On April 18, DataBreaches reported that more details had emerged on the arrest of three men by Dutch police in January. The three were suspected of hacking and extorting victims in the Netherlands and elsewhere, obtaining and selling data online, and money laundering. A fourth person linked to the suspects known as “DataBox” had previously…
Category: Breach Laws
FTC Says Genetic Testing Company 1Health Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy
The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. As part of a proposed settlement with the…
SEC Delays Cybersecurity Rules
Micaela McMurrough, Ashden Fein, Caleb Skeath, and Shayan Karbassi of Covington & Burling write: Earlier this week, the Securities and Exchange Commission (“SEC”) published an update to its rulemaking agenda indicating that it does not plan to approve two proposed cyber rules until at least October 2023 (the agenda’s timeframe is an estimate). The proposed…
High court sides with Medicaid fraudster in identity theft case
Alexandra Jones reports: The Supreme Court unanimously shot down the government’s broad reading of identity theft law Thursday in a decision that will shorten the prison sentence of an Austin psychologist who defrauded Medicaid. “While the Government represents that prosecutors will act responsibly in charging defendants under its sweeping reading, this Court ‘cannot construe a…
Bluefield University cyberattack affects employees, students, and some students’ parents (2)
Updated May 13: It appears that Bluefield U. has not warned students that the university’s system is still compromised and that the threat actor can see and acquire files. Yesterday, a student that DataBreaches will not name submitted a Virginia Tuition Assistance Grant application with his full Social Security number, date of birth, and other…
How the Federal Tort Claims Act Extricates Certain Health Care Providers From Data Breach Class Action Suits
John Cleary and Shundra Crumpton Manning of Polsinelli write: Data breach class action litigation continues to occupy center stage in the ongoing struggle to secure compensation and redress for legitimate victims of actionable cybersecurity shortcomings of data owners. The underlying scenarios in these cases encompass criminal hacking episodes, rogue employees, carelessness and unforeseen material gaps…