Linn Foster Freedman

Linn Foster Freedman

Linn Freedman practices in data privacy and security law, and complex litigation. She is a member of the Business Litigation Group and chair’s the firm’s Data Privacy and Security Team. She currently serves as general counsel to the Rhode Island Quality Institute. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations, as well as emergency data breach response and mitigation. She counsels clients on state and federal data privacy and security investigations and data breaches. Prior to joining the firm, Linn was a partner at Nixon Peabody, where she served as leader of the firm’s Privacy & Data Protection Group. She also served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Subscribe to all posts by Linn Foster Freedman

TCM Bank Website Flaw Compromises About 10,000 Customers’ Data

TCM Bank, a subsidiary of ICBA Bancard Inc., notified some 10,000 credit card applicants in the past week that their names, addresses, dates of birth, and Social Security numbers were compromised between March 2017 and the middle of July 2018. TCM assists approximately 750 community and smaller banks with issuing credit cards to account holders. … Continue Reading

Privacy Tip #151 – Can Banks Give or Sell My Information to Facebook or Other Social Media Platforms?

Many readers questioned me about the Wall Street Journal article this week entitled, “Facebook to Banks: Give Us Your Data, We’ll Give you Our Users.” The questions and comments ranged from “Can they really do this?” to “This is outrageous!” Without getting into a legal analysis, there are laws that banks have to follow when … Continue Reading

Russian Hackers Successfully Phished Hundreds of U.S. Companies Last Year

The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by … Continue Reading

Putin Gives Trump Computer Chipped Soccer Ball

While meeting with Russian President Vladimir Putin, President Trump was given a soccer ball, symbolic of the 2018 World Cup played in Russia. Bloomberg has reported that the soccer ball contained a chip, known as near-field communication (NFC) tag, which can transmit information to nearby cellphones, presumably including Trump’s as well. The chips can send … Continue Reading

FERC Requires New NERC Reliability Standards for Reporting Cyber Incidents

The Federal Energy Regulatory Commission (FERC) announced on July 19, 2018, that it is directing the North American Electric Reliability Corporation (NERC) “to develop and submit modifications to the NERC Reliability Standards to augment the mandatory reporting of cybersecurity incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk … Continue Reading

Virginia Bank, Hacked Twice with Phishing Schemes, Losing $2.4 Million

In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading

Privacy Tip #149 – LifeLock Customers Could Be Targeted with Phishing Campaign

We previously reported that LifeLock suffered a data breach and has been sued by the Federal Trade Commission for allegations of misleading customers [view related post], for which it settled with the FTC for $116 million [view related post] and then settled a suit alleging false statements to customers for $68 million [view related post]. … Continue Reading

iPhone Users Targeted by New Malware Campaign

Cisco Talos has discovered a new menace to iPhone users—a sophisticated malware campaign targeting iPhones to trick users into downloading an open-source Mobile Device Management (MDM) solution that gives the hackers control of the phone. It is reported that Cisco and Apple are working together to combat the threat. According to reports, once the MDM … Continue Reading

Healthcare Industry Continues to Fight Cyber-Attacks at Alarming Rate—Healthcare Data Breaches Cost Average of $408 Per Record

It is clear that the healthcare industry continues to be targeted with cyber-attacks. In 2018, the 10 largest health care breaches, outlined here, include unauthorized access to protected health information (PHI) through a vendor offering claims processing, ransomware incidents, successful phishing schemes, mailing PHI to wrong addressees, hacking, a misdirected email, and a lost unencrypted … Continue Reading

Privacy Tip #148 – Medtronic MyCareLink Heart Monitors Vulnerabilities Identified

Wearable technology and medical devices have vulnerabilities just like anything else that is digital. ICS-CERT recently issued an advisory about vulnerabilities in Medtronic’s MyCareLink patient heart monitors. These devices are implantable cardiac devices that transmit patients’ heart rhythms directly to a provider. The alert notes that vulnerabilities identified in the devices could be exploited by … Continue Reading

FDA Classifies St. Jude Defibrillators as Class 2 Recalls for Cybersecurity Updates

We have previously reported on the ongoing cybersecurity issues with St. Jude defibrillators [view related posts here, here, and here]. On June 29, 2018, the Food and Drug Administration (FDA) classified the required firmware updates to St. Jude defibrillators as Class 2 recalls, which is the medium-severity category of classifications that is applicable to issues … Continue Reading

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S. – E.U. Privacy Shield Framework has been intensely criticized by E.U. authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release stating that it has settled its complaint against ReadyTech, a California-based online training company for “falsely” … Continue Reading

ReadyTech Settles With FTC Over Claims of Participation in Privacy Shield

Although the U.S.-E.U. Privacy Shield Framework has been intensely criticized by E.U. Authorities, the Federal Trade Commission (FTC) continues to enforce violations of it by U.S. companies. On July 2, 2018, the FTC issued a press release that it has settled its complaint against ReadyTech, a California online training company for “falsely” claiming that it … Continue Reading

Ticketmaster Hit With Malware Compromising UK Customers’ Data

Ticketmaster has reported that it has “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.” As a result, UK customers who bought theater, concert or sporting event tickets between February and June 23, 2018, may have been affected by the breach. The malware deployed was designed … Continue Reading

Virginia Data Breach Law Amended to Include Income Tax Preparers

We have frequently reported about how devastating and widespread tax fraud is in the U.S.—in the past affecting hundreds of thousands of U.S. taxpayers [view related privacy tip]. Income tax preparers are at risk for cyber intrusions because they hold highly sensitive personal information of their clients, which can be used by criminals to commit … Continue Reading

Chilean Bank Struck by “Virus” that Steals $10 Million

Just weeks after Mexico’s central bank was targeted by hackers who stole $15 million, Chile’s biggest bank, Banco de Chile, announced on May 28, 2018, that it had been struck by a “virus” that affected its workstations, including malware that contained disk-wiping capabilities. The malware sabotaged approximately 9,000 master boot records of the bank’s computers … Continue Reading

Hackers Steal $31 Million in Cryptocurrency from Bithumb

Bithumb, located in South Korea and ranked the seventh largest cryptocurrency exchange, has confirmed that it was hacked and that the thieves absconded with approximately $32 million in coins, including the XRP token issued by Ripple. Following the hack, the exchange stopped processing cryptocurrency deposits and withdrawals and moved assets offline. Bithumb has reported that … Continue Reading

Supreme Judicial Court Rules Robocalls are Harassment

The Massachusetts Supreme Judicial Court (SJC) ruled this week in favor of a consumer who sued Target, alleging that it harassed her with robocalls. The plaintiff applied for a Target credit card, and subsequently got behind in payments. Starting in January 2015, Target contacted the debtor in an attempt to collect the debt. According to … Continue Reading
LexBlog