In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it … Continue Reading
Another day in the healthc are industry, another big data breach. This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card … Continue Reading
The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals … Continue Reading
We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings. The settlement includes a payment … Continue Reading
The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary. Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical … Continue Reading
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble stores. The Judge found that the consumers did not plead sufficient harm in order to state … Continue Reading
We wrote about Wendy’s investigation into a data breach at its chain restaurants at the beginning of January, and now Wendy’s faces a class action over that same breach. The suit claims that Wendy’s negligently exposed customers’ credit card information and lead plaintiff, Jonathan Torres, claims that hackers used his stolen credit card information, to … Continue Reading
Wendy’s may be the latest in a number of companies with Central Ohio operations that have suffered data breaches in recent years. On January 27, Wendy’s announced that it hired a cybersecurity firm to investigate claims of a possible credit card breach at some of its locations. Initially, the company was notified by its payment … Continue Reading
Michael’s Stores, Inc. was dismissed from a putative data breach class action case involving the breach of 2.6 million payment cards as the plaintiffs were unable to show that they were injured as a result of the incident. The case follows a long list of cases that hold that plaintiffs in data breach cases do … Continue Reading
Last week, a Minnesota court ruled that a consolidated class action filed against SuperValu retail chain failed to assert any harm, finding that while SuperValu did suffer two data breaches, the class’s claims of possible future injuries were too speculative, and the class therefore lacked standing to sue. The data breaches occurred in 2014 at … Continue Reading
The Office for Civil Rights (OCR) announced on Monday, December 14, 2014, that it has settled a HIPAA investigation with the University of Washington Medical School involving a data breach in October of 2013. The breach occurred when an employee in the billing office clicked on an email attachment that contained malware and exposed 90,000 … Continue Reading
‘Tis the season of shopping. Cyber-Monday has just passed and news flashes indicate that the total amount consumers purchased online on Monday will exceed $3 billion. Wow. All with credit cards. We all use our credit cards more during the holidays than any other time of year. As a result, it is a prime time … Continue Reading
Dow Jones & Co. has notified 3500 of its customers that their information was accessed by an unauthorized individual in a data breach that spanned from August 2012 through July 2015. The unauthorized access, through malware, exposed the names, addresses, email addresses, telephone numbers, and credit card information of 3,500 subscribers, including subscribers to The Wall … Continue Reading
Visa, Inc. announced on August 18th that it has reached a settlement with Target for $67 million to reimburse Visa for costs associated with the Target data breach in late 2013, including issuing millions of new cards to affected consumers. Target was unable to reach a similar proposed settlement with MasterCard (view related posts Proposed … Continue Reading
Ho hum. Another class action filed against OPM for its massive data breach. The interesting fact here? The suit’s named plaintiff is a Judge with the Social Security Administration. On Friday, August 7, Social Security Administration Judge Teresa J. McGarry hit the OPM with its latest proposed class action suit alleging that OPM was aware … Continue Reading
United Airlines has confirmed that it has suffered a data and network breach that occurred during the same time frame as the OPM breach. Investigators suspect the same Chinese state-sponsored hackers are responsible for both breaches. One theory being advanced about the connection between the two breaches is that the Chinese state-sponsored hackers are targeting specific … Continue Reading
In its most recent filing with the Securities and Exchange Commission (SEC), Fred’s Inc. disclosed this week that a security firm found malware in its system that was designed to lift customer credit card information. Although it appears from reports that the hackers may have had access to customer credit card information, the security firm … Continue Reading
We previously reported that Medical Informatics Engineering, Inc. was sued over a data breach that occurred in May and affected over 4 million individuals. Thereafter, Indiana AG Gregory Zoeller advised all Hoosiers to freeze their credit to protect themselves. Late last week, a second proposed class action suit was filed against Medical Informatics in California … Continue Reading
Medical Informatics Engineering, Inc., an electronic medical record service provider, recently disclosed a data breach affecting approximately 4 million individuals. Within days of the disclosure, Medical Informatics was hit with a proposed class action lawsuit alleging that it should be held to a higher standard as its business is based on data security and it failed … Continue Reading
We previously reported that UCLA suffered a data breach affecting 4.5 million patients. Days following the announcement of the breach, plaintiffs filed a proposed class action lawsuit against UCLA, alleging that UCLA should have seen the attack coming and that they “knew or should have known of the risks inherent in maintaining their customers’ nonpublic … Continue Reading
Reports of security breaches involving health care information have become increasingly prevalent in recent years, and such breaches seem to be continually growing in scope and magnitude. In the April 14, 2015, issue of JAMA, the Journal of the American Medical Association, three California researchers led by Dr. Vincent Liu (hereinafter Liu et al.) sought … Continue Reading
If you have never taken a close look at Verizon’s yearly Data Breach Investigations Report, we highly recommend that you do. It just came out, and is once again, a very informative read. The Verizon Report received data breach incident information from 70 contributing organizations in 61 countries, which reported on 79,790 security incidents, representing … Continue Reading
Senate Democrats, led by Senate Judiciary Committee Ranking Member Patrick Leahy of Vermont, introduced legislation on April 30, 2015 directed to online consumer privacy and data protection. The Consumer Privacy and Protection Act of 2015, one of multiple proposals before Congress this year, requires companies storing sensitive personal or financial information on 10,000 or more … Continue Reading
In the wake of huge data breaches in the last year, multiple pieces of legislation have been introduced in the past few months relating to cybersecurity and the sharing of information between public and private entities in order to combat increasingly sophisticated cyberattacks. Yesterday, the U.S. House of Representatives passed bipartisan legislation (the Protecting Cyber … Continue Reading
