The U.S. Office of Personnel Management (OPM) announced that hackers have stolen the personal information of approximately 4 million current and former federal employees, including names, birthdates and social security numbers. OPM serves as the human resources department -and holds employee records – for the entire federal government, ranging from security clearances to the identities… Continue Reading
Tag Archives: Data Breach
Wyndham Motion Puts the FTC on the Defensive
Posted in Data Breach, Federal Trade CommissionWritten by Adam Veness Wyndham Hotel & Resorts LLC (“Wyndham”) has filed a Motion to Dismiss the Federal Trade Commission’s (the “FTC”) Complaint against it, which alleges that Wyndham committed unfair and deceptive acts related to three data security breaches that Wyndham has suffered since 2008. More information about the FTC’s Complaint can be seen… Continue Reading
Monday Morning Privacy 101
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH, UncategorizedCan you identify the major problems lurking in this one short paragraph? We’ve given you some help. The UCLA Health System has notified more than 16,000 patients of the theft of their PHI during a home invasion of a former employee. The PHI was contained on an external computer hard drive and although the information… Continue Reading
SEC Guidance to Public Companies: Evaluate and Disclose Cybersecurity Risks
Posted in Class Action Litigation, Data Breach, Data Compliance & Security, Privacy LitigationThe Securities and Exchange Commission (SEC) has issued guidance to public companies with respect to disclosure relating to cybersecurity and data breach risks. This release is from the Commission’s Division of Corporation Finance and is not a rule or regulation — but it is clear that public companies that ignore the advice in the Disclosure… Continue Reading
Legislative Interest in Federal Data Security Legislation Continues
Posted in UncategorizedSenate Judiciary Committee Chairman Patrick Leahy (D-VT) Introduces Data Security Bill Written by Julie Babayan Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has introduced a data security bill that would require certain business entities that store personal data to implement data privacy and security programs, modeled after those established for financial institutions to protect customer… Continue Reading
RSA Offers to Replace SecurID Tokens – For Everyone
Posted in UncategorizedUPDATE — link to interesting article from Channel Insider. Back in March, we reported on a massive and sophisticated attack on RSA Security’s well-known SecurID tokens, used by millions of corporate workers to access sensitive corporate networks. Yesterday, the security unit of EMC Corp. posted a letter to customers on its website, acknowledging for… Continue Reading
Privacy and Security Bits and Bytes
Posted in UncategorizedOur Friday feature is back! FTC Imposes Largest Civil Penalty Ever for Violation of Children’s Online Privacy Protection Act (COPPA) – Magic Kingdom Subsidiary Pays Up The Chairman of the Federal Trade Commission, Jon Leibowitz, said: It’s the law, it’s the right thing to do, and, as today’s settlement demonstrates, violating COPPA will not come… Continue Reading
Privacy “Webinar Wednesday” Series
Posted in Data Compliance & SecurityLast week, we introduced the “Privacy Webinar Wednesday” educational series with Data Privacy and Security Issues for the Not-for-Profit: 201 CMR 17.00, PCI, and Other Acronyms You Should Know. It was incredibly well-received – over 150 registrants. We’ll be presenting various privacy and security issues on the first Wednesday of the month. In case you… Continue Reading
Sony Breach Press Follow-up
Posted in Data BreachThere have been hundreds of articles written in the past week on the Sony Playstation Network breaches. Cynthia Larose, chair of Mintz Levin’s Privacy and Data Security practice, has been quoted in several articles over the weekend, including The Wall Street Journal [registration may be required], Reuters, and The Chicago Tribune. In The Wall Street Journal, Larose said,… Continue Reading
Let The Litigation Begin – Sony PlayStation Data Breach Class Action Filed in Boston
Posted in Data BreachWritten by Kevin McGinty With the inevitability of death and taxes, data breaches spawn class action lawsuits. The massive Sony PlayStation Network data breach has now resulted in the filing of a class action in federal court in Massachusetts captioned Thompson v. Sony Computer Entertainment. The named plaintiff asserts her claims on behalf of a… Continue Reading
And the [hacks] just keep on coming……
Posted in UncategorizedWe’ve had the Epsilon breach. We’ve had Sony Breach One and Sony Breach Two. Today, Bloomberg News reports on a breach that may be, as one security expert in the article calls it, “the nastiest password hack in history….” LastPass is reporting that hackers may have broken into its database and stolen info on as… Continue Reading
More breach problems for Sony……
Posted in UncategorizedWritten by Julia Siripurapu Yesterday, in a Customer Service Notification posted on its website, Sony Online Entertainment LLC (“SOE”) based in San Diego, California revealed that its systems were also the subject of a hacking attack. Sony Corporation and Sony Computer Entertainment announced in a press release issued this morning, that based on their ongoing… Continue Reading
