Christina Lamoureux of Squire Patton Boggs writes: While many federal courts have weighed in on the issue of what suffices for Article III standing in the context of a data breach litigation, not all state courts have. Last week, the Superior Court of Delaware found that a group of plaintiffs who received a notice that their personal…
Month: January 2021
CA: Serious Prison Time for Hackers Behind Wolf & Associates Breach
Tyler Hayden reports: A pair of habitual offenders behind one of the biggest data breaches in Santa Barbara County history pleaded guilty last week to multiple felony counts that will send them to prison for a combined 33 years. San Diego residents Gordon Welterlen, 37, and Nicole Milan, 31, admitted to hacking a computer network…
Mensa Website Hacked After Britain’s Smartest Folk Failed To Secure Passwords
Barry Collins reports: British Mensa, the society for people with high IQs, failed to properly secure the passwords on its website, prompting a hack on its website that has resulted in the theft of members’ personal data. Eugene Hopkinson, a former director and technology officer at British Mensa, stood down this week, claiming that the…
Criminal, domestic violence case info exposed in court records leak
Lindsey O’Donnell reported this earlier this week. Be sure to read the update to it below: Cook County, Ill., home to Chicago, has left a database exposed since at least September that contained sensitive criminal and family-court records. A non-password protected database, belonging to a county in Illinois, exposed 323,000 court records for at least…
Ca: Premier Tech victim of a cyberattack
Translation of reporting by Samuel Gosselin Belanger: Premier Tech has been managing a real crisis for several days. The company confirmed, Friday morning, that the computer failure that has affected the company since Tuesday is in fact a cybersecurity incident. […] For the moment, the Rivière-du-Loup company refuses to say if a ransom has been…
FR: CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…