The U.S. Office of the Comptroller of the Currency (OCC) announced this week that it has entered into a Consent Order and fined Capital One $80 million for the data breach the company experienced last year. The OCC announced the fine and stated that it was the result of an investigation that found that Capital
Data Breach
Choice Hotels Contacts 700,000 Customers About Data Breach Caused by Vendor
In another example of a data breach allegedly caused by a vendor, Choice Hotels is contacting approximately 700,000 of its customers regarding a data breach caused by a third-party vendor that “copied the impacted data from our environment without authorization” to its server. While the data was being transferred to the third-party vendor’s server, it…
Quest Diagnostics Reports Data Breach Affecting 11.9M Patients in Securities Filing
Another day in the healthc are industry, another big data breach.
This week, Quest Diagnostics announced in a security filing with the Securities and Exchange Commission, that a collection agency vendor that it uses for collection services notified it that for eight months, an unauthorized user had access to Quest patients’ records, including credit card…
OCR Releases “Improved Web Tool” for Breach Reporting
The Office for Civil Rights (OCR) recently issued an “improved web tool that puts important information into the hands of individuals, empowering them to better identify recent breaches of health information and learn how all breaches of health information are investigated and successfully resolved.” The tool, called “The HIPAA Breach Reporting Tool (HBRT) allows individuals to navigate the breach reporting website so they can find information relating to data breaches, and allows organizations to report a data breach with more ease.
The tool is also designed to provide guidance to the health care industry on the most recent threats, and how data breaches are resolved by the OCR, “which can help industry improve the security posture of their organizations.”…
Continue Reading OCR Releases “Improved Web Tool” for Breach Reporting
Neiman Marcus Settles Data Breach Class Action Case for up to $1.6 Million
We have followed the Neiman Marcus case from the moment the data breach was announced [view related posts here, here, and here]. After winding through the judicial system, Neiman Marcus has agreed to settle, and the plaintiffs have requested that the Judge approve the proposed settlement, reached after mediation proceedings.
The settlement…
Medical Marijuana Dispensary Applications Exposed in Cyber Attack
The Nevada Division of Public Health has announced that its Medical Marijuana Program’s online database has suffered a cyber-attack that has exposed 11,700 applications requesting approval to open a medical marijuana dispensary.
Medical Marijuana agent cards were accessed, disclosing the names, Social Security number, race, address, and citizenship of the owners and employees of medical…
Data Breach Class Action Case Dismissed Against Barnes & Noble
A federal judge in Illinois dismissed the class action lawsuit filed against Barnes & Noble stemming from a data breach in 2013. The breach occurred when credit and debit card PIN pads were compromised at 63 Barnes & Noble stores.
The Judge found that the consumers did not plead sufficient harm in order to state…
Wendy’s faces class action over data breach
We wrote about Wendy’s investigation into a data breach at its chain restaurants at the beginning of January, and now Wendy’s faces a class action over that same breach. The suit claims that Wendy’s negligently exposed customers’ credit card information and lead plaintiff, Jonathan Torres, claims that hackers used his stolen credit card information, to…
Wendy’s investigating potential credit card breaches
Wendy’s may be the latest in a number of companies with Central Ohio operations that have suffered data breaches in recent years. On January 27, Wendy’s announced that it hired a cybersecurity firm to investigate claims of a possible credit card breach at some of its locations. Initially, the company was notified by its payment…
Michael’s Stores class action data breach case dismissed
Michael’s Stores, Inc. was dismissed from a putative data breach class action case involving the breach of 2.6 million payment cards as the plaintiffs were unable to show that they were injured as a result of the incident.
The case follows a long list of cases that hold that plaintiffs in data breach cases do…