The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. As part of a proposed settlement with the…
Category: Breach Laws
SEC Delays Cybersecurity Rules
Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write: Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed…
High court sides with Medicaid fraudster in identity theft case
Alexandra Jones reports: The Supreme Court unanimously shot down the government’s broad reading of identity theft law Thursday in a decision that will shorten the prison sentence of an Austin psychologist who defrauded Medicaid. “While the Government represents that prosecutors will act responsibly in charging defendants under its sweeping reading, this Court ‘cannot construe a…
Bluefield University cyberattack affects employees, students, and some students’ parents (2)
Updated May 13: It appears that Bluefield U. has not warned students that the university’s system is still compromised and that the threat actor can see and acquire files. Yesterday, a student that DataBreaches will not name submitted a Virginia Tuition Assistance Grant application with his full Social Security number, date of birth, and other…
How the Federal Tort Claims Act Extricates Certain Health Care Providers From Data Breach Class Action Suits
John Cleary and Shundra Crumpton Manning of Polsinelli write: Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps…
Push to ban ransomware payments following Australia’s biggest cyberattack
Luke Huigsloot reports: The Australian government is being pushed to ban the payment of cyber ransoms, usually demanded in cryptocurrency, following a local business suffering a mass data breach and subsequent ransom demand. […] The Australian government’s lead cybersecurity agency, the Australian Cyber Security Centre (ACSC), currently recommends that victims of ransomware attacks never pay…