Business Sector – Page 1054

Does a presidential executive order on cybersecurity get a hotel chain off the FTC hook for its breaches?

Posted on March 14, 2013 by Dissent

I occasionally check the docket for FTC’s lawsuit against Wyndham over the multiple breaches they experienced. A story in my news reader today about how Ben Rothke of Wyndham Worldwide gave a talk on “The five habits of highly secure organizations” struck me as somewhat ironic, and I decided to see where the lawsuit stood. Of…

NC DHHS contractor’s missing drive held over 50,000 medical providers’ names, dates of birth, and Social Security numbers

Posted on March 9, 2013 by Dissent

Yesterday, the North Carolina Department of Health & Human Services (DHHS) disclosed that a flash drive with information on over 50,000 medical providers who are excluded from participating in federal healthcare programs had been misplaced or lost by its contractor, Computer Sciences Corporation (CSC). The provider information included names, addresses, dates of birth, and Social…

Genesco takes VISA to court over data breach (updated)

Posted on March 8, 2013 by Dissent

Back in January, there were reports that Genesco might sue card issuers over their response to the firm’s malware breach in 2010. Now dmarsteller reports that Genesco has, indeed, sued VISA. The lawsuit was filed Thursday in Nashville. dmarsteller explains: VISA later fined Fifth Third Bank and Wells Fargo $5,000 each and levied another $13.3…

LinkedIn Wins Dismissal of Privacy Lawsuit in California

Posted on March 5, 2013 by Dissent

Joel Rosenblatt reports: LinkedIn Corp. (LNKD), the biggest online professional-networking service, won dismissal of a lawsuit claiming it failed to follow industry standards and its own promises in encrypting user password information. The lawsuit, filed last year in federal court in San Jose, California, followed the company’s website being hacked and 6.5 million member passwords being posted…

Is Kively.com revealing user info?

Posted on February 23, 2013 by Dissent

On February 7, a site reader alerted me to a possible problem over on Kively.com: Look at the description directory – it reveals all the PII when there is some in the descriptor. After looking at the description directory, I found myself wondering about whether some of the entries were, in fact, disclosing some PII. Instead…

Follow-up: Former law firm employee sentenced to 13 years in prison for role in ID theft/tax refund fraud ring

Posted on February 22, 2013 by Dissent

Jay Weaver provides an update with additional details on a breach involving Rodney St. Fleur, an employee of a Miami law firm who misused his access to LexisNexis database searches to steal over 20,000 individuals’ information for a tax refund fraud scheme. Weaver reports that in court, St. Fleur admitted that he had stolen the…