Please read if you are considering a donation of technology devices!! Failure to properly address stored information could expose your personal information and that of others — and could expose you and/or your company to liability under federal and state laws for non-compliance with laws regulating disposal of personal information. During the holiday season, many… Continue Reading
Tag Archives: Data Breach
Remember the old quote about “prior preparation?”
Posted in Data Breach, Data Breach Notification, Data Compliance & SecurityMintz Levin has prepared a State Data Breach Laws matrix to help assess obligations under state data breach notification laws in the event of a data security incident.
WellPoint Sued by Indiana AG for $300K – UPDATE
Posted in Data Breach, Data Breach Notification, HIPAA/HITECH(This post is updated to include links to the Indiana Attorney General’s press release and a copy of the complaint) Back on July 1, we blogged in this space about a very large data breach experienced by health insurer WellPoint. According to WellPoint, over 470,000 individual insurance customers may have been affected by a breach that… Continue Reading
No Harm, No Foul; Ninth Circuit Affirms Dismissal of Data Breach Case Against The Gap
Posted in Data BreachWritten by Kevin McGinty It’s a distressingly common scenario. A corporate laptop containing job applicant data, including social security numbers, is stolen from an employee who has taken the laptop off of corporate premises. Access to the social security numbers makes it possible for wrongdoers to engage in identity theft. Is an applicant’s fear that… Continue Reading
Data Breaches du Jour
Posted in Data BreachInformation regarding the latest reports of data breaches — common thread: it is taking a startingly long time for entities to (a) discover that they have been breached, and (b) to then take action to notify affected customers of potential compromises to personal information. Update on Major Data Breach at California Health Insurer Updating a… Continue Reading
July 13 Data Security Workshop – FREE
Posted in Data BreachOn July 13, Mintz Levin will be joined by Sophos, Six Weight Consulting, and MFA Cornerstone Consulting to hold a free compliance workshop focused on both the gaps and overlap of Massachusetts’ data protection regulation 201 CMR 17.oo and the recent updates to federal health and medical data privacy found in the HITECH Act. We’ll… Continue Reading
Twitter Settles With FTC
Posted in Data BreachTwitter has reached a settlement with the Federal Trade Commission (FTC) over charges that it “deceived consumers and put their privacy at risk by failing to safeguard their personal information.” In the Matter of Twitter, Inc., The FTC had alleged that “serious lapses” in Twitter’s security last year “allowed hackers to obtain administrative control of… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachOn this last day of April, there are a couple of breaches and another clarion warning about copy machines — We have blogged on this issue here and here — and again, there is another warning about the treasure trove of information residing on the hard drive of your copy machine. A CBS Evening News… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachOur Friday afternoon feature — Virginia Adds Medical Information Breach Law – The Commonwealth of Virginia has amended its data breach notification law to include breaches of medical information. For the text of the amendment, link here. Even if the data is encrypted, the law requires notice if the breach involved a person with access… Continue Reading
Government “Outs” Mystery Retailers in Gonzalez Hack Case
Posted in Data BreachInteresting post in today’s Wired: Threat Level blog about a motion in the Alberto Gonzalez hacking case that was unsealed on Monday. We now have the identities of the other two “mystery” retailers – J.C. Penney was “Company A” and Wet Seal was “Company B.” J.C. Penney argued unsuccessfully last week to keep the company’s… Continue Reading
Restaurant Chain Settles FTC Data Breach Charges
Posted in Data BreachYesterday, the Federal Trade Commission (“FTC”) weighed in with another proposed settlement agreement requiring that the Dave & Buster’s restaurant chain that experienced a massive data breach in 2007 establish and maintain a comprehensive information security program as a condition of settling a consumer protection action arising out of that data breach. This is the… Continue Reading
Quick Compliance Survey
Posted in Data BreachNo, we’re not “taking names” here. This is just a 10-question survey to gauge some basic compliance metrics. Please participate! Click here to take survey
Major “goof” at Citibank
Posted in Data BreachFor all of you who have been struggling with data security compliance obligations from various fronts, and trying to handle complex technical issues such as encryption of portable devices and data “at rest” and “in transit” — here is a very big story regarding plain old everyday mail. If you are a Citibank customer, Citi… Continue Reading
Hotel Chain Hacked Again….
