Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
TD BANK ANNOUNCES DATA BREACH
TD Bank recently began notifying approximately 260,000 customers in numerous states from Maine to Florida that their personal information had been lost. A TD Bank spokesman confirmed to the Associated Press that unencrypted back-up data tapes were misplaced in transport earlier this year. The tapes contained personal information that included account information and social security … Continue reading
MEDAL OF HONOR RECIPIENTS BECOME VICTIMS OF AN ON LINE DATA BREACH
The Social Security numbers of 31 Army Medal of Honor recipients were accidentally posted on line by a Pentagon employee. The Los Angeles Times reported last week that the personal information was removed from the internet after the breach was discovered by a well known military historian. The Social Security numbers appear to have … Continue reading
A MASSACHUSETTS HEALTH CARE PROVIDER AGREED TO PAY $1.5 MILLION TO SETTLE A HIPAA PRIVACY VIOLATION
HHS’ Office of Civil Rights announced this week that a Mass. health care provider will pay a $1.5 million settlement to resolve a HIPAA privacy violation. http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html. The monetary settlement is part of a resolution agreement and the result of the alleged 2010 theft of a laptop computer that held 3,621 patient records. The … Continue reading
Cyber Warfare and Collateral Damage: “Flame” Malware Heats Up Data Security Threat
Cyber Security experts have discovered new malware that is unique in its sophistication and frightening in its capabilities. The malware, known as “Flame”, was found during an investigation by Russia-based Kaspersky Lab, and may have been running undetected for more than two years. Flame has set off alarm bells due to its complexity and because it appears to be part of … Continue reading
U.S. Senate Considers Legislation to Protect Sensitive Data and Consumer Privacy
The U.S. Senate Committee on Commerce, Science & Transportation held a hearing on June 29th focusing on proposed legislation intended to protect consumer privacy. Private industry and government agency hearing witnesses expressed support for pending bills in the Senate. Among the pending privacy bills discussed were: S.799 – The Commercial Privacy Bill of Rights Act of 2011; S. 913 – … Continue reading
PCI Security Standards Council Releases Guidelines for Virtual Environments
On June 14, the PCI Security Standards Council released new guidelines [pdf] directed to entities that process payment card data in virtual environments. These guidelines do not add additional requirements to the PCI-DSS 2.0 standard. Rather, they are an outline for applying the existing standard in the context of virtual platforms, including cloud computing. In … Continue reading