Marriott today announced a major data breach, perhaps one of the largest in history. This breach illustrates the often made point that breaches and intrusions happen and go unnoticed for months or years. Marriott’s breach involved an unauthorized party that copied and encrypted information in the Starwood reservations database back in 2014. When Marriott acquired

Atrium Health and its vendor, AccuDoc Solutions, released a joint announcement this week that AccuDoc’s database of 2.6 million billing records of Atrium Health’s patients has been compromised by a hacking incident.

The information contained in the database included patient names, addresses, dates of birth, health insurance information, account balances, dates of service and some

Phishing attacks continue to hit health care providers and experts say the attacks will become even more frequent in 2019. As previously reported, the largest breach of health care information was recently settled by Anthem, which involved almost 80 million individuals’ information, all caused by a phishing email sent to one individual at Anthem [view

Radisson Hotel Group has notified some of its global loyalty program customers that hackers have stolen their personal information, including their names, addresses, email addresses, and in some cases, their employment and employers’ name and telephone number, rewards member number and frequent flyer numbers.

When it discovered the compromise, it hired investigators and revoked access

On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate.

  • Please see our analysis of an

According to reports by WhoWhatWhy and the Associated Press, five security experts have confirmed a private citizen’s allegation that the Georgia Online Voter Database contains a major security flaw and is vulnerable to hackers. According to one of the experts from the University of Michigan, anyone with access to an individual voter’s personal information could alter that voter’s information in the database. Another commented that the problem is easily detectable, and that it was clear that the system “has never been audited by any computer security professional.”
Continue Reading Election Day: Five Security Experts Conclude that Georgia’s Online Voter Database is Easily Hackable

We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 in attorneys’ fees, and $2,500,000 in expenses. Additionally, class members will be able to avail themselves of various credit monitoring services, and the class representatives who filed the action will be entitled to between $7,500 and $2,500 each, exclusive of the settlement funds, depending on the nature of their involvement. The settlement would apply to both the pending federal class action—before District Judge Lucy H. Koh—and similar state court litigation. 
Continue Reading Parties Seek to Settle Yahoo Data Breach Class Action for $50M

Cyber-attacks on healthcare data are becoming increasingly common and costly and last week even CMS announced that it had suffered a data breach. The breach was detected in the Direct Enrollment pathway that allows agents and brokers to assist consumers with applications in the federal facilitated ACA exchange. The breach affected approximately 75,000 individuals’ files.

Federal legislation recently took effect that prohibits consumer reporting agencies from charging a fee to place or remove (lift) a security freeze on a consumer credit report in response to a consumer request. The “Economic Growth, Regulatory Relief, and Consumer Protection Act” (the Act) was passed on May 24, 2018. The Act includes important updates to the Fair Credit Reporting Act (FCRA) that may in turn affect the information that businesses provide to customers or clients in response to a data breach or similar security incident.
Continue Reading Federal Legislation Enables Consumers to Obtain Security Freezes on Credit Reports Free of Charge

We all know data breaches can impact all of us, regardless of whether we are a Fortune 500 company or a small business. Lawyers, of course, are not immune from data attacks and recent guidance from the American Bar Association Standing Committee on Ethics and Professional Responsibility illustrates how critical it is for lawyers and law firms to be aware of cybersecurity issues and accompanying ethical considerations. See a copy of Formal Opinion 483 here. (Opinion).
Continue Reading New Ethics Guidance for Lawyers from the American Bar Association (ABA) Regarding Data Breach and Cyber-attack