Alan L. Friel and Gerald J. Ferguson of BakerHostetler provide their interpretation of recent rulings: Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute…
Category: U.S.
Ringleader of Saks ID theft scheme pleads guilty
Jonathan Stempel reports: The ringleader of a scheme in which four former Saks Fifth Avenue employees used stolen customer data to buy $430,000 of luxury goods from the retailer’s flagship Manhattan store, with plans to resell them on the black market, has pleaded guilty, prosecutors said. Tamara Williams, 38, of Queens, pleaded guilty to grand…
Uber settles NYS probes, agrees to pay $20K fine, adopt data security provisions
I’m not seeing any press release from NYS Attorney General Schneiderman’s office yet, but Kenneth Lovett of the NY Daily News reports that Uber has settled two probes stemming from both its “God View” privacy breach scandal and delayed notification of a breach involving drivers’ information. In addition to paying the $20,000 fine to settle both probes,…
Lack of Injury Dooms Michaels Breach Class Suit
From Bloomberg Law: Because the plaintiffs failed to demonstrate actual injuries, arts and crafts retail chain Michaels Stores Inc. Dec. 28 dodged a federal court putative class action over a data breach that compromised approximately 2.6 million payment cards. Dismissing the suit without prejudice, Judge Joanna Seybert of the U.S. District Court for the Eastern District of…
Henry Schein settles FTC charges it misled customers about encryption of patient data
It appears the FTC acted on a complaint I filed with them last year concerning Henry Schein Dental’s use of the word “encryption” in their marketing and their refusal to individually notify customers that the “encryption” provided by Dentrix G5 was not NIST-grade encryption that would give them Safe Harbor under HIPAA. Background on my concerns…
Southern New Hampshire U. still investigating database leak exposing over 140,000 records
Steve Ragan reports: Southern New Hampshire University (SNHU) says they’re still investigating how a database containing some student and class information was exposed to the public. The database was discovered by researcher Chris Vickery shortly before Christmas. Vickery turned to Salted Hash for assistance in resolving the matter, as previous attempts to contact the university…