Tag Archives: data breach

Proposed $6.8M Fine Related to Puerto Rico Breach Incident

Triple-S Salud, Inc. (“Triple-S”), a Puerto Rico Health Insurance Administration (“PRHIA”) contractor, filed a Form 8-K indicating that the PRHIA intended to impose a civil monetary penalty of $6,768,000 and other administrative sanctions stemming from a breach incident affecting 13,336 Dual Eligible Medicare beneficiaries.  The breach incident occurred in September 2013 when Triple-S mailed to … Continue Reading

January 15 webinar: Managing Cardholder Data Security Risks in an Evolving Payments Landscape

Please join us from 2-3:30 pm ET on January 15 for a webinar that will provide a look back on significant payment card security events that occurred in 2013 and the security, risk mitigation, and customer relations lessons that can be learned from them. We will also discuss what the continuing and emerging threats may … Continue Reading

District Court rejects supervisor liability for state employee’s motor vehicle record data breach

Editor’s Note: This post is a joint submission with BakerHostetler’s Class Action Lawsuit Defense blog and was authored by Matthew Moody and Sammatha Clegg In a recent decision, the Federal District Court of Minnesota found that state agencies were not liable in a data breach class action suit involving a rogue employee’s unauthorized viewing of personal information … Continue Reading

Highest Bidder Loses Spoliation Fight in Auction House Data Breach

This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: Karin Scholz Jenson and  Ganesh Krishna A recent case out of the Northern District of Ohio is an unsung victory for proportionality in that the Court twice declined to sanction a plaintiff’s “failure” to forensically image computers where computer logs showing the … Continue Reading

New gTLDs Raise Data Security Concerns

Authored by: David A. Einhorn and Alan Pate ICANN is well on its way to the launch of new generic top-level domains (gTLDs) with the first ones being approved as early as April 23rd.  The handful of TLDs currently in use, such as “.com”, “.org”, and “.edu”, may soon be joined by over 1000 gTLDs … Continue Reading

Guest Blog: Vermont Privacy Breach Regulations

Editor’s Notes:Guest blog Interview by Mark Greisiger, President NetDiligence®This blog post has been republished with permission from Junto – NetDiligence Blog A Q&A with Ryan KrigerAmong state Attorneys General, Vermont has gained a reputation for being particularly aggressive about data breach and privacy regulation. To better understand the state’s Consumer Protection Act requirements and processes … Continue Reading

Court Denies Motion for Class Certification in Hannaford

Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog.  For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. In an order surely to reverberate with both the plaintiffs’ and defense bar, on March 20, 2013, Judge D. Brock Hornby of the United States District Court for the District of Maine … Continue Reading

South Korea Court Opens the Door for Unintentional Data Breach Collective Actions

Authorship Credit:  Nathan A. Schacht This is a cross blog post with BakerHostetler’s class action blog.  For the latest in class action developments, visit classactionlawsuitdefense.com.  On February 15, 2013, the Seoul Western District Court in South Korea issued a judgment in a collective consumer action against a South Korean company for a data breach involving … Continue Reading

Magistrate Recommends Dismissal with Prejudice of Claims Against Global Payments

Global Payments, which processes credit card transactions, announced on March 30, 2012 that an unauthorized person gained access to a portion of its processing system.  Global Payments later disclosed that Track 2 data (card number, expiration date, verification code but not cardholder name or address) of 1.5 million cardholders were taken.  Three individuals brought a … Continue Reading

Healthcare Organizations are Suffering from Serious Data Security Ills

The diagnosis is in, and its not good. Unless an aggressive treatment plan is put in place, the prognosis will be just as bleak. On December 6, 2012, the Ponemon Institute issued its Third Annual Benchmark Study on Patient Privacy & Data Security. The key findings were that a shocking 94 percent of healthcare organizations in the … Continue Reading

CMS’s Privacy Problem: Data Breaches, Medicare Numbers, and Inaction

Co-authored by: Cory Fox The Department of Health and Human Services Office of Inspector General (“OIG”) recently published a report, CMS Response to Breaches and Medical Identity Theft (“Report”), which referenced 14 breaches of medical information by the Centers for Medicare and Medicaid Services (CMS), including Medicare numbers, affecting nearly 14,000 beneficiaries in the past … Continue Reading

Data Breach Class Action against Popular Video Game Developer Dismissed for Failure to Plead Adequate Damages

Authored by: Alan Pate In a ruling this past Wednesday, November 14th, a Federal Judge in the Western District of Washington dismissed a class action against video game developer Valve Corporation. The class action stemmed from a November 6th, 2011 data breach of Valve’s popular online video game distribution platform, “Steam.” As a result of … Continue Reading

Congressional Update on Data Privacy & Security

The rumors of the death (or at least “dearth” — of activity) of the 112th Congress are somewhat exaggerated, to morph a phrase from Mark Twain; at least regarding the last couple weeks prior to the Independence Day recess. Not only did Congress pass major legislation related to the FDA, transportation programs and student loans … Continue Reading