Posted in Data BreachWyndham Hotels and Resorts has apparently notified the U.S. Secret Service and several state attorneys that hackers stole customer names and payment card information from its computer system. Wyndham has since notified credit card companies so that affected cardholders’ accounts may be monitored. It also has hired a firm to investigate the breach and assist… Continue Reading
Connecticut Attorney General Brings Charges Against Health Net for HIPAA Violations
Posted in Data BreachWritten by Dianne Bourque On January 13, Connecticut Attorney General Richard Blumenthal filed charges against Health Net of Connecticut, Inc., for violating federal privacy law. Blumenthal is the first state attorney general to file such a suit using HIPAA enforcement authority granted to states under the HITECH provisions of the American Recovery and Reinvestment… Continue Reading
New Settlement Agreement in Heartland Breach
Posted in Data BreachAnd the cash register continues to ring with respect to the Heartland Payment Systems Inc. breach. Heartland disclosed last week in a filing with the Securities and Exchange Commission that it has agreed to pay a maximum of $60 million to Visa Inc. and Visa card-issuing banks to settle claims arising out of the massive… Continue Reading
Security Bits and Bytes
Posted in Data BreachA few items to wrap up/review privacy and security issues in 2009 and open up 2010: Gonzalez Pleads Guilty in December 2009 – but this piece from Retail Research Systems explains why retailers should not be sanguine about data security: Privacy Risks for 2010 RFID in 2010: The New Hampshire House of Representatives voted this… Continue Reading
Happy 2010 – Data Breach du Jour
Posted in Data BreachWe are just barely into the new year, and there is already a rather large data breach to report. Officials at Eastern Washington University (EWU) are notifying up to 130,000 current and former students that their personal information may have been exposed in a security breach, reports the Seattle Times. The data involved includes names,… Continue Reading
The real cost of data breaches – Heartland to pay Amex $3.5 million
Posted in Data BreachAccording to its 8-K filing with the Securities and Exchange Commission (SEC), Heartland Payment Systems Inc. has agreed to pay American Express Travel Related Services Co. Inc. just over $3.5 million to settle any claims arising out of a massive payment card data breach. This settlement is likely to be only the first over the… Continue Reading
Privacy Class Actions….Waiting for Hannaford
Posted in Data BreachMy colleague, Kevin McGinty, has penned an interesting analysis of the latest in the class action litigation arising out of the Hannaford supermarket chain data breach. Specifically, Maine’s highest court is being asked to determine whether the law recognizes the time and effort payment cardholders spend trying to protect themselves after a data breach as… Continue Reading
More on the real cost of the Heartland breach
Posted in Data BreachNearly 10 months after disclosing a months-long data breach that affected millions of consumers, the financial impact of the Heartland data breach continues to unfold. InformationWeek reports that Heartland stock prices plunged more than $500 million following the breach, and while shareholder value has rebounded, other breach related costs have thus far totaled $32 million,… Continue Reading
Vets Data At Risk? Again?
Posted in Data BreachWired.com reports on a possible breach at — of all places — the National Archives and Records Administration (NARA) that, if verified, could affect tens of millions of records about U.S. military veterans. It appears that it may involve an issue that I call “Data Security 101” — the failure of a contractor to wipe… Continue Reading
Privacy and Security Bits and Bytes
Posted in Data BreachAfter a bit of a hiatus, our Friday afternoon feature is back: Do you know what your information is worth on the black market? It may just surprise you. Good piece on a new Symantec tool to let you do the calculations. See Information Security Resources – What Are You Worth On The Black Market?… Continue Reading
Federal Breach Notification Rules — NEXT WEEK. Are you ready?
Posted in Data BreachWritten by Cynthia and Dianne New federal breach notification rules go into effect next week for covered entities and their business associates and also for vendors of personal health records. Covered entities (organizations subject to the HIPAA privacy rule) and their business associates must report breaches of unsecured protected health information in accordance with new… Continue Reading