Well THAT didn’t take long! Less than 10 days after LinkedIn announced that it suffered a data breach of approximately 6.5 million user passwords, a class action lawsuit was filed against it in California federal court seeking in excess of $5 million. The lawsuit alleges that, contrary to its Privacy Policy, LinkedIn failed to comply
Data Breach
Federal Data Breach Notification Laws
The title of this blog entry is somewhat of a misnomer because there is no single national data breach notification law that governs all information the same way as the state data breach notification laws do. So, for the time being, companies and consumers are forced to determine which state data breach notification laws apply…
State Data Breach Notification Laws
In 2005, a company called ChoicePoint, which collected personal and financial information for millions of consumers, was the victim of a security breach. Criminals stole from ChoicePoint personal information for more than 145,000 individuals. The floodgates opened and a variety of other corporations and organizations revealed similar data breaches that had resulted in unauthorized…
Video Interview: Discussing the Global Payments Inc. Data Breach with LXBN TV
Yesterday I had the opportunity to speak with Colin O’Keefe of LXBN TV regarding the recent major data breach involving Global Payments Inc. In the interview, I explain the background of the breach, which impacted all major credit cards, the lessons companies can learn from the breach and exactly who bears the burden—financially and otherwise—of…
Hacking the “Middle Man”
Another massive high profile data breach was in the news this past week. MasterCard, Visa, American Express, and Discover, as well as other banks and franchises were affected. Significantly, the breadth of the effect was not a result of separate attacks against each bank, but rather a hacking of one common third-party service provider—Global Payments…
Private Civil Lawsuits Arising From Data Breaches
The U.S. Circuit Court of Appeals for the First Circuit recently weighed in on the causes of action and damages that are (and are not) cognizable in a data breach case. In Anderson v. Hannaford Bros. Co., No 10-2384 (1st Cir. Oct. 20, 2011), the plaintiffs were customers of a grocery store chain. …
Data Breach — What’s the Harm??
A data breach can result in the exposure of private customer information (credit card information, social security numbers, email addresses, etc.) to unknown third parties who may fraudulently use that information. In instances where the information is used fraudulently, the customer suffers a harm that can usually be quantified or measured in some way.
But…
Why Should You Care About Data Breaches?
Some of the most alarming statistics concerning data breaches relate to how frequently they occur, who is suffering them, and the cost such breaches impose on their victims.
According to a recent survey of 583 IT practitioners (more than half of whom were employed by organizations with more than 5,000 employees), 90% of organizations had…