Archives: Data Breach

Subscribe to Data Breach RSS Feed

New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack

We all know data breaches can impact all of us, regardless of whether we are a Fortune 500 company or a small business. Lawyers, of course, are not immune from data attacks and recent guidance from the American Bar Association Standing Committee on Ethics and Professional Responsibility illustrates how critical it is for lawyers and … Continue Reading

Facebook Acknowledges Breach of Sensitive Data for Nearly 30 Million Users

As we previously noted, Facebook originally announced a breach late last month, in which hackers took advantage of a code vulnerability in the website’s “View As” feature, to access user’s data. However, on October 12, 2018, Facebook stepped back the number of affected accounts from 50 to roughly 30 million, and it acknowledged that hackers … Continue Reading

Hacker Hits Toyota Industries N.A.

Toyota Industries North America (TINA) has discovered that a hacker was able to access its corporate email system, compromising the personal and protected health information of approximately 19,000 individuals, apparently most of whom were employees. The data that was potentially compromised included health insurance information, names, addresses, dates of birth, financial information, Social Security numbers, … Continue Reading

Uber Settles Data Breach Case With All 50 State AGs for $148 Million

Yesterday (September 26, 2018), Uber Technologies Inc. agreed to finish inquiries of all 50 states of its 2016 data breach by paying $148 million in different amounts to all 50 states and the District of Columbia. The settlement concludes the investigations into the data breach, which occurred in 2016 when hackers absconded with the personal … Continue Reading

Years-Long Exposure of Sensitive Client Information Results in $200,000 Settlement with New York Attorney General

In late August, the Attorney General of the State of New York announced a $200,000 settlement with a New York-based non-profit organization that provides services to developmentally disabled individuals and their families after concluding that the organization exposed sensitive personal information of its clients on the Internet for almost three years. The settlement is the … Continue Reading

Ohio Passes Law Providing Safe Harbor for Businesses Suffering Data Breach

The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits. The law goes into effect on November 2, 2018. Basically, the law gives the business a safe harbor if the business implements and complies with “a recognized cybersecurity framework.” … Continue Reading

Parties Seek to Centralize Saks/Lord & Taylor Data Breach Litigation

As we noted earlier this year, Saks Fifth Avenue LLC, Saks Incorporated, and Lord & Taylor previously disclosed, on April 1, 2018, that some of their customers’ personal information may have been compromised in a data breach. Those companies all share the Canadian business group Hudson’s Bay Company (collectively with Lord & Taylor LLC, Saks … Continue Reading

Data Breach Results in $1.4 Million Theft from CHET 529 College-Savings Accounts

On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018. Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct … Continue Reading

Connecticut Expands Consumer Protections Against Identity Theft and Data Breaches

On June 4, 2018, Connecticut Governor Dannel P. Malloy signed into law Public Act No. 18-90 “An Act Concerning Security Freezes on Credit Reports, Identity Theft Prevention Services and Regulations of Credit Rating Agencies” (P.A. 18-90). This bill makes several revisions to Connecticut laws concerning identity theft, most notably by newly prohibiting credit reporting agencies … Continue Reading

Paper Records Still Problematic for Healthcare Providers

Data breaches continue to be an issue for healthcare providers, as indicated when looking at breaches reported to the Office for Civil Rights (OCR), as required by HIPAA. In the first three months of 2018, there were 77 breaches of protected health information (PHI) reported to OCR, which included more than one million patient records. … Continue Reading

Former Employee of SunTrust Lifts 1.5 million Customers’ Information

SunTrust Banks Inc. (SunTrust) recently notified 1.5 million customers that information, including their names, addresses, telephone numbers, and account balances, was taken by a former employee. Curiously, although SunTrust indicated that no customer Social Security numbers or driver’s license information were included in the information lifted by the former employee, it is offering free identity … Continue Reading

Blue Shield of California Notifies Insureds of Disclosure of PHI to Insurance Broker

According to a notification letter sent to an unknown number of patients, Blue Shield of California (Blue Shield), “shared” the protected health information of members with an insurance broker who was not supposed to receive it. Apparently a Blue Shield employee sent the information via an email to the broker during the 2018 Medicare Annual … Continue Reading

Busy Data Breach Week

Unfortunately, it was another busy data breach week. Here’s a summary of the major ones. Delta Airlines admitted in a statement that the payment card data of several hundred thousand customers might have been compromised by malware between September 26 and October 12, 2017, through a third-party vendor ([24]7.ai that provides online chat services to … Continue Reading

Improper Data Sharing With Cambridge Analytica May Affect 87 Million Facebook Users

Facebook reports that the personal data of 87 million Facebook users, mostly located in the United States, “may have been improperly shared” with British data analytics firm Cambridge Analytica. Previous estimates put the possible scope of improper sharing at about 50 million users. The increased number was calculated by Facebook by totaling the friends of … Continue Reading

Oregon Strengthens Data Breach Reporting Law

Oregon Governor Kate Brown recently signed a new data breach reporting law (S. 1551) that toughens the state’s existing requirements. The new law requires companies to notify individuals within 45 days after a data breach has been discovered, unless a delay in notification is requested by law enforcement. It expands the definition of personal information … Continue Reading

Orbitz Confirms Breach of Travel Records and Credit Card Information of 880,000 Individuals

Orbitz, the travel booking entity that is owned by Expedia, has confirmed that it has “identified and remediated a data security incident affecting a legacy travel booking platform.” This means that one of its older websites that are used by customers to book their travel plans was hacked. The statement says that Orbitz uncovered evidence earlier … Continue Reading

Verizon Protected Health Information Data Breach Report Concludes that Insiders Are Greatest Threat to Health Care Entities

Verizon recently issued its Protected Health Information (PHI) Data Breach Report, which is always an interesting read. Not surprisingly, Verizon’s report concludes that based upon analysis of 1,360 security incidents involving the health care sector, 58 percent of the incidents were caused by insiders and 42 percent were caused by external threats. Insider threats can … Continue Reading

473,807 Patient Records Compromised in January, 2018—83 Percent Caused by Hacking Incidents

The recently released Protenus Healthcare Breach Barometer report notes that in January, 2018, at least 473,807 patient records were compromised in 37 breaches reported to the Office for Civil Rights. Twelve of the reported breaches were attributable to insiders, which was 32 percent of the data breaches reported in January. Seven of those incidents were … Continue Reading

EDUCAUSE Challenges the US DOE’s Guidance on Data Breach Reporting

On January 30, 2018, EDUCAUSE, a higher education technology association, submitted a letter to the U.S. Department of Education describing concerns that it had with the Federal Student Aid (“FSA”) ability to protect federal student financial aid data. EDUCAUSE’s members include IT professionals from over 1,800 colleges and universities as well as other organizations. First, … Continue Reading
LexBlog