Strike Three? Apple/Google, Sony — now the New York Yankees…
Posted in UncategorizedThis has been quite the stretch for large, embarrassing data breaches (or “incidents” — depending on which spin you take). Now, the New York Yankees have been caught in the middle. An employee accidentally attached a spreadsheet to an email that was being sent out to thousands of current clients. That spreadsheet contained the names,… Continue Reading
And a Sony PSN Update: Report Says Credit Cards Encrypted
Posted in UncategorizedUpdate on the breach that exposed the information on 77 million users of Sony’s PlayStation Network: Kevin Poulsen, a writer for Wired Magazine‘s excellent blog, Threat Level, reports that Sony says that credit card numbers potentially stolen in the breach were encrypted. Poulsen quotes Sony, writing: All of the data was protected, and access was restricted… Continue Reading
UPDATE: Sony PlayStation Network Breach Prompts Plan to Introduce Consumer Protection Legislation
Posted in UncategorizedThere are many articles (see links below) being written and blogged today regarding the PSN breach. The Hill reports this afternoon that Representative Mary Bono Mack (R-CA) has announced a plan to introduce legislation to protect online consumer information. Bono Mack, as Chairman of the Energy and Commerce Trade Subcommittee, said that they will be investigating… Continue Reading
TJX Data Breach May Take Back Seat to Sony PlayStation Network Breach
Posted in UncategorizedWritten by Julia Siripurapu Sony Corp. has acknowledged on its PlayStation website that between April 17 and April 19, its PlayStation and Qriocity networks were the subject of a hacking attack. As a result of this attack, the personal information, including name, address, email address, birth date, passwords, security question answers, and credit card data, of… Continue Reading
Epsilon Data Breach Update – House Lawmakers Want Information
Posted in UncategorizedThis article from today’s Tech Daily indicates that the U.S. House Subcommittee on Commerce, Manufacturing and Trade want more details from Epsilon by next week.
Update on Epsilon Breach
Posted in UncategorizedThis story continues to grow. Our friends at Threatpost have done a great job of compiling a list of known companies that have been victims of the breach. See Threatpost – List of Companies Hit by Epsilon Breach
Major e-mail data breach occurs at mega-marketer
Posted in UncategorizedBy now, you’ve probably received one or more emails like this: Dear Valued Best Buy Customer, On March 31, we were informed by Epsilon, a company we use to send emails to our customers, that files containing the email addresses of some Best Buy customers were accessed without authorization. We have been assured by Epsilon… Continue Reading
And an aside…as if the people of the Gulf Coast haven’t suffered enough…
Posted in UncategorizedThe Associated Press reports that BP has lost a laptop containing all of the personal information belonging to tens of thousands of residents who filed claims for compensation after the Gulf oil spill. According to a BP spokesperson, the laptop was password protected, but not encrypted. Of course.
Into the Breach – Security Failures Can Cost You
Posted in 201 CMR 17.00, Data Breach, Data Compliance & SecurityOnce again, we have evidence that failures to implement the most basic of data security measures can cost real money. The Massachusetts Attorney General’s office announced a consent order that fines a Boston restaurant group $110,000 and imposes a set of compliance measures that will also carry a price tag. Despite many headlines trumpeting the “first enforcement action,” this action… Continue Reading
Massachusetts General Hospital settles 2009 breach with Office of Civil Rights
Posted in Data Breach, HIPAA/HITECHThe cost of data breaches keeps on rising. Add another million to this week’s HIPAA charges. Just released this afternoon – the Office of Civil Rights announced that it has reached a settlement with Massachusetts General Hospital relating to a 2009 loss of medical records when a billing manager who was carrying the records accidentally… Continue Reading
Arizona Hospital Workers Fired for Inappropriately Accessing Shooting Victim Records
Posted in UncategorizedWritten by Dianne Bourque Once again, a public event has piqued the “curiosity” of hospital employees in violation of HIPAA. The University Medical Center (UMC) at Tucson has fired three administrative staff and a contracted nurse for wrongfully accessing medical records related to the shooting rampage that killed six people and seriously injured Congresswoman Gabrielle Giffords. … Continue Reading
Data Breach at NYC “Hop-on, Hop-off” Tour Company — 110,000 credit card numbers stolen
Posted in 201 CMR 17.00, Data Breach, Data Breach Notification, Data Compliance & SecuritySince March 1, 2010, privacy professionals have been waiting for a data breach that could bring an enforcement action under 201 CMR 17.00, the Massachusetts privacy regulations. I just spoke with Paul Roberts, editor of threatpost.com, a blog that posted an entry yesterday regarding a breach that could do just that. Twin America LLC, the parent company of… Continue Reading
