Written by Amy Malone You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case. Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the… Continue Reading
Category Archives: Data Breach
Subscribe to Data Breach RSS FeedCybersecurity Disclosure: A Panel Discussion with the SEC’s Division of Corporation Finance
Posted in Cybersecurity, Data BreachLast week in Washington, D.C., this author had the opportunity to sit in on a panel discussion by the SEC’s Division of Corporation Finance (“CorpFin”) discussing, among other things, recent developments in cybersecurity disclosure in public company filings. The panel included CorpFin’s Acting Director Lona Nallengara, Deputy Director of Disclosure Operations Shelley Parratt and others from CorpFin…. Continue Reading
Hannaford Data Breach Class Action Certification: Denied
Posted in Class Action Litigation, Data Breach, Privacy LitigationWritten by Kevin McGinty Damages issues continue to bedevil would-be data breach class action plaintiffs. A long and growing line of cases holds that consumers cannot maintain claims arising from theft of their personal or financial data without alleging that the theft resulted in financial injury. One notable exception to this trend was the First… Continue Reading
Business Associates Beware
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, HIPAA/HITECHIf you haven’t yet caught up with the new HIPAA Omnibus Rule and its consequences for those businesses who are not themselves healthcare providers, but are service providers to healthcare entities (and even further downstream than that….), you can take a listen to our recent webinar highlighting the most important changes and issues. A recent… Continue Reading
Data Privacy Day 2013 – Tip #2 – Dust off your information security policy (or start putting one in place…)
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Privacy Regulation, SecurityWritten by Amy Malone Do you have a comprehensive information security program? Many businesses are still operating without one, leaving them open to preventable data breaches. The importance of info security programs was yet again underscored by the recent settlement between Cbr Systems and the Federal Trade Commission regarding a breach that affected 300,000 consumers…. Continue Reading
The Sony data breach fine: A hand-slap from London now, but what would it have been under the proposed new EU Data Protection Regulation?
Posted in Data Breach, Data Breach Notification, European Union, Privacy RegulationWritten by Sue Foster, Mintz Levin – London The UK Information Commissioner’s Office (ICO) has fined Sony £250,000 for the widely publicized 2011 security breach during (see here, here, and here) which hackers gained access to personal data (including credit card information) of over 77 million users. For a company of Sony’s size, £250,000 is a hand-slap —… Continue Reading
Cybersecurity in the 113th Congress
Posted in Data Breach, Data Breach Notification, Legislation, Privacy Regulation, SecurityThe 113th Congress will bring new leadership to the House Homeland Security Committee and the Senate Homeland Security and Government Affairs Committees — all responsible for cybersecurity issues. President Obama is expected to release an Executive Order (based on the draft circulated in late November 2012) very soon, perhaps before the State of the Union… Continue Reading
Words of Warning: “No breach too small”
Posted in Data Breach, Privacy RegulationAs originally posted in Mintz Levin’s Health Law & Policy Matters blog Written by: Stephanie D. Willis The Department of Health and Human Services, Office for Civil Rights (OCR) reached its first settlement for a breach involving data regarding less than 500 individuals. Under the December 2012 settlement, the Hospice of North Idaho (HONI) will pay OCR a $50,000 penalty to resolve allegations… Continue Reading
First of a series (updated): Issues for 2013
Posted in Class Action Litigation, Data Breach, Data Breach Notification, Data Compliance & SecurityHappy New Year! We are beginning this week with a series of top Privacy and Security issues for 2013, as we see them. Let’s start with an issue of interest to publicly traded companies, or companies considering going public in 2013 – a reminder that cybersecurity issues are of interest to the Securities… Continue Reading
The FTC Fires Back Against Wyndham
Posted in Data Breach, Data Breach Notification, Federal Trade Commission, Privacy Litigation, Privacy RegulationWritten by Adam Veness The Federal Trade Commission (the “FTC”) has filed its response to the Wyndham Hotel & Resorts LLC’s (“Wyndham”) Motion to Dismiss. More information about Wyndham’s Motion can be seen in an earlier blog post here. In its response, the FTC rebuts Wyndham’s Motion and argues three main points: 1) the FTC… Continue Reading
Barnes & Noble PIN Pad Devices Hit By Hackers
Posted in Data Breach, Data Breach NotificationAs the New York Times reports, Barnes & Noble disclosed this week that it learned over one month ago – on September 14 – that hackers broke into point of sale PIN pad devices at 63 Barnes & Noble stores around the country and stole credit and debit card information for customers who had made purchases at… Continue Reading
Court Decision in Sony PlayStation Data Breach Case Places Burden on Plaintiffs to Allege Actual Damages
Posted in Class Action Litigation, Data Breach, Data Breach NotificationWritten by Kevin McGinty Class action plaintiffs asserting claims against Sony in connection with the 2011 Sony PlayStation Network (“PSN”) data breach face permanent dismissal of their claims unless they can allege actual losses resulting from the breach. In an October 11 decision, a federal court in Los Angeles granted in part Sony’s motion to… Continue Reading
