The consequences of a data breach reached new heights last week when Yahoo announced the resignation of its General Counsel in response to a series of security incidents the company suffered. A more fulsome explanation of the security incidents and Yahoo’s response can be found in item seven of the company’s 10-K, but here are… Continue Reading
Category Archives: Data Breach
Subscribe to Data Breach RSS Feed60 Minutes Reports on Payment Card Data Breaches
Posted in Data Breach, Data Breach, Data SecurityEver wonder how your credit card gets compromised and how the bad guys get your information? This report on tonight’s episode of 60 Minutes provides an overview of what happens from the moment you swipe your card at the point-of-sale terminal to the moment when the card number is compromised and sold on a black… Continue Reading
Why Every Business Should Care About Florida’s Information Protection Act
Posted in Breach Notification Statutes, Data Breach, Data Breach, Data Privacy, Data SecurityMy last post described what the recently passed Florida Information Protection Act (FIPA) will do. This post analyzes how FIPA differs from Florida’s existing breach notification law and explains why those differences will hurt or help companies that maintain information about Florida residents. Florida’s Governor must still sign the FIPA into law, but his signature… Continue Reading
Everything You Need To Know About Florida’s New Data Protection Law
Posted in Breach Notification Statutes, Data Breach, Data Privacy, Data SecurityThe Florida Legislature recently passed the Florida Information Protection Act of 2014 (FIPA). This post describes the FIPA and analyzes the advantages and disadvantages to businesses governed by the new law. The FIPA must still be signed by the Governor, but the law received unanimous support in the legislature, so his signature is expected. Once… Continue Reading
Healthcare Organizations Take It On The Chin
Posted in Data Breach, Data Breach, Data Privacy, Data Security, FTC, Health Care Industry, LawsuitsIf you have noticed an increasing number of high profile problems for healthcare organizations with respect to privacy and security issues these last few weeks you’re not alone. The issues have ranged from employee misuse of protected health information, web-based breaches, photocopier breaches, and theft of stolen computers that compromised millions of records containing unsecured… Continue Reading
U.S. Senate Considers Federal Data Security Legislation
Posted in Data Breach, Data Breach, Data Privacy, Data SecurityLegislation was introduced in the U.S. Senate late last week that, if passed, would create proactive and reactive requirements for companies that maintain personal information about U.S. citizens and residents. The legislation, titled the “Data Security and Breach Notification Act of 2013” (s. 1193) creates two overarching obligations: to secure personal information and to notify… Continue Reading
Data Breach Lawsuits – Revisiting the Risks
Posted in Data Breach, Data Breach, Data Privacy, Data Security, LawsuitsUntil recently, individuals whose information was compromised as a result of a company suffering a data breach faced an uphill battle when suing the company in a class action lawsuit. Far more often than not, Courts dismissed the lawsuits or entered summary judgment in favor of defendants on grounds that the plaintiffs could not establish… Continue Reading
Why is the Countrywide data breach lawsuit dismissal important?
Posted in Data Breach, Data Security, LawsuitsAnother court has weighed in on the issue of what constitutes a cognizable injury in a data breach case. In a lengthy opinion, the U.S. District Court for the Western District of Kentucky in Holmes v. Countrywide Financial Corp. dismissed a lawsuit against Countrywide by plaintiffs who claimed that their personal information had been compromised… Continue Reading
Video Interview: Discussing the LinkedIn Data Breach Class Action Suit with LXBN TV
Posted in Data Breach, Data Security, LawsuitsFollowing my post on the subject last week, I had the chance to speak with Colin O’Keefe of LXBN regarding the class action suit filed against LinkedIn following their recent high-profile data breach. In the brief interview, I explain the background of the case, what damages the plaintiffs are alleging and why it’s too early… Continue Reading
Federal Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityThe title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do. So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply… Continue Reading
State Data Breach Notification Laws
Posted in Data Breach, Data Breach, Data SecurityIn 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach. Criminals stole from ChoicePoint personal information for more than 145,000 individuals. The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized access… Continue Reading
Video Interview: Discussing the Global Payments Inc. Data Breach with LXBN TV
Posted in Data Breach, Data Breach, Data SecurityYesterday I had the opportunity to speak with Colin O’Keefe of LXBN TV regarding the recent major data breach involving Global Payments Inc. In the interview, I explain the background of the breach, which impacted all major credit cards, the lessons companies can learn from the breach and exactly who bears the burden—financially and otherwise—of… Continue Reading
Hacking the “Middle Man”
Posted in Data Breach, Data Breach, Data SecurityAnother massive high profile data breach was in the news this past week. MasterCard, Visa, American Express, and Discover, as well as other banks and franchises were affected. Significantly, the breadth of the effect was not a result of separate attacks against each bank, but rather a hacking of one common third-party service provider—Global Payments… Continue Reading
Foreign Economic Cyber-Espionage (Part 3)
Posted in Data Breach, Data SecurityThis final blog entry in the series about economic cyber-espionage focuses on what, if anything, the government can do and is doing to limit cyber attacks that result in the theft of billions dollars worth of intellectual property and confidential proprietary information. The issue of cyber-espionage is receiving attention from the highest levels of government. … Continue Reading
Private Civil Lawsuits Arising From Data Breaches
Posted in Data Breach, Data Breach, Data SecurityThe U.S. Circuit Court of Appeals for the First Circuit recently weighed in on the causes of action and damages that are (and are not) cognizable in a data breach case. In Anderson v. Hannaford Bros. Co., No 10-2384 (1st Cir. Oct. 20, 2011), the plaintiffs were customers of a grocery store chain. The grocery… Continue Reading
Subscribe to this blog via RSS
View Al's Linkedin Profile