In a chain of events that should be a wake-up call to any entity using and storing critical health information (and indeed, ANY kind of critical information), Hollywood Presbyterian Medical Center (“HPMC”) has announced that it paid hackers $17,000 to end a ransomware attack on the hospital’s computer systems. On February 5, HPMC fell victim to an attack… Continue Reading
Identity Theft
Subscribe to Identity Theft RSS FeedStrike Suit Offers Conjectures, And Little More, About Scottrade Data Breach
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, Identity Theft, Privacy LitigationAs reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a number of financial services companies that had been victimized by data thieves. That very same day saw… Continue Reading
Sony: Stipulation Announces (but does not disclose) Employee Data Breach Class Settlement
Posted in Class Action Litigation, Data Breach, Employee Privacy, Identity Theft, Privacy LitigationThis Is The End? Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach allegedly perpetrated by North Korean hackers in retaliation for SPE’s release of “The Interview,” a satirical comedy depicting an attempt on the life of… Continue Reading
Data Dump! AshleyMadison.com Fallout Deepens
Posted in Cybersecurity, Data Breach, Identity TheftWritten by Wynter Deagle The Impact Team, the vigilante group behind the hacking of the infamous website AshleyMadison.com has followed through on its threat to leak the full database of the site’s users online. On Tuesday, August 18, 2015, an impressive 9.7 gigabytes of compressed data was posted to the dark web using an Onion… Continue Reading
Connecticut Amends Data Breach Notification Law
Posted in Data Breach, Data Breach Notification, Identity Theft, Privacy RegulationIn the absence of any meaningful moves in Congress to enact uniform data breach notification, the states continue to make adjustments to existing laws to better protect affected residents in their states.
Data Breach Affects Millions of Current and Former Government Workers
Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, SecurityThe U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers. OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading
Register for our next Wednesday Webinar — February 25
Posted in Employee Privacy, Events and Webinars, HIPAA/HITECH, Identity Theft, Mobile Privacy, Privacy Litigation, Security, Social MediaRegistration is open for the next installment in the Mintz Levin Privacy & Security Group Wednesday Webinar series — This webinar, scheduled for Wednesday, February 25, will focus on privacy in the workplace. Our workplace is everywhere these days, which makes employment and privacy compliance even more challenging. Jen Rubin and Gauri Punjabi will discuss… Continue Reading
The Anthem Data Breach: The Fallout and What’s Next
Posted in Class Action Litigation, Cybersecurity, Data Breach, Data Breach Notification, HIPAA/HITECH, Identity TheftBy now (unless you have been under a snow drift), you have likely heard about the apparent intrusion into a database at the nation’s largest health insurer, Anthem, Inc. Rather than reiterate the facts as currently known (see Anthem’s dedicated website for updates), we’ll look at the fallout and what’s next.
Global Internet Threat Activity
Posted in Cybersecurity, Data Breach, Data Compliance & Security, Identity Theft, SecurityOften, privacy and security professionals are seen as “paranoid” or “Chicken Little” ….. statistics are pointing to something that more closely resembles the canary in the coal mine. A new Internet Security Threat Report provides an overview and analysis of the year’s global internet threat activity. The report is based on data from the Symantec™… Continue Reading
Privacy Monday: July 21, 2014
Posted in Data Breach, Data Breach Notification, Identity Theft, Privacy MondayWe are now officially in the throes of “midsummer” on this Privacy Monday. And, on occasion in the data privacy world, we agree with Will Shakespeare’s words….“Lord, what fools these mortals be!” Flash Drives …. Butler University has warned about 160,000 students, faculty, staff, and alumni that personal information was discovered on a flash drive… Continue Reading
October is National Cyber Security Awareness Month
Posted in Cybersecurity, Identity TheftDID YOU KNOW? – 93 percent believe their online actions can protect not only friends and family but also help to make the Web safer for everyone around the world. – Nearly two-thirds of the American public have heard, read or seen something about online safety and security issues recently. However, most of what the… Continue Reading
FTC Complaint: Medical Testing Lab Exposed Personal Data of Thousands Over Peer-to-Peer Network
Posted in Data Breach, Federal Trade Commission, Identity TheftWritten by Amy Malone Just before the Labor Day holiday, the Federal Trade Commission issued a press release announcing its complaint against LabMD, Inc., a company that performs medical testing for consumers around the country. The complaint alleges that the company did not take reasonable measures to protect the security of consumers’ personal data. The… Continue Reading
Revised FTC Guide on ‘Red Flags’ Identity Theft Rule Published
Posted in Federal Trade Commission, Identity TheftUPDATE: The Federal Trade Commission recently issued a revised guide on the Red Flags Identity Theft Rule, designed to help businesses comply with the requirements of the Rule. Our detailed Client Alert on the Final Red Flags Rule and compliance obligations issued by the SEC and CFTC can be found here. Compliance with the… Continue Reading
