Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
State of the Cybersecurity Union — Obama’s Executive Order Aimed at Cyberattacks
“We know hackers steal people’s identities and infiltrate private e-mail. We know foreign countries and companies swipe our corporate secrets.” With those words, and just prior to his 2013 State of the Union address, President Obama signed an executive order on cybersecurity. The order is focused on protecting critical cyber infrastructure from cyberattacks. As an executive order, … Continue reading
HHS ISSUES FINAL BREACH NOTIFICATION RULES – The end of “no harm, no foul”?
Last week the Department of Health and Human Services (HHS) issued its long-awaited “Final Rule”[.pdf] meant to strengthen various HIPAA/HITECH privacy and security rules related to individuals’ health information. The 563 pages of federal regulations contain numerous rule modifications. Notably with respect to the scope of this Blog, there are significant changes to the Breach Notification Rule for protected health information (PHI). When originally issued as an “interim final rule” in … Continue reading
Credit/Debit Card Breach at Barnes & Noble Exposes Holes in Point of Sale Systems
Hackers gained access to credit card information from customers at 63 Barnes & Noble stores. Although the incident was first discovered in September, the FBI requested that Barnes & Noble delay publicly reporting the incident so as not to impede the investigation. Somehow, and the exact methodology has not been revealed, hackers were able to capture information from PIN … Continue reading
YOUR ISP MAY BE SPYING ON YOU — Big Brother Trumps Privacy
There is a little secret that your ISP probably does not want you to know. And you certainly will not see it listed anywhere as part of your ISP’s advertised services. Since July 1st many ISPs, including Time Warner, Comcast, Verizon and AT&T, have started efforts to actively scrutinize their customers’ Internet activity. What are they looking for? Evidence related to downloading … Continue reading
Vermont Adds New Wrinkles to Data Breach Notification Law
Vermont has made some interesting amendments [.pdf at Sec. 4, p. 9] to its Security Breach Notice Act. The changes, trumpeted in a recent press release as part of various consumer protection measures, were signed into law on May 8, 2012 to be effective immediately. The most significant aspects of the revisions are: Consumer notification of a breach must be … Continue reading
Cyber Warfare and Collateral Damage: “Flame” Malware Heats Up Data Security Threat
Cyber Security experts have discovered new malware that is unique in its sophistication and frightening in its capabilities. The malware, known as “Flame”, was found during an investigation by Russia-based Kaspersky Lab, and may have been running undetected for more than two years. Flame has set off alarm bells due to its complexity and because it appears to be part of … Continue reading
Credit Card Transactions: A Data Breach Waiting to Happen
Last week, Global Payments, Inc., an electronic transactions processor for, among others, VISA and MasterCard, reported a large data breach. According to Global Payments, intruders obtained ”track 2″ credit card data on 1.5 million cardholders. Track 2 refers to a portion of the data contained on the credit card’s magnetic stripe [pdf]. Track 2 data includes card numbers and expiration dates. Track 1 data, which was not … Continue reading
Is Cloud Computing Compatible With the FBI’s Data Security Rules?
We all know that if you want to do business with the government, you have to play by the rules. This includes law enforcement agencies seeking to access the FBI’s Criminal Justice Information Services (CJIS). The CJIS database, maintained by the FBI, is one of the world’s largest repositories of criminal information. CJIS provides state, local and … Continue reading
If the Shoe Fits . . . File a Class Action? Zappos Data Breach Leads to Quick Lawsuit.
Less than 24 hours after the Zappos data breach was announced, a class action lawsuit was filed against Amazon.com (Zappos is owned by Amazon). The Complaint [pdf] purports to be asserted on behalf of a putative class of 24 million customers whose information was exposed in the Zappos hacking incident. While 24 million individuals, not to mention the name recognition and … Continue reading
Did the First Circuit Open a Pandora’s Box in Data Breach Litigation?
Plaintiffs’ attorneys are now likely to rely on the First Circuit’s opinion in Anderson v. Hannaford Bros. Co., (1st Cir. Oct. 20, 2011) [.pdf], when asserting claims in the wake of a data breach. The Hannaford matter arose in December 2007, when hackers stole millions of credit and debit card numbers from Hannaford Brothers, a large grocery chain. In a span of 3 months, … Continue reading