Hunton Andrews Kurth writes: On August 14, 2024, the Committee on Foreign Investment in the United States (“CFIUS”) disclosed that it had assessed a $60 million penalty against T-Mobile US, Inc. (“T-Mobile”) in connection with unauthorized data access incidents following T-Mobile’s 2020 merger (the “Merger”) with Sprint Corporation (“Sprint”). CFIUS is a U.S. government interagency…
Category: Breach Laws
Senator Demands Answers About AT&T Data Breach from Company, Federal Agencies
Irvin Jackson reports: Following a massive AT&T data breach that resulted in the theft of tens of millions of customers’ phone and text messaging history, a U.S. Senator has sent a request for more information about how the breach occurred and when federal agencies learned about the problems, suggesting that cyberattack could represent a threat…
Ring, Ring, it’s the FCC Calling- TracFone to Pay $16M to Settle FCC Investigation
Liisa M. Thomas, Tracy Chau, and Kathryn Smith of SheppardMullin write: TracFone, the pre-paid phone company, recently settled with the FCC over allegations that the company failed to protect customer information during three different data incidents. According to the FCC, in each of the incidents, threat actors gained access to customer information, including names, addresses, and features…
Why Did Change Health Lowball Its 1st Breach Report to Feds?
Marianne Kolbasuk McGee of HealthInfoSec poses a question about why Change Healthcare’s report to HHS indicated that 500 patients were affected when they already admitted that there were millions. Why use such a low placeholder instead of a higher number when it has been months since they discovered the breach and they must have some…
Malaysia introduces data breach notification system to combat scams
The Malaysian Reserve reports: Malaysia has introduced a Data Breach Notification system for immediate reporting and mitigation of data leaks to prevent citizens from becoming victims of scammers, Deputy Communications Minister Teo Nie Ching said. She said this notification must be submitted by data users who are experiencing personal data leakage incidents, including hacking threats….
Invasion of the Data Snatchers: B.C. Court of Appeal Clarifies Possible Scope of Privacy Claims Against Data Custodians in Data Breaches
Lyann Danielak, Joshua Hutchinson, and Robin Reinertson of Blake, Cassels & Graydon LLP write: On July 4, 2024, the B.C. Court of Appeal issued a duo of class action appeal decisions considering the potential scope of statutory and common law privacy claims against data custodians that fall victim to cyberattacks in data breach cases. In…