Data Breach at Gunpoint
Posted in Data Breach, Data Breach Notification, Identity TheftWritten by Amy Malone You might think that if you lock your backup tapes in a safe they are protected from a data breach, but Kmart’s recent data breach proves that’s not the case. Last month, a person held a Kmart employee in Little Rock, Arkansas at gun point and ordered him to open the… Continue Reading
“Red Flag” Compliance Requirements Come to Investment Advisors, Broker-Dealers – UPDATE
Posted in Data Compliance & Security, Identity Theft, Privacy RegulationUPDATE: We have prepared a detailed Client Alert as a guide to getting started with these new Red Flag Rules and compliance obligations. You can read it here. It has been several years since the Federal Trade Commission’s Red Flag Rule took effect; and the banking regulators have had the Red Flag… Continue Reading
The Tale of Two Banks: Final Settlement in Maine Bank Security Practices Case and a Failure of Bank Security Procedures in Florida
Posted in Identity Theft, Privacy LitigationIn a case that we have written about here and here, People’s United Bank of Maine has agreed to pay about $ 390,000 to settle a claim that its security practices allowed unauthorized persons to withdraw funds from a construction company’s account (Patco Construction Co. v. People’s United Bank, D. Me., No. 09-503, agreed dismissal filed 11/19/12)…. Continue Reading
Hack Attack: US Financial Institutions in the Cross-Hairs
Posted in Data Breach, Identity TheftWritten by Amy Malone Last week the FBI released a fraud alert warning financial institutions that cyber criminals have been using tactics such as spam and phishing emails to obtain employee log-in credentials. After obtaining the credentials the hackers initiated wire transfers oversees. A few days after the alert, Bank of America, JPMorgan Chase and… Continue Reading
Risk assessments are critical to avoid data blackmail
Posted in Data Breach, Data Compliance & Security, Identity TheftThe article below was posted to the Mintz Health Law & Policy Matters blog, but it contains valuable information for any business regarding steps to take to avoid data blackmail. Check out the bullet point list below and make sure that your company secures all its sensitive data against threats, both internal and external. Written… Continue Reading
Data breaches du jour…..
Posted in Data Breach, Data Breach Notification, Identity TheftToday’s news contains information regarding not one, but two, data breaches, compromising the personal information of a total of nearly 20,000 people. The Washington Business Journal published a report today of a breach at the Environmental Protection Agency which exposed the Social Security numbers and banking information of nearly 8,000 individuals, most current employees of… Continue Reading
Law & Order PEPU: California’s new Privacy Enforcement and Protection Unit
Posted in Data Breach, Data Compliance & Security, Identity Theft, Privacy RegulationWritten by Jake Romero In a move signaling increased enforcement of the state’s data privacy and security regulations, California’s Attorney General Kamala D. Harris has announced the creation of the Privacy Enforcement and Protection Unit. The Privacy Unit will be staffed by California Department of Justice Employees, including six dedicated prosecutors, and will have… Continue Reading
From the Data Protection and Privacy Conference: Words of Advice from the Federal Trade Commission
Posted in Data Breach Notification, Data Compliance & Security, Federal Trade Commission, Identity Theft, Privacy RegulationWritten by Amy Malone Amy Malone is attending the Data Protection & Privacy Law Conference in Arlington, Virginia this week and will be providing updates. Kevin Moriarty from the Division of Privacy and Identity Protection of the Federal Trade Commission addressed the privacy conference on Wednesday. His discussion focused on the current FTC policy work, including workshops… Continue Reading
Symantec: Malicious Cyber Attacks Increased by 81 Percent in 2011 and Data Breaches Up
Posted in Data Breach, Data Breach Notification, Data Compliance & Security, Identity Theft, SecuritySymantec has released its annual Internet Security Threat Report, and the numbers are astounding. According to the report, malicious attacks on networks skyrocketed by 81 percent in 2011. The report also highlights that advanced persistent threats, known as APT attacks, are spreading to organizations of all sizes, with the number of daily APT attacks increasing… Continue Reading
Getting ready to forward that spreadsheet to your personal email account? Think twice…..then think again…
Posted in Data Breach, HIPAA/HITECH, Identity Theft, SecurityAn employee — former employee — of the South Carolina Department of Health and Human Services found out the hard way after transferring the information of more than 228,000 Medicaid beneficiaries to his personal email account. The data included Medicare numbers (which include Social Security numbers as part of the identifier) linked to the beneficiaries… Continue Reading
New Year’s Resolutions – Privacy & Security
Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security, HIPAA/HITECH, Identity Theft, Privacy Regulation, Secure Traveling, SecuritySince it’s traditionally the time for new beginnings and resolutions to clear away old habits, we’d like to pass on some tips for improving privacy and security in your operations — and in your own life — in 2012. 1. Be sure to secure. Many data breaches occur by leaving sensitive information lying around the… Continue Reading