A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
As of January 1, 2020, California will become the first state to permit residents whose personal information is exposed in a data breach to seek statutory damages between $100-$750 per incident, even in the absence of any...more
Many readers have reached out to learn about the Capital One data breach and how it affects us. If you haven’t been watching the story unfold as closely as I have, here is a summary of what happened, what information was...more
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Please see full Publication blow...more
Part of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (which amended the Fair Credit Reporting Act) included a provision requiring credit reporting agencies (CRAs) to provide free electronic credit...more
As of April 11, 2019, Massachusetts will require organizations suffering a data breach that involves a resident’s social security number to provide credit monitoring services (CM Services) at no cost to the resident. If the...more
There is a little-known provision from a new federal law that will most likely impact your hiring practices and your standard hiring documents—and it kicked in last Friday. As of September 21, all employers must update their...more
The Federal Trade Commission has announced that, beginning today, consumers concerned about identity theft or data breaches can place credit freezes and one year fraud alerts with the three nationwide credit bureaus for free....more
Organizations are not generally required to offer services to consumers whose information was involved in a breach. Nonetheless, many organizations choose to offer credit reports (i.e., a list of the open credit accounts...more
In an age where data is widely available and almost everything is stored online, data breaches are becoming more common, and the outcomes of cases involving data breaches are unpredictable. Data involved in a breach can range...more
Phishing. Spoofing. - These words may sound silly, but for employers, they are anything but. Phishing is the attempt to obtain sensitive electronic information—such as usernames, passwords, or financial...more
A bi-partisan privacy and data security bill, which will significantly impact companies with North Carolina employees, is in the works. North Carolina State Representative Jason Saine (R), Appropriations Chairman of...more
Citing to estimates in 2017 “more than 5.3 million North Carolinians were … affected by a data breach,” Attorney General Josh Stein and Rep. Jason Saine announced on January 8 proposed legislation aimed at protecting state...more
On December 1, PayPal disclosed that an ongoing investigation into identify security vulnerabilities identified a data breach that may have compromised personally identifiable information for roughly 1.6 million customers at...more
An Assistant Illinois Attorney General, in a letter sent to Experian’s CEO on behalf of the Illinois AG and the AGs of 35 other states and the District of Columbia, has asked Experian not to charge any credit freeze-related...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
In light of recent high-profile breaches of highly sensitive data, this is a good time to remind individuals of how to protect their identity and credit information....more
The best way for a company to handle a data breach is to be prepared. As we discuss in our data breach readiness handbook, preparation includes, among other things, drafting an incident response plan, reviewing...more
In an April 13, 2017 decision in Walters v. Kimpton Hotel, a California federal judge rejected the bid of hotel chain Kimpton Hotel and Restaurant Group, LLC to dismiss a proposed class action arising from a data breach last...more
Organizations are not, generally, required to offer services to consumers whose information was involved in a breach. Nonetheless, many organizations choose to offer credit reports (i.e., a list of the open credit accounts...more
We’ve all gotten them–the dreaded letter that informs us that our data has been compromised, including our Social Security number. Some have received so many of these “notifications” that they are de-sensitized, throw their...more
On appeal to the Seventh Circuit, a three-judge panel opinion written by Chief Judge Woods reversed the lower court. Remijas v. Neiman Marcus Group, LLC, No. 14-3122, 2015 WL 4394814, at *3 (7th Cir. July 20, 2015). The panel...more
The Office of Personnel Management (OPM) and the Defense Department announced this week that a Portland, OR based vendor has been selected to assist with breach notification and credit assistance for the almost 22 million...more
This Is The End? - Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more