Kate O’Flaherty reports: UK supermarket Morrisons is facing a massive payout to staff after losing the first data leak class action in the UK. It comes after Andrew Skelton, a senior internal auditor at the retailer’s Bradford headquarters, leaked employee data online in 2014. Last year, a court ruled the firm was liable for his actions….
Category: Commentaries and Analyses
GSA Took 800 Days to Notify Some Data Breach Victims
Joseph Marks reports: It took the General Services Administration more than 800 days to notify a handful of people that it had accidentally exposed their personal information, according to an audit released Friday. In another case, the agency took six months just to determine that a data breach related to background investigation information had occurred,…
Super Micro trashes Bloomberg chip hack story in recent customer letter
Catalin Cimpanu reports: In a letter sent to customers last week, Super Micro Computer (dba Supermicro) has thrashed a Bloomberg article that claimed the company’s motherboards contained a secret chip inserted by the Chinese government for cyber-espionage purposes. “We are confident that a recent article, alleging a malicious hardware chip was implanted during the manufacturing…
Ca: AHS failed to protect health information, privacy commissioner finds
We had noted this breach on this site back in 2016, but here’s the follow-up. CBC reports: Alberta Health Services has come under fire from the province’s privacy commissioner for its role in the largest and longest-duration privacy breach AHS has ever experienced. The Office of the Information and Privacy Commissioner reported Wednesday that a former AHS…
ABA ethics opinion offers guidance on data breaches
Jason Tashea reports: Lawyers have to safeguard client data and notify clients of a data breach, and the ABA Standing Committee on Ethics and Professional Responsibility has issued a formal opinion that reaffirms that duty. In Formal Opinion 483, issued Tuesday, the standing committee also provided new guidance to help attorneys take reasonable steps to…
The 3 Biggest Data Security Takeaways From The 11th Circuit Decision In FTC v. LabMD
After providing some history the LabMD enforcement action by FTC, and the former’s appeal to the 11th Circuit, Tom Kulik of Scheef & Stone, LLP outlines what he considers the three biggest data security takeaways from the case. You can read his article on Above the Law.