Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
TD BANK ANNOUNCES DATA BREACH
TD Bank recently began notifying approximately 260,000 customers in numerous states from Maine to Florida that their personal information had been lost. A TD Bank spokesman confirmed to the Associated Press that unencrypted back-up data tapes were misplaced in transport earlier this year. The tapes contained personal information that included account information and social security … Continue reading
MEDAL OF HONOR RECIPIENTS BECOME VICTIMS OF AN ON LINE DATA BREACH
The Social Security numbers of 31 Army Medal of Honor recipients were accidentally posted on line by a Pentagon employee. The Los Angeles Times reported last week that the personal information was removed from the internet after the breach was discovered by a well known military historian. The Social Security numbers appear to have … Continue reading
Vermont Adds New Wrinkles to Data Breach Notification Law
Vermont has made some interesting amendments [.pdf at Sec. 4, p. 9] to its Security Breach Notice Act. The changes, trumpeted in a recent press release as part of various consumer protection measures, were signed into law on May 8, 2012 to be effective immediately. The most significant aspects of the revisions are: Consumer notification of a breach must be … Continue reading
Credit Card Transactions: A Data Breach Waiting to Happen
Last week, Global Payments, Inc., an electronic transactions processor for, among others, VISA and MasterCard, reported a large data breach. According to Global Payments, intruders obtained ”track 2″ credit card data on 1.5 million cardholders. Track 2 refers to a portion of the data contained on the credit card’s magnetic stripe [pdf]. Track 2 data includes card numbers and expiration dates. Track 1 data, which was not … Continue reading
If the Shoe Fits . . . File a Class Action? Zappos Data Breach Leads to Quick Lawsuit.
Less than 24 hours after the Zappos data breach was announced, a class action lawsuit was filed against Amazon.com (Zappos is owned by Amazon). The Complaint [pdf] purports to be asserted on behalf of a putative class of 24 million customers whose information was exposed in the Zappos hacking incident. While 24 million individuals, not to mention the name recognition and … Continue reading
Canadian Bill Seeks Mandatory Data Breach Notification
Mandatory data breach notification may soon become federal law in Canada. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). PIPEDA currently does not contain any breach notification provisions. The proposed update would require entities to notify both affected … Continue reading
Sony Hacking Incident Grows — Legal Fallout Continues From PlayStation Network Breach
The Sony breach keeps growing, right along with the regulatory investigations. As we posted here previously, the Sony PlayStation Network (PSN) suffered a massive hacking incident, affecting over 77 Million individuals. In what is believed to be a related incident, a separate Sony entity, Sony Online Entertainment (SOE), is now reporting that it was also hacked, affecting … Continue reading
Call the Feds – Blumenthal Requests DOJ Investigation of Epsilon Breach
Connecticut senator, Richard Blumenthal, is calling for a federal investigation of the Epsilon data breach. On April 1st, Epsilon disclosed a security breach which compromised names and email addresses belonging to customers of numerous major U.S. companies that outsource their marketing to Epsilon. In an April 6th letter to U.S. Attorney General Eric Holder (AG … Continue reading