Tag Archives: data security

Ways to Prevent & Prepare for Ransomware Attacks

Ransomware was involved in 10 percent of the 450 breaches handled by our Privacy and Data Protection team in 2016. This week’s news about a global ransomware attack is another example that this trend is on the rise. Companies, governments and organizations around the world are grappling with what steps they should take to minimize … Continue Reading

Deeper Dive: Ransomware – WannaCry and the Future of Ransomware-as-a-Service

In our 2017 BakerHostetler Data Security Incident Response Report, we addressed the increasingly ubiquitous scourge of ransomware, one of the fastest-growing types of malware causing data security incidents. We noted that ransomware attacks have been steadily expanding in both frequency and severity, and that those trends seemed set to continue for the foreseeable future. Less than a … Continue Reading

Babies and Baby-making, or Not… Privacy and Security Lessons for the Internet of Things

What do babies, sex toys and wireless head phones have in common? Apparently, the privacy concerns of the Federal Trade Commission (FTC), state AGs and legislatures, class action plaintiffs, and consumer advocacy groups, at least when it comes to the Internet of Things (IoT). The IoT refers to consumer devices that are connected, directly or … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, … Continue Reading

Incident Response Tip: Five Ways to Improve Information Security and Reduce the Impact of a Data Breach

The new year will arrive in a few short days and when the bell tolls, it will mark the end of another extremely active year of data breaches. High-profile breaches such as Anthem, Ashley Madison, and the Office of Personnel Management serve as a reminder that it is a matter of when, not if, your … Continue Reading

FCC’s Growing Privacy and Data Security Enforcement

The Federal Communications Commission (FCC) has had a busy 2015, and its presence in the data security regulatory enforcement space will likely continue to grow. Last year, the FCC named Travis LeBlanc as chief of the Enforcement Bureau. Since then, the FCC has brought three separate enforcement actions against companies for allegedly not safeguarding consumers’ … Continue Reading

Does the Government Have Carte Blanche to Retain Seized Data Indefinitely? In Amicus Brief to the Second Circuit, Policy Groups Argue No

On July 29, 2015, BakerHostetler filed an amicus brief with the Second Circuit on behalf of the Center for Democracy and Technology, joined by five prominent nonprofit public interest groups, for the en banc rehearing of United States v. Ganias, Case No. 12-240. In Ganias, the Court will grapple with arguments centering on whether the … Continue Reading

A Deeper Dive: Regulatory Investigations Following a Reported Breach

In our inaugural Data Security Incident Response Report (the Report), we found that regulators inquired about a company’s breach 31% of the time and multi-state state Attorneys General investigations were launched less than 5% of the time. A post-breach investigation is not guaranteed. Certainly, in large, highly public incidents, companies can expect at least an … Continue Reading

To Err Is Human; to Indemnify, Divine?: Human Foibles in the Cloud

BakerHostetler’s inaugural Data Security Incident Response Report (the “Report”) concluded that employee negligence and theft were two of the top five causes of data security incidents for the more than 200 incidents that we handled in 2014. Needless to say, this raises some important and concerning questions when it comes to the cloud. We note … Continue Reading

The DOJ Sets Out to Establish Standard for Data Security Incident Response and Preparation

Editor’s Note: The author is the most recent attorney to join our Privacy and Data Security Team. Paul represents clients in responding to potential data security incidents, counsels on incident response preparedness, and works with clients to develop appropriate policies to ensure compliance with applicable law, industry standards, or self-regulatory guidelines. He also counsels clients … Continue Reading

BakerHostetler’s First Data Security Incident Response Report Shows Human Error is Most Often to Blame

We are pleased to announce the release of the first BakerHostetler Data Security Incident Response Report, which provides insights generated from the review of more than 200 incidents that our law firm advised on in 2014. It looks at the nature of the threats faced by companies, as well as detection and response trends, and … Continue Reading

Secret Service Raises Warning About Backoff POS Malware

The Secret Service, which investigates financial crimes, issued a security Alert on July 31, 2014, warning of malware named “Backoff” that was being used to steal payment card data from point-of-sale (POS) systems.  The Alert notes that the attackers often gain initial network access by stealing or brute-forcing the passwords for remote desktop applications (e.g., … Continue Reading

Something Wicked This Way Comes – Dark and Dusty Data and the Risk Your Organization Already Owns

This blog post is a joint submission with BakerHostetler’s Discovery Advocate blog. Authored by: James Sherer During the final panel of Thomson Reuters’ 17th Annual eDiscovery & Information Governance in Practice Forum, Thomas Barnett, Ignatius Grande, and Sandra Rampersaud led a lively discussion on Managing Big Data, Dark Data, and Risk.  And while the exchange … Continue Reading

Court Denies Motion for Class Certification in Hannaford

Editor’s note: This is a cross-blog post with BakerHostetler’s Class Action Lawsuit Defense blog.  For the latest class action defense updates, visit www.ClassActionLawsuitDefense.com. In an order surely to reverberate with both the plaintiffs’ and defense bar, on March 20, 2013, Judge D. Brock Hornby of the United States District Court for the District of Maine … Continue Reading

Be Prepared: Redline Version of the HIPAA/HITECH Final Rule

The final rule is significant for any organization that is considered to be a HIPAA covered entity (“CE”) (health systems, health care providers, health plans, etc.) or the more broadly defined business associate (“BA”).  During our initial analysis of the final rule, we note significant changes to the way a breach is defined and we … Continue Reading

The Cybersecurity Act of 2012–What Does It Mean?

Yesterday, Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (ID-Conn.), Ranking Member Susan Collins (R-Maine), Commerce Committee Chairman Jay Rockefeller (D-W.Va.), and Select Intelligence Committee Chairman Dianne Feinstein, D-Ca. introduced The Cybersecurity Act of 2012.  The press release can be found here. We are seeing an increasing number of attacks targeting government secrets, trade … Continue Reading

Sony & Epsilon Support National Data Breach Notice Law in Testimony Before House Subcommittee

On June 2, 2011, representatives from Sony Network Entertainment International and Epsilon Data Management, LLC appeared before a House panel to answer questions regarding their responses to recent security breaches.  The hearing of the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade was called by Subcommittee Chairwoman Mary Bono Mack (R-Calif.) as part … Continue Reading
LexBlog