We (and others) often comment on the Federal Trade Commission’s (FTC) increased enforcement activity of data security issues, particularly with the Wyndham and LabMD cases, and the fact that it is enforcing data security...more
7/10/2015
/ C-Suite Executives ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC v Wyndham ,
Hackers ,
Information Technology ,
LabMD ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Wyndham
Trump Hotel Collection, the luxury hotel brand owned and operated by Republican candidate for President Donald Trump, announced this week that it is investigating a credit card breach affecting its properties. It has been...more
The Office of Personnel Management (OPM) was sued this week in the D.C. federal court by its workers’ union the American Federation of Government Employees (AFGE). Significantly, the suit named OPM Director Katherine...more
On June 26, 2015, Rhode Island Governor Gina Raimondo signed Senate Bill S0134, the Rhode Island Identity Theft Protection Act of 2015, which substantially revises the old law, including breach notification.
Specifically,...more
We know it’s hard to keep track of passwords. A good security practice is to use different and complex passwords across different platforms, but it is so hard to keep track of all of them. That’s why password management...more
St. Louis Cardinals owner Bill DeWitt, Jr. threw staff members under the bus following the breaking story last week that the Cardinals have been hacking into the Astros’ database for up to three years. According to DeWitt, a...more
Wednesday, Connecticut Governor Dannel Malloy signed Special Act No. 15-13, effective immediately, which requires the Connecticut Department of Administrative Services, in consultation with the Department of Emergency...more
When we train employees on HIPAA, we always remind them that HIPAA violations carry significant penalties-both civil and criminal. Our favorite line is “Keep your day job.” Stealing patient information is never worth the...more
Adobe Systems, Inc. has agreed to settle the proposed class action lawsuit filed against it following the breach of its system in 2013. The breach compromised personal and payment card data of millions of its customers. There...more
Electronic health record (EHR) vendor Medical Informatics Engineering and its subsidiary, NoMoreClipBoard, which is a personal health record (PHR) product, notified its EHR clients and PHR individuals that it has been the...more
Employees are reasonable in assuming that their employer is protecting their personal information from compromise. The obvious way to do that is to maintain appropriate encryption technology. Simply put: encryption,...more
Last week, LinkedIn agreed to pay $13 million and change some of the site’s features to settle a class action lawsuit filed against it in 2013 alleging that it used the Add Connections feature to access users’ email contacts...more
Heartland Payment Systems suffered one of the largest breaches in history in 2008, when over 100 million credit and debit cards issued by hundreds of financial service companies were stolen from their payroll payment...more
The New York Department of Financial Services (NYDFS) made history last summer when it proposed Bitcoin regulations (reportedly the first in the nation) including the requirement that financial firms handling virtual...more
We previously reported on the new telemedicine regulations adopted by the Texas Medical Board (Board), which requires that patients be seen face-to-face or in person to establish a physician-patient relationship in order to...more
Sally Beauty Holdings, Inc. (Sally) confirmed that it has suffered a second data breach in the last year. On March 14, 2014, KrebsOnSecurity reported that credit cards stolen from Sally had gone up for sale on an Internet...more
The Supreme Court of the United States of America (SCOTUS) ruled on June 1, 2015, that violent Facebook posts of a husband about killing his wife with a mortar launcher and blowing up FBI agents cannot be considered...more
We previously reported on the efforts of Target to settle claims made by MasterCard and its issuers as a result of the infamous Target data breach. In order for the settlement of $19 million to reimburse banks and credit...more
Yesterday, Oregon Governor Kate Brown signed into law a new social media law in Oregon, the first in the nation, that limits employers from requiring employees to have social media accounts for employment, and to require...more
We have commented before that many consumers do not know or understand the amount of data their motor vehicle has concerning their driving habits, including erratic driving, speed, whether the radio or Bluetooth is being used...more
LinkedIn has announced that it will acquire Lynda.com, a subscription online education service that offers hundreds of thousands of educational videos and over 6,000 online courses to its customers....more
The Financial Industry Regulatory Authority (FINRA) agreed to settle its enforcement action with Sterne Agee & Leach, Inc. (Sterne) this week for $225,000. The enforcement action followed the loss of an unencrypted laptop by...more
Nevada has amended its breach notification law, effective July 1, 2015, to include a medical or health insurance identification number and a user name, unique identifier, or e-mail address in combination with a password or...more
The Internal Revenue Service (IRS) released on Tuesday, May 26, 2015, news of a major data breach, estimated to have affected 100,000 U.S. households’ tax returns. The data was wrongfully obtained from an IRS application...more
On May 13, 2015, the American Hospital Association (AHA) issued “A Hospital Leadership Guide to Digital & Social Media Engagement.” The Guide is as hip as can be for the AHA, and provides easy to understand and practical tips...more