Alyssa M. Sones of SheppardMullin writes about a data breach lawsuit with a somewhat different, albeit unsuccessful, approach. Sones explains: Fraser’s allegation that Mint had a role in helping the hacker gain control of his phone number sets this case apart from the typical data breach case….. Fraser alleges that Mint allowed Fraser’s number to…
Category: Commentaries and Analyses
Anonymous Social Media App Yik Yak Exposed Users’ Precise Locations
Lorenzo Franceschi-Bicchierai reports: The anonymous message board app Yik Yak is designed in a way that it is possible to get the precise location of a user’s post, and see users’ unique IDs, potentially allowing someone to dox and stalk users, according to a researcher. […] In April, David Teather, a computer science student, analyzed…
Hundreds of patient data breaches are left unpunished, reveals The BMJ
From The British Medical Journal: Hundreds of organizations including drug companies, NHS commissioners, and universities have breached patient data sharing agreements in the past seven years, reveals an investigation by The BMJ today. GlaxoSmithKline (GSK) and Imperial College London are among those that have carried out “high risk” breaches according to NHS Digital audits examined by investigative…
2022 DSIR Deeper Dive: Vendor Incidents
Stefanie Ferrari of BakerHostetler writes: Vendor-caused incidents continued to surge in 2021. Nearly 20 percent of the total incidents we handled last year were caused by vendors, with more than half requiring notification. As in prior years, vendor incidents involved phishing schemes and inadvertent disclosures but primarily resulted from ransomware attacks on the vendors’ systems….
France sees boom in personal data breaches in 2021
By Mathieu Pollet, translated by Daniel Eck: France has hit an all-time record in notifications of personal data breaches, up 79% from 2020, the latest report of the country’s data protection supervisor CNIL has found. EURACTIV France reports. Over the past year, CNIL received 5,037 notifications of personal data breaches – about 14 notifications per…
OCR: Current Fines Too Low to Spur Compliance; Agency Also Seeks Funding Boost, Injunctive Relief
Theresa Defino reports: Compared to other agencies, the HHS Office for Civil Rights (OCR) is a little fish in the big federal pond, but it has an outsize effect on HIPAA covered entities (CEs) and business associates (BAs). And, if Congress agrees, its impact would expand significantly in the coming months. As part of its…