Centers for Medicare & Medicaid Services (CMS) Falls Short in Response to Healthcare Data Breaches
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, Privacy RegulationWritten by Stephen Bentfield and previously published in Mintz Levin’s Health Law & Policy Matters Last week, the U.S. Department of Health and Human Services Office of Inspector General (OIG) released the results of a study entitled CMS Response to Breaches and Medical Identity Theft. OIG had two objectives for commencing this study. First, OIG sought to determine whether… Continue Reading
Two Upcoming Privacy Events
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, Employee Privacy, Privacy RegulationWe have two “Save the Date” announcements today – for registration information click on the links below: October 18, 2012 — San Diego — The Era of Big Data — Governance, Risk and Compliance October 25, 2012 — Webinar — Data Privacy and Security Issues for the Nonprofit Join the Mintz Levin Privacy team at… Continue Reading
Recommended Reading – BYOD and Reasonable Security
Posted in Data Breach, Data Compliance & Security, SecurityMuch has been written, in this space and elsewhere, on the concept of “reasonable security” — what constitutes “reasonable security,” how much security is “reasonable,” etc. The entry of the choice of computing devices to the workplace – known as the “bring your own [personal] device” or “BYOD” trend – has also been dissected at length. Companies are… Continue Reading
Hack Attack: US Financial Institutions in the Cross-Hairs
Posted in Data Breach, Identity TheftWritten by Amy Malone Last week the FBI released a fraud alert warning financial institutions that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in credentials. After obtaining the credentials the hackers initiated wire transfers oversees. A few days after the alert, Bank of America, JPMorgan Chase and… Continue Reading
Beware the Weakest Link: Human Behavior
Posted in Data Breach, Data Breach Notification, SecurityWritten by Stephen Bentfield Today’s Washington Post includes a front page article that should serve as a warning to any employer about increasingly sophisticated social engineering attacks that exploit one key vulnerability that is essentially immune to technical solutions: their employees. Social engineering attacks work by exploiting the natural human tendency to trust and thereby… Continue Reading
Apple Shareholders Request Information From Board on Privacy/Security Risk
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityWritten by Amy Malone This week, Apple shareholders requested that its Board of Directors publish a report explaining how the board oversees privacy and data security risks. The proposal, which is available here, was prompted by concern that recent issues such as the unauthorized access to iPhone users’ address books and the release of one… Continue Reading
Mass Eye and Ear Infirmary Hit with $1.5M Breach Settlement
Posted in Data Breach, Data Breach Notification, HIPAA/HITECHOriginally posted by Dianne Bourque in Mintz Levin’s Health Law & Policy Matters blog As the old saying goes, “no good deed goes unpunished….” The most recent, published Office for Civil Rights (OCR) HIPAA enforcement action serves as an important reminder that self-reported breaches can and do lead to investigations and enforcement. Massachusetts Eye and Ear… Continue Reading
Wyndham Motion Puts the FTC on the Defensive
Posted in Data Breach, Federal Trade CommissionWritten by Adam Veness Wyndham Hotel & Resorts LLC (“Wyndham”) has filed a Motion to Dismiss the Federal Trade Commission’s (the “FTC”) Complaint against it, which alleges that Wyndham committed unfair and deceptive acts related to three data security breaches that Wyndham has suffered since 2008. More information about the FTC’s Complaint can be seen… Continue Reading
“Back to School” – Upcoming Cybersecurity Event in Boston
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityIt’s that time of year again – and not just the kiddies are headed back to school. We’re co-sponsoring a free cybersecurity event with a panel of experts to discuss risk management and risk transfer in the privacy/security world. More information, including registration link, is posted here. Watch this blog for announcement of a webinar… Continue Reading
Checked your insurance policies lately?
Posted in Data Breach, Privacy LitigationWritten by Nancy Adams In a ruling that might provide a new path to data breach insurance coverage, DSW Shoe Warehouse, Inc. has prevailed in its attempt to obtain insurance coverage for losses associated with a data breach under a commercial crime policy. The Sixth Circuit Court Appeals, in Retail Ventures, Inc. et al. v…. Continue Reading
Risk assessments are critical to avoid data blackmail
Posted in Data Breach, Data Compliance & Security, Identity TheftThe article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail. Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading
Data breaches du jour…..
Posted in Data Breach, Data Breach Notification, Identity TheftToday’s news contains information regarding not one, but two, data breaches, compromising the personal information of a total of nearly 20,000 people. The Washington Business Journal published a report today of a breach at the Environmental Protection Agency which exposed the Social Security numbers and banking information of nearly 8,000 individuals, most current employees of… Continue Reading