Massachusetts Attorney General Settles Enforcement Action for $750,000

In June, 2010, South Shore Hospital announced on its website that unencrypted back-up tapes containing patient information went missing and were believed to have been discarded at a dump.  Reports state that this incident involved 473 tapes which contained information about 800,000 patients, including names, social security numbers, account numbers, and medical diagnoses. On May … Continue Reading

UPDATE: If There is Credit Card Fraud, There Must Have Been a Breach

As we reported in December 2010, after an online merchant suffered chargeback losses of almost $12,000 on nine fraudulent orders, it sued the bank that issued the nine cards that were fraudulently used alleging that the most likely cause of the fraud was a data security breach at the bank that the bank ignored.  The merchant … Continue Reading

Senate Cybersecurity Bill Due Out This Week; Floor Action Not Likely Until March

Odds are good that legislation to address online threats to the nation’s critical infrastructure assets will finally be released this week, but real action on it won’t take place until March: The Homeland Security and Government Affairs Committee, chaired by Joe Lieberman (I-CT), has scheduled a hearing on the ‘Cybersecurity Act of 2012’ for Thursday … Continue Reading

Privacy and Data Breach Regulatory Activity–A Year in Review

While plaintiffs continue to face an uphill battle proving damages in privacy litigation – regulatory actions and investigations seem to be increasing.  During 2011, we saw activity from many government agencies—both state and federal—including the Federal Trade Commission (FTC), Department of Education (DOE), Department of Health and Human Services (HHS) Office for Civil Rights (OCR), … Continue Reading

Online Privacy and Data Security Legislation Update — 2011 Year in Review

The end of 2010 featured the Department of Commerce citing the need for a Privacy Bill of Rights in its green paper and the FTC's preliminary online privacy report discussing the need for a Do Not Track mechanism. The momentum generated by these reports led to the introduction of multiple versions of Do Not Track and comprehensive privacy rights bills in early 2011. By mid-2011, at least five different data security and breach notification proposals were circulating in the wake of high profile data breaches. Reports about location based tracking led to the introduction of geolocation privacy and surveillance bills. Proposed amendments to the Children's Online Privacy Protection Act, Electronic Communications Privacy Act, and Video Privacy Protection Act were also made. And by the end of 2011, several cybersecurity bills designed to protect critical infrastructure had been introduced. Even though Congress held hearings on privacy issues, subcommittees approved several bills, and there was support from the Obama administration for comprehensive privacy legislation, as many expected, however, none of these bills were enacted when the first session of the 112th Congress adjourned December 18. The safe prediction for 2012 is more of the same--a lot of proposals but no consensus. It is certainly possible that another high profile data breach or cyberattack against a utility or government contractor could create enough urgency to force a consensus. However, numerous high profile breaches (Epsilon, Sony, Citi, RSA, Lockheed Martin and several health care providers), hactivist attacks against government security contractors (IRC Federal and HBGary), and reports about how the "weaponized" Stuxnet virus caused centrifuges in an Iranian nuclear facility to spin wildly out of control were not enough in 2011. We certainly expect to see data breach notification, comprehensive privacy, and cybersecurity bills addressed again in 2012. We may also see narrower bills aimed at online and location based tracking as well as Children's privacy. Emerging technology, including mobile payments and facial recognition, may also garner legislative attention. Below is a round-up of the 2011 privacy and data security legislative proposals, including links to more detailed analysis from our blog posts during the year.… Continue Reading

RockYou Proposed Settlement Would Leave Decision Standing

The parties in the Claridge v. RockYou case submitted a proposed settlement agreement to the court for approval on November 14, 2011.  This case, which was filed shortly after RockYou disclosed a breach that compromised 32 million log-in credentials, received national attention in the spring.  In April 2011, the California federal district court declined to … Continue Reading

Baker Hostetler Data Breach Emergency Response Team Launches Data Breach Hotline

After you learn of a potential data breach, the clock is ticking and potential liabilities are mounting. Quickly identifying the right team to guide your company through the complexities of the response is paramount. Baker Hostetler’s Privacy, Security & Social Media Emergency Response Team has launched a dedicated hotline so it can be reached at … Continue Reading

Does the First Circuit’s Decision in Hannaford Signal a Changing Tide?

Until last week, most of us thought that the Hannaford Brothers data breach litigation was just another example of how Plaintiffs are not able to recover in class action lawsuits without proof of actual harm. The Hannaford Brothers supermarket chain suffered a data breach between December, 2007 and March, 2008 where hackers accessed over 4M … Continue Reading

Despite Growing Corporate Awareness of Data Breach Risk, Risk Planning Lags

Advisen has released report titled, “A New Era in Information Security and Cyber Liability Risk Management: A Survey on Enterprise-wide Cyber Risk Management Practices,” which summarizes the results of a survey of over 500 risk management professionals. More than 60 percent of the survey participants work for companies with annual revenues exceeding $1 Billion a year … Continue Reading
LexBlog