Continue Reading

Privacy Monday – August 18, 2014

Posted in Data Breach, Data Compliance & Security, Online Advertising, Privacy Monday, Privacy Regulation, Security

There is another retail data breach to talk about in this Privacy Monday post – privacy & security bits and bytes to start your week. Supermarket Chain Reports Data Breach Minnesota-based food retailer Supervalu Inc. has reported breach of its point-of-sale (POS) system, apparently by hackers.  A press release on the corporate website describes the… Continue Reading

Privacy Monday – August 11, 2014

Posted in Cybersecurity, Data Breach, Privacy Monday, Privacy Regulation, Security

    We are just two Mondays away from Labor Day, the traditional end of summer in the United States.  Here are some privacy tidbits to get your week started.  See especially Jake Romero’s piece on the new Delaware data destruction law.     Lack of Information on the Russian Hackers A company called Hold Security… Continue Reading

Privacy Monday: July 21, 2014

Posted in Data Breach, Data Breach Notification, Identity Theft, Privacy Monday

We are now officially in the throes of “midsummer” on this Privacy Monday.  And, on occasion in the data privacy world, we agree with Will Shakespeare’s words….“Lord, what fools these mortals be!” Flash Drives  …. Butler University has warned about 160,000 students, faculty, staff, and alumni that personal information was discovered on a flash drive… Continue Reading

Wyndham Gets Life Preserver in Data Breach Case

Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation

Written by Adam Veness New Jersey U.S. District Judge Esther Salas agreed to allow Wyndham Hotels and Resorts LLC to immediately appeal to the Third Circuit a ruling affirming the FTC’s authority to bring data security cases.  We have been following this case since the beginning, and you can see our last post here. Judge Salas… Continue Reading

D’oh! OCR Confirms that Medical Records Should Not be Left in the Driveway

Posted in Data Breach, Data Breach Notification, HIPAA/HITECH

Written by  Dianne J. Bourque  (reprinted from Mintz Levin’s Health Law Policy Matters blog) The most recent Office for Civil Rights (“OCR”) HIPAA enforcement action serves as an important reminder to health care providers of the security risks associated with a mishandled medical records custody transfer and the risks of leaving paper records in the… Continue Reading

Privacy Monday – June 23, 2014

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Privacy Monday

DC Update from Politico Morning Tech “DATA BREACH DRAFT DELAYED – The thorny issue of FTC enforcement has slowed efforts to release a draft of Rep. Lee Terry’s data breach bill, according to sources close to the process. Terry had hoped to release the draft he’s been working on with Democrats John Dingell and Peter… Continue Reading

Five Lessons from OCR’s Report to Congress on Breaches and HIPAA Rules Compliance

Posted in Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy Regulation, Security

Written by Stephanie D. Willis and Dianne J. Bourque (republished from Mintz Levin’s Health Law Policy Matters blog)   Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information… Continue Reading

Health Data Breach Victims Have Standing to Sue Says WV Supreme Court

Posted in Data Breach, HIPAA/HITECH, Privacy Litigation

The most common defense against class actions for data breach has itself been breached in a ruling last week by the West Virginia Supreme Court. The Court’s opinion held that representatives of the class of medical clinic patients whose names, contact details, social security numbers and medical information had been accidentally posted to a publicly… Continue Reading

My company isn’t a search engine. Why should I care about Google Spain?

Posted in Data Breach, Data Compliance & Security, EU Data Protection Regulation, European Court of Justice, European Union, Legislation, Privacy Litigation, Privacy Regulation

Written by Susan Foster, Solicitor England & Wales/Admitted in California  (LONDON) Google – along with the rest of us – is still considering the implications of the European Court of Justice’s May 13, 2014 decision that Google must remove links to a newspaper article containing properly published information about a Spanish individual on the basis… Continue Reading