Data Security

Subscribe to Data Security via RSS

On February 21, 2025, a federal district court judge from the Southern District of New York issued a preliminary injunction against the Department of Government Efficiency’s (DOGE), access to Treasury Department payment systems, stating access was provided in a “chaotic and haphazard manner.” The order resulted from a suit filed by 19 state Attorneys General

The Trump administration has systematically fired federal privacy- and security-focused employees since taking office.

Three members of the bipartisan, independent agency, the Privacy and Civil Liberties Oversight Board (which was established by Congress in 2004 “to ensure that the federal government’s efforts to prevent terrorism are balanced with the need to protect privacy and civil

If you are a GrubHub customer, read carefully. The app has confirmed a security incident involving a third-party vendor that allowed an unauthorized threat actor to access user contact information, including some customer names, email addresses, telephone numbers, and partial payment information for a subset of campus diners.

GrubHub’s response states, “The unauthorized party also

If you are a customer of CrowdStrike, you are working on recovering from the outage that occurred on July 19, 2024. As if that isn’t enough disruption, CrowdStrike is warning customers that threat actors are taking advantage of the situation by using fake websites and domains, sending phishing emails impersonating CrowdStrike, and offering malicious products

This week, the Federal Communications Commission (FCC) announced a settlement with TracFone Wireless to resolve investigations into whether TracFone failed to reasonably protect its customers’ information from unauthorized access in connection with three data breaches.

The breaches occurred between January 2021 and January 2023. Each of these data breaches involved the exploitation of application programming

On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of data privacy and security compliance requirements.

The AG’s investigation commenced following a November 24, 2021, successful phishing attack against Healthplex. The

Information governance and data retention have been important topics in the corporate world for years. As an executive, it’s crucial to ensure effective management, storage, and secure disposal of your company’s data. Having well-defined information governance and data retention policies helps maintain compliance with legal requirements and safeguards against data breaches and cyber-attacks. In this

We have published blog posts before on sharing genetic information and the risk associated with the disclosure of such sensitive information.

Unfortunately, our concerns have been realized. On Monday, October 9, 2023, 23andMe confirmed that its investigation into a data security incident involving customer profile information shared through its DNA Relatives feature “was compiled from

The information you provide to your tax preparer is as sensitive as it gets. The assumption is that the tax preparation company is only using your data to prepare your taxes. In an enforcement action against Beneficial Corp., the FTC alleged that the company was engaged in unfair and deceptive practices by “using information collected