From a summary of Rhode Island’s data breach notification law, as summarized by PerkinsCoie: Notification Obligation. Any Entity to which the statute applies shall provide notification of (i) any disclosure of PI or (ii) any breach of the security of the system, that poses a significant risk of identity theft to any resident of RI whose unencrypted PI…
Category: Business Sector
Hacked? Ticketmaster’s terrible, horrible, no good, very bad week just got worse
On May 23, the U.S. Department of Justice, joined by 29 state attorneys general and the District of Columbia, sued Live Nation Entertainment and its wholly-owned subsidiary, Ticketmaster, for violating the Sherman Antitrust Act. In his prepared remarks, Attorney General Garland said In recent years, Live Nation-Ticketmaster’s exorbitant fees and technological failures have been criticized…
Optus fails to keep report into cyber attack out of class action
It has not happened often, but now another court has held that a breached entity cannot protect an investigation into a breach by declaring it legally privileged. Naomi Neilson reports: The Australian Federal Court has ruled that Optus will not be able to keep a report it commissioned from professional services firm Deloitte regarding its…
Sg: Software firm fined $74k for data breach caused by weak password; half a million users affected
Ang Qing reports from Singapore: A company running online language lessons for children around the world used a password based on its website name, LingoAce, making it vulnerable to the data breach that resulted. More than half a million users were affected. Among personal data compromised were the cellphone numbers, bank account numbers, signatures and…
Spyware found on US hotel check-in computers
Zack Whittaker reports: A consumer-grade spyware app has been found running on the check-in systems of at least three Wyndham hotels across the United States, TechCrunch has learned. The app, called pcTattletale, stealthily and continually captured screenshots of the hotel booking systems, which contained guest details and customer information. Thanks to a security flaw in…
UK NCSC and Insurance Associations Publish Guidance on the Approach to Ransom Payments
Financial and insurance organizations have been under increasing attack by Scattered Spider. Now there is more guidance for entities. Hunton Andrews Kurth notes: On May 14, 2024, the UK National Cyber Security Centre (“NCSC”) and three major UK insurance associations (Association of British Insurers (“ABI”), British Insurance Brokers’ Association (“BIBA”) and International Underwriting Association (“IUA”)),…