Data Breach

News & Analysis as of

With OpenSSL Compromised by Heartbleed, an Opportunity for Companies to Diversify Cyber Security Efforts

The recent discovery of the “Heartbleed” online bug has sent shockwaves through the internet, causing companies and individuals alike to question very basic assumptions about cyber security. The bug has allegedly existed for...more

Take Action to Stop the Bleeding: Follow These Steps

“Heartbleed” has been all over the news, and companies have been scrambling to respond. What sounds like a nasty medical condition is actually a recently discovered flaw in popular encryption software called OpenSSL. It has...more

FTC Data Security Authority Confirmed, For Now: Wyndham’s Motion to Dismiss Denied

The FTC’s Claim - A New Jersey federal judge has confirmed the Federal Trade Commission’s (“FTC”) authority to regulate data security and bring claims against companies suffering data breaches due to inadequate...more

Will Heartbleed Affect Data Breach Insurance Coverage?

Although it is a widespread exploit that has been undetected for two years, whether or not a CGL policy covers data breaches allowed by Heartbleed should turn, simply, on whether the policy covers data breach at all...more

Heartbleed Bug Creates Risk for Businesses and Consumers

On April 8, 2014, several news agencies, including the New York Times and CNN, reported the discovery of a vulnerability in a core security protocol used by an estimated two-thirds of the world’s servers. The vulnerability...more

Kentucky Enacts Data Breach Notification Statute

On April 10, 2014, Kentucky Governor Steve Beshear signed H.B. 232 into law, making Kentucky the 47th state to enact data breach notification legislation. Prior to H.B. 232, Kentucky was one of only four states—including...more

Aggressive Liability Theory Does Not Eliminate Obstacles To Banks’ Claims In Target Data Breach Class Action

The latest salvo in the Target data breach litigation is a class action brought by credit card issuing banks advancing a creative and somewhat misleading construction of the Minnesota’s Plastic Card Security Act. The banks...more

“Heartbleed” Bug – Antibiotics Won’t Help, Changing Passwords Might

After recovering from high-profile data breaches at Target and Neiman Marcus, signing up for free credit monitoring and analyzing our credit reports, a new Internet villain recently emerged: the “Heartbleed Bug.” The...more

Bitter C-Suite: Privacy, Security and Data Protection Issues Facing Corporations, Directors and Officers [Video]

With data breaches, cyberterrorism and governmental enforcement of the protection of privacy on the rise, corporations are facing an increased likelihood of claims, legal proceedings and costs. Without a proper understanding...more

Heartbleed - A Picture Is Worth A Thousand Words

We mentioned in our prior post the potential legal issues that The Heartbleed Bug will create from the standpoint of data breach and safe harbor, especially given the prospect of compromised keys. A number of people, however,...more

Heartbleed SSL/TLS Vulnerability

"SSL" and "TLS" refer to the transport protocols that are used widely across the web to secure communications between end users and servers. Websites, web applications, online services, portals, and even some virtual private...more

Many Lessons for Companies to Learn After the Target Data Breach

The red bull’s-eye. Even shoppers that don’t frequent Target know the retailer’s ubiquitous logo. But what many holiday shoppers — both loyal Target customers and casual visitors to the trendy discount store — didn’t...more

The Heartbleed Lesson for All Companies? Manage the Risk...

Threats to data privacy are not going away, but establishing appropriate security measures up-front, performing regular stress-tests on a security system, putting in place procedures to address a data breach and implementing...more

Agencies Issue Denial of Service Guidance and Guidance on ATMs

On April 3, the members of the Federal Financial Institutions Examination Council (FFIEC), including the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union...more

First Glance: Legal Implications of the Heartbleed OpenSSL Bug?

The vulnerability caused by the Heartbleed bug circumvents the purpose of OpenSSL: encryption. Therefore, the conclusion would appear to be that any data breach during the time of OpenSSL vulnerability would be reportable...more

Canada’s Digital Privacy Rethink: Fines, Enforceable Compliance Agreements And More!

On April 8, 2014, Canada’s government introduced Bill S-4, the Digital Privacy Act, in the Senate. Bill S-4 is the federal government’s latest attempt to reform the federal Personal Information Protection and Electronic...more

Banks Withdraw Lawsuits Against Target and Trustwave

UPDATE to our story yesterday: In what apparently is a big “oops,” two banks that took legal action against Target over its recent data breach have withdrawn their claims. The suits were withdrawn due to an erroneous...more

BYOD for 501(c)s: Pros and Perils of "Bring Your Own Device"

In this presentation: - Current Issues - Overview of BYOD Policies - Integrating BYOD in Your Workforce - Lessons from the Front Lines - Putting It All Together - Takeaways and...more

SEC Roundtable Discusses Cybersecurity Threats and Protections Against Cyberattacks

On March 26, the Securities and Exchange Commission hosted a roundtable discussion on various cybersecurity topics. Participants at the roundtable included representatives from the federal government, self-regulatory...more

Law Firms Are Prime Information-Security Targets

Law firms do not hold special immunity from the threat of cybercriminals. In fact, law firms should be extra vigilant, considering the breadth of sensitive client information they often possess regarding corporate...more

You're Not Immune: Hackers Target Health Care Providers Of All Shapes & Sizes

For health care providers, exposure to cyberattacks is becoming a stark reality. Findings in a recently released Health Care Cyberthreat Report by cybersecurity leaders confirmed the health care industry's vulnerabilities for...more

Security Rule Compliance: The Importance of Performing Regular Risk Analyses

It is likely that you are familiar with the HIPAA Security Rule’s mandate that covered entities and business associates document the decision making process that led to the selection of their means to achieve security for...more

Eye on Privacy Newsletter - March 2014

In this issue: - Kaiser Foundation Health Plan Settles California Attorney General Charges over Delayed Data Breach Notification - Status of the EU Regulation and the Safe Harbor Framework - FTC Steps...more

HHS's New Security Risk Tool for HIPAA Compliance

On March 28, 2014, the HHS Office of the National Coordinator for Health Information Technology (ONC), in conjunction with the HHS Office for Civil Rights (OCR), released a Security Risk Assessment tool (SRA tool) to assist...more

Privacy Monday – March 31, 2014 OPENING DAY!

Last Monday in March (Opening Day for you baseball fans) - some privacy/security bits and bytes to close out the month....more

510 Results
|
View per page
Page: of 21