Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Identity Theft

Subscribe to Identity Theft RSS Feed

Ransomware Strikes California Hospital – Could You Be Next?

Posted in Cybersecurity, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Security, Uncategorized

In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack… Continue Reading

Strike Suit Offers Conjectures, And Little More, About Scottrade Data Breach

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Identity Theft, Privacy Litigation

As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves.  That very same day saw… Continue Reading

Sony: Stipulation Announces (but does not disclose) Employee Data Breach Class Settlement

Posted in Class Action Litigation, Data Breach, Employee Privacy, Identity Theft, Privacy Litigation

This Is The End? Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of… Continue Reading

Data Dump! AshleyMadison.com Fallout Deepens

Posted in Cybersecurity, Data Breach, Identity Theft

Written by Wynter Deagle The Impact Team, the vigilante group behind the hacking of the infamous website AshleyMadison.com has followed through on its threat to leak the full database of the site’s users online.  On Tuesday, August 18, 2015, an impressive 9.7 gigabytes of compressed data was posted to the dark web using an Onion… Continue Reading

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

Register for our next Wednesday Webinar — February 25

Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social Media

Registration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series — This webinar,  scheduled for Wednesday, February 25,  will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss… Continue Reading

The Anthem Data Breach: The Fallout and What’s Next

Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Identity Theft

By now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc.  Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.

Global Internet Threat Activity

Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, Security

Often, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading

Privacy Monday: July 21, 2014

Posted in Data Breach, Data Breach Notification, Identity Theft, Privacy Monday

We are now officially in the throes of “midsummer” on this Privacy Monday.  And, on occasion in the data privacy world, we agree with Will Shakespeare’s words….“Lord, what fools these mortals be!” Flash Drives  …. Butler University has warned about 160,000 students, faculty, staff, and alumni that personal information was discovered on a flash drive… Continue Reading

October is National Cyber Security Awareness Month

Posted in Cybersecurity, Identity Theft

DID YOU KNOW? –       93 percent believe their online actions can protect not only friends and family but also help to make the Web safer for everyone around the world. –       Nearly two-thirds of the American public have heard, read or seen something about online safety and security issues recently. However, most of what the… Continue Reading

FTC Complaint: Medical Testing Lab Exposed Personal Data of Thousands Over Peer-to-Peer Network

Posted in Data Breach, Federal Trade Commission, Identity Theft

Written by Amy Malone Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country.  The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data.   The… Continue Reading

Revised FTC Guide on ‘Red Flags’ Identity Theft Rule Published

Posted in Federal Trade Commission, Identity Theft

UPDATE: The Federal Trade Commission recently issued a revised guide on the Red Flags Identity Theft Rule, designed to help businesses comply with the requirements of the Rule. Our detailed Client Alert on the Final Red Flags Rule and compliance obligations issued by the SEC and CFTC can be found here.   Compliance with the… Continue Reading

Data Breach at Gunpoint

Posted in Data Breach, Data Breach Notification, Identity Theft

Written by Amy Malone You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case.  Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the… Continue Reading

“Red Flag” Compliance Requirements Come to Investment Advisors, Broker-Dealers – UPDATE

Posted in Data Compliance & Security, Identity Theft, Privacy Regulation

  UPDATE:   We have prepared a detailed Client Alert as a guide to getting started with these new Red Flag Rules and compliance obligations.   You can read it here.   It has been several years since the Federal Trade Commission’s Red Flag Rule took effect; and the banking regulators have had the Red Flag… Continue Reading

The Tale of Two Banks: Final Settlement in Maine Bank Security Practices Case and a Failure of Bank Security Procedures in Florida

Posted in Identity Theft, Privacy Litigation

In a case that we have written about here and here, People’s United Bank of Maine has agreed to pay about $ 390,000 to settle a claim that its security practices allowed unauthorized persons to withdraw funds from a construction company’s account (Patco Construction Co. v. People’s United Bank, D. Me., No. 09-503, agreed dismissal filed 11/19/12)…. Continue Reading

Hack Attack: US Financial Institutions in the Cross-Hairs

Posted in Data Breach, Identity Theft

Written by Amy Malone Last week the FBI released a fraud alert warning financial institutions that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in credentials.  After obtaining the credentials the hackers initiated wire transfers oversees.  A few days after the alert, Bank of America, JPMorgan Chase  and… Continue Reading

Risk assessments are critical to avoid data blackmail

Posted in Data Breach, Data Compliance & Security, Identity Theft

 The article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail.    Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading

Data breaches du jour…..

Posted in Data Breach, Data Breach Notification, Identity Theft

Today’s news contains information regarding not one, but two, data breaches, compromising the personal information of a total of nearly 20,000 people. The Washington Business Journal published a report today of a breach at the Environmental Protection Agency which exposed the Social Security numbers and banking information of nearly 8,000 individuals, most current employees of… Continue Reading

Law & Order PEPU: California’s new Privacy Enforcement and Protection Unit

Posted in Data Breach, Data Compliance & Security, Identity Theft, Privacy Regulation

Written by Jake Romero In a move signaling increased enforcement of the state’s data privacy and security regulations, California’s Attorney General Kamala D. Harris has announced the creation of the Privacy Enforcement and Protection Unit.   The Privacy Unit will be staffed by California Department of Justice Employees, including six dedicated prosecutors, and will have… Continue Reading

From the Data Protection and Privacy Conference: Words of Advice from the Federal Trade Commission

Posted in Data Breach Notification, Data Compliance & Security, Federal Trade Commission, Identity Theft, Privacy Regulation

Written by Amy Malone Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates. Kevin Moriarty from the Division of Privacy and Identity Protection of the Federal Trade Commission addressed the privacy conference on Wednesday.  His discussion focused on the current FTC policy work, including workshops… Continue Reading

Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up

Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, Security

Symantec has released its annual Internet Security Threat Report, and the numbers are astounding.  According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011.    The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading

Getting ready to forward that spreadsheet to your personal email account? Think twice…..then think again…

Posted in Data Breach, HIPAA/HITECH, Identity Theft, Security

An employee — former employee — of the South Carolina Department of Health and Human Services found out the hard way after transferring the information of more than 228,000 Medicaid beneficiaries to his personal email account.     The data included Medicare numbers (which include Social Security numbers as part of the identifier) linked to the beneficiaries… Continue Reading

New Year’s Resolutions – Privacy & Security

Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, Security

Since it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life —  in 2012. 1.   Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading