Leveraging Knowledge to Manage Your Data Risks
On December 18, seven states have entered into a settlement agreement with e-retailer Cafe-Press for $2 million stemming from a 2019 data breach that exposed information of approximately 22 million consumers. The breach affected consumers’ personal information, including usernames and passwords, Social Security numbers, and/or Taxpayer Identification numbers.
Of the $2 million, $750,000 will be…
As I wrote about previously on our blog, the Massachusetts Right to Repair amendment passed in November is up against a lawsuit from auto manufacturers. Now, the Massachusetts’ Attorney General’s office has responded stating that the state law does not conflict with any federal statute and that voters already rejected all of the lawsuits allegations.…
The SolarWinds cyber-attack is on everyone’s mind this week, given that most experts believe this cyber-attack will have broad impact across both the public and private sectors. For more details about the SolarWinds attack, please read this. The sheer breadth of this attack led me to reflect on the role of cyber-liability insurance for…
Home Depot has agreed to settle a multi-state enforcement action by 46 U.S. states and Washington, D.C. arising from the data breach that occurred in 2014. Home Depot has agreed to pay $17.5 million to put the enforcement action behind it. The investigation was led by the Attorneys General of Connecticut, Illinois and Texas.
The…
The Office for Civil Rights (OCR) recently settled a tenth case under its right-to-access initiative with California-based Riverside Psychiatric Medical Group (RPMG), for $25,000.
Although a relatively small settlement in the amount paid, it shows that the OCR is taking patients’ requests for access to their medical records seriously, and that no complaint is too…
You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a…
Last month, an Oregon federal judge refused ViSalus’ request to decrease the $925 million jury award against it for its alleged violations of the Telephone Consumer Protection Act (TCPA). ViSalus, a health supplement maker, allegedly made approximately 1.8 million unsolicited robocalls. This award came after ViSalus decided not to settle the class action and face…
On September 2, 2020, Age of Learning, Inc. (operating as ABCmouse), a children’s online educational company, settled with the Federal Trade Commission (FTC) for $10 million for its alleged misrepresentations and failure to disclose important information to consumers.
The FTC’s complaint alleged that ABCmouse unfairly billed users without their authorization and also made it very…
Small health care organizations may think they are under the radar of the Office for Civil Rights (OCR), but a settlement the OCR agreed to last week should disabuse small health care providers of that notion.
On July 23, 2020, the OCR issued a press release outlining the terms of its settlement with Metropolitan Community…
Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a…
