Our experienced team views data breach response as a joint effort in partnership with the client where the client’s philosophy, brand and customer base are considered integral in reconciling compliance with the numerous, and often competing, laws and regulations. [...]
YOUR ISP MAY BE SPYING ON YOU — Big Brother Trumps Privacy
There is a little secret that your ISP probably does not want you to know. And you certainly will not see it listed anywhere as part of your ISP’s advertised services. Since July 1st many ISPs, including Time Warner, Comcast, Verizon and AT&T, have started efforts to actively scrutinize their customers’ Internet activity. What are they looking for? Evidence related to downloading … Continue reading
Vermont Adds New Wrinkles to Data Breach Notification Law
Vermont has made some interesting amendments [.pdf at Sec. 4, p. 9] to its Security Breach Notice Act. The changes, trumpeted in a recent press release as part of various consumer protection measures, were signed into law on May 8, 2012 to be effective immediately. The most significant aspects of the revisions are: Consumer notification of a breach must be … Continue reading
Cyber Warfare and Collateral Damage: “Flame” Malware Heats Up Data Security Threat
Cyber Security experts have discovered new malware that is unique in its sophistication and frightening in its capabilities. The malware, known as “Flame”, was found during an investigation by Russia-based Kaspersky Lab, and may have been running undetected for more than two years. Flame has set off alarm bells due to its complexity and because it appears to be part of … Continue reading
Credit Card Transactions: A Data Breach Waiting to Happen
Last week, Global Payments, Inc., an electronic transactions processor for, among others, VISA and MasterCard, reported a large data breach. According to Global Payments, intruders obtained ”track 2″ credit card data on 1.5 million cardholders. Track 2 refers to a portion of the data contained on the credit card’s magnetic stripe [pdf]. Track 2 data includes card numbers and expiration dates. Track 1 data, which was not … Continue reading
If the Shoe Fits . . . File a Class Action? Zappos Data Breach Leads to Quick Lawsuit.
Less than 24 hours after the Zappos data breach was announced, a class action lawsuit was filed against Amazon.com (Zappos is owned by Amazon). The Complaint [pdf] purports to be asserted on behalf of a putative class of 24 million customers whose information was exposed in the Zappos hacking incident. While 24 million individuals, not to mention the name recognition and … Continue reading
Did the First Circuit Open a Pandora’s Box in Data Breach Litigation?
Plaintiffs’ attorneys are now likely to rely on the First Circuit’s opinion in Anderson v. Hannaford Bros. Co., (1st Cir. Oct. 20, 2011) [.pdf], when asserting claims in the wake of a data breach. The Hannaford matter arose in December 2007, when hackers stole millions of credit and debit card numbers from Hannaford Brothers, a large grocery chain. In a span of 3 months, … Continue reading
Is There a Hidden Private Cause of Action For HIPAA Violations?
We all know that HIPAA/HITECH provides for civil and, potentially, criminal penalties if protected health information is disclosed in violation of the privacy rule. However, Congress did not provide for a private cause of action under HIPAA. Of course, that has not stopped plaintiffs’ lawyers from attempting to find a way to bring a claim … Continue reading
Congress Introduces Cybersecurity Enhancement Act – This Time They Mean It
In the wake of an unprecedented wave of highly publicized cyber attacks, both the House and the Senate have now introduced companion Cybersecurity bills. The proposed legislation, known as the Cybersecurity Enhancement Act of 2011 (.pdf), is meant to advance cybersecurity research and development and create technical standards for federal government agencies and their workforces. Some of the key provisions would: … Continue reading
Sony PlayStation Network Hacked — Exposes Information on Millions
There is now an explanation behind the mysterious outage of the Sony PlayStation Network (PSN), the online videogame service that enables millions of subscribers to play games over the Internet. The explanation is not likely to make angry gamers any happier. The PSN outage was first reported around April 20, 2011. Originally Sony simply said it was looking … Continue reading