Header graphic for print
Privacy & Security Matters Mintz Levin : Data Compliance & Security, Employee Privacy Lawyer & Attorney

Tag Archives: Data Breach

Data Breach Affects Millions of Current and Former Government Workers

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Employee Privacy, Identity Theft, Privacy Litigation, Security

The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers.  OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading

Wyndham Motion Puts the FTC on the Defensive

Posted in Data Breach, Federal Trade Commission

Written by Adam Veness Wyndham Hotel & Resorts LLC (“Wyndham”) has filed a Motion to Dismiss the Federal Trade Commission’s (the “FTC”) Complaint against it, which alleges that Wyndham committed unfair and deceptive acts related to three data security breaches that Wyndham has suffered since 2008.  More information about the FTC’s Complaint can be seen… Continue Reading

SEC Guidance to Public Companies: Evaluate and Disclose Cybersecurity Risks

Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Privacy Litigation

The Securities and Exchange Commission (SEC) has issued guidance to public companies with respect to disclosure relating to cybersecurity and data breach risks.    This release is from the Commission’s Division of Corporation Finance and is not a rule or regulation — but it is clear that public companies that ignore the advice in the Disclosure… Continue Reading

Legislative Interest in Federal Data Security Legislation Continues

Posted in Uncategorized

Senate Judiciary Committee Chairman Patrick Leahy (D-VT) Introduces Data Security Bill Written by Julie Babayan Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has introduced a data security bill that would require certain business entities that store personal data to implement data privacy and security programs, modeled after those established for financial institutions to protect customer… Continue Reading

RSA Offers to Replace SecurID Tokens – For Everyone

Posted in Uncategorized

UPDATE — link to interesting article from Channel Insider.   Back in March, we reported on a massive and sophisticated attack on RSA Security’s well-known SecurID tokens, used by millions of corporate workers to access sensitive corporate networks.  Yesterday, the security unit of EMC Corp. posted a letter to customers on its website, acknowledging for… Continue Reading

Privacy and Security Bits and Bytes

Posted in Uncategorized

Our Friday feature is back!  FTC Imposes Largest Civil Penalty Ever for Violation of Children’s Online Privacy Protection Act (COPPA) – Magic Kingdom Subsidiary Pays Up The Chairman of the Federal Trade Commission, Jon Leibowitz, said:  It’s the law, it’s the right thing to do, and, as today’s settlement demonstrates, violating COPPA will not come… Continue Reading

Privacy “Webinar Wednesday” Series

Posted in Data Compliance & Security

Last week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit:  201 CMR 17.00, PCI, and Other Acronyms You Should Know.  It was incredibly well-received – over 150 registrants.   We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading

Sony Breach Press Follow-up

Posted in Data Breach

There have been hundreds of articles written in the past week on the Sony Playstation Network breaches.  Cynthia Larose, chair of Mintz Levin’s Privacy and Data Security practice, has been quoted in several articles over the weekend, including The Wall Street Journal [registration may be required], Reuters, and The Chicago Tribune. In The Wall Street Journal, Larose said,… Continue Reading

Let The Litigation Begin – Sony PlayStation Data Breach Class Action Filed in Boston

Posted in Data Breach

Written by Kevin McGinty With the inevitability of death and taxes, data breaches spawn class action lawsuits.  The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment.  The named plaintiff asserts her claims on behalf of a… Continue Reading

And the [hacks] just keep on coming……

Posted in Uncategorized

We’ve had the Epsilon breach.   We’ve had Sony Breach One and Sony Breach Two.   Today, Bloomberg News reports on a breach that may be, as one security expert in the article calls it, “the nastiest password hack in history….”  LastPass is reporting that hackers may have broken into its database and stolen info on as… Continue Reading

More breach problems for Sony……

Posted in Uncategorized

Written by Julia Siripurapu Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack. Sony Corporation and Sony Computer Entertainment announced in a press release issued this morning, that based on their ongoing… Continue Reading

Strike Three? Apple/Google, Sony — now the New York Yankees…

Posted in Uncategorized

This has been quite the stretch for large, embarrassing data breaches (or “incidents” — depending on which spin you take).   Now, the New York Yankees have been caught in the middle. An employee accidentally attached a spreadsheet to an email that was being sent out to thousands of current clients.  That spreadsheet contained the names,… Continue Reading

And a Sony PSN Update: Report Says Credit Cards Encrypted

Posted in Uncategorized

Update on the breach that exposed the information on 77 million users of Sony’s PlayStation Network: Kevin Poulsen, a writer for Wired Magazine‘s excellent blog, Threat Level, reports that Sony says that credit card numbers potentially stolen in the breach were encrypted.   Poulsen quotes Sony, writing: All of the data was protected, and access was restricted… Continue Reading

UPDATE: Sony PlayStation Network Breach Prompts Plan to Introduce Consumer Protection Legislation

Posted in Uncategorized

There are many articles (see links below) being written and blogged today regarding the PSN breach.  The Hill reports this afternoon that Representative Mary Bono Mack (R-CA) has announced a plan to introduce legislation to protect online consumer information.  Bono Mack, as Chairman of the Energy and Commerce Trade Subcommittee, said that they will be investigating… Continue Reading

TJX Data Breach May Take Back Seat to Sony PlayStation Network Breach

Posted in Uncategorized

Written by Julia Siripurapu Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack. As a result of this attack, the personal information, including name, address, email address, birth date, passwords, security question answers, and credit card data, of… Continue Reading

Update on Epsilon Breach

Posted in Uncategorized

This story continues to grow.  Our friends at Threatpost have done a great job of compiling a list of known companies that have been victims of the breach. See Threatpost – List of Companies Hit by Epsilon Breach  

Major e-mail data breach occurs at mega-marketer

Posted in Uncategorized

By now, you’ve probably received one or more emails like this: Dear Valued Best Buy Customer, On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization. We have been assured by Epsilon… Continue Reading

And an aside…as if the people of the Gulf Coast haven’t suffered enough…

Posted in Uncategorized

The Associated Press reports that BP has lost a laptop containing all of the personal information belonging to tens of thousands of residents who filed claims for compensation after the Gulf oil spill.   According to a BP spokesperson, the laptop was password protected, but not encrypted.  Of course.

Into the Breach – Security Failures Can Cost You

Posted in 201 CMR 17.00, Data Breach, Data Compliance & Security

Once again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag.   Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading

Massachusetts General Hospital settles 2009 breach with Office of Civil Rights

Posted in Data Breach, HIPAA/HITECH

The cost of data breaches keeps on rising.  Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading

Arizona Hospital Workers Fired for Inappropriately Accessing Shooting Victim Records

Posted in Uncategorized

Written by Dianne Bourque Once again, a public event has piqued the “curiosity” of hospital employees in violation of HIPAA.   The University Medical Center (UMC) at Tucson has fired three administrative staff and a contracted nurse for wrongfully accessing medical records related to the shooting rampage that killed six people and seriously injured Congresswoman Gabrielle Giffords. … Continue Reading

Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen

Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & Security

Since March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations.   I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that.   Twin America LLC, the parent company of… Continue Reading