In an unusual move, Delta Airlines (Delta) sued one of its vendors last week for the data breach it experienced in 2017. It’s an unusual move for several reasons. First, in our experience when a vendor causes a data breach, there is usually a contractual provision that can be followed that outlines the responsibility of … Continue Reading
AT&T was sued this week in the Northern District of California by customers alleging that AT&T sold their location data to data aggregators without their consent. The proposed class action suit was filed on behalf of all AT&T wireless customers from 2011 to date. The suit alleges that AT&T sold customers’ location data to LocationSmart … Continue Reading
Two law firms were among the latest victims of the GozNym malware attack that caused a combined loss of more than $117,000. Law enforcement authorities recently announced the dismantling of a cybercrime network that used this GozNym malware to attempt to steal an estimated $100 million from victims in the United States and around the … Continue Reading
The “Uber of weed” app developed by Eaze Solutions, Inc. (Eaze) provides information to users about the delivery of recreational and medical marijuana throughout California. Unfortunately, Eaze allegedly violated the Telephone Consumer Protection Act (TCPA) by inundating its users with unsolicited, autodialed text messages about how to buy marijuana. The named plaintiff alleges that she … Continue Reading
The Federal Trade Commission (FTC) issued an Order to File a Special Report to seven Internet broadband providers in the U.S., requesting information on how the companies “collect, retain, use and disclose information about consumers and their devices.” According to its press release, the FTC “is initiating this study to better understand Internet service providers’ … Continue Reading
DNA technology has assisted law enforcement in identifying criminals for decades. The U.S. National DNA Database System stores the DNA data of millions of criminals, and allows law enforcement officers around the country to compare and match forensic evidence in this central repository. This closed universe of DNA only contains data from individuals arrested or convicted of a … Continue Reading
Lead plaintiff, John Herrick, in the Telephone Consumer Protection Act (TCPA) class action lawsuit against GoDaddy.com LLC (GoDaddy.com) opposed an Arizona federal judge’s May 2018 decision to grant summary judgment in favor of GoDaddy.com. The court granted summary judgment on the grounds that the platform used to send the text messages did not qualify as … Continue Reading
The Department of Justice (DOJ) recently announced two high-dollar False Claims Act (FCA) enforcement actions involving allegedly fraudulent arrangements tied to the implementation and use of electronic health record systems (EHRs). The respective settlements enable recovery by DOJ of over $100 million, and immediately precede the government’s recent proposal of new rules to promote the … Continue Reading
Players of the popular Fortnite video game have filed a proposed class action suit against the video game’s owner, Epic Games Inc. (“Epic”) alleging that Epic failed to protect players’ accounts, allowing hackers access to their payment details in a 2018 data breach. According to the suit, the players gave Epic their payment information in … Continue Reading
We previously reported that Cottage Health, a health care entity operating several hospitals in California, settled with the State of California for $3 million in regard to a security incident that occurred in 2013. On February 7, 2019, the Office for Civil Rights (OCR) issued a press release that it settled HIPAA violations in December … Continue Reading
Last week, Florida skin care spa, Medspa Del Mar LLC (Medspa) was hit with a Telephone Consumer Protection Act (TCPA) class action in federal court for allegedly using an automatic dialing system to send unwanted text messages advertising its treatments. Lead plaintiff claims that Medspa invaded her and other class members’ privacy by sending a … Continue Reading
On January 25, 2019, a unanimous Illinois Supreme Court held that, under that state’s Biometric Information Privacy Act (BIPA), a person need not suffer actual injury or adverse effect in order to bring suit under the statute. In its decision in Rosenbach v. Six Flags Entertainment Corp., the Court determined that a minor child whose … Continue Reading
The regulatory sword of the financial industry came down on a former securities employee for violations involving wire transfers out of a client’s account. The Financial Industry Regulatory Authority (FINRA) provides oversight of the financial industry. According to their website, in 2017, they brought 1,369 disciplinary actions against registered individuals and firms, levied fines totaling … Continue Reading
Industrial Loan Companies (ILCs) are a different kind of financial institution. The ILC is a state-chartered FDIC-insured depository financial institution with certain advantages common to banks but without all of the corresponding regulatory overlay. This is one reason why aspiring fintech companies may consider foregoing the pursuit of a federal OCC “fintech” charter in favor … Continue Reading
France’s data protection authority (DPA) (CNIL) recently announced that it has fined Google $57 million for violations of the General Data Protection Regulation (GDPR). This is the first fine by a European DPA of an American company for alleged violations of the sweeping EU privacy law. According to the CNIL, Google did not tell consumers … Continue Reading
A federal magistrate judge in California has ruled that law enforcement personnel may not require suspects to unlock their phones with biometric identifiers like a fingerprint, iris scan or facial recognition, saying the practice is unconstitutional. The decision followed the request for a search warrant in an extortion case. The prosecutors asked for an order … Continue Reading
According to reports, a Georgia-based physician who previously pleaded guilty to criminal violations of the Health Insurance Portability and Accountability Act (HIPAA) received six months of probation from a Massachusetts federal judge earlier this week. The physician – a pediatric cardiologist – pleaded guilty in February, 2018 to a misdemeanor count of wrongful disclosure of … Continue Reading
Neiman Marcus Group LLC has settled an investigation of its 2013 data breach with 43 states and the District of Columbia for $1.5 million. The data breach involved 370,000 credit cards, where 9,200 of the cards were used in a fraudulent manner [view related posts]. Illinois Attorney General Lisa Madigan, and Connecticut Attorney General George … Continue Reading
A federal judge recently held that mere allegations that a healthcare provider’s patient information portal failed to utilize sufficient security measures, without allegations of an actual breach, were insufficient to confer standing on the plaintiff. The case, Williams-Diggins v. Mercy Health—which was pending in the United States District Court for the Northern District of Ohio—centered … Continue Reading
The State of Rhode Island, Office of the Rhode Island General Treasurer, acting on behalf of the Employees’ Retirement System of Rhode Island, recently filed a motion for consolidation of the two lawsuits and appointment as lead plaintiff in a securities lawsuit filed in the Northern District of California against Alphabet, Inc., the parent of … Continue Reading
Calling the Marriott data breach “one of the largest digital infestations in history,” a putative class action was filed in Oregon this week seeking up to $12.5 billion dollars in relief. It should come as no surprise that soon after Marriott announced its massive data breach affecting potentially 500 million customers in the Starwood reservations … Continue Reading
On November 2, 2018, the New Jersey Attorney General announced a settlement worth up to $200,000 with a former medical transcription company responsible for a breach affecting medical records of up to 1,654 patients of a New Jersey physician network for which the company acted as a business associate. Please see our analysis of an … Continue Reading
We previously wrote about the Yahoo data breaches, subsequent class action pending in California, and the company’s estimate of potential settlement costs. Based on the Plaintiffs’ recent Motion for Preliminary Approval of Class Action Settlement, filed on October 22, 2018, the parties have tentatively agreed to settle the case for $50,000,000 in settlement funds, $35,000,000 … Continue Reading
In the wake of the determination by the European Commission that the EU-US Safe Harbor Framework was insufficient to protect EU citizens’ personal information, the Privacy Shield Framework was implemented by the Department of Commerce. Companies who apply for Privacy Shield certification are required to file an application, which requires the companies to attest to … Continue Reading
