Al Saikali of Shook Hardy & Bacon LLP writes about a key issue that has come up a number of times in discussing incident response and liability: One of the most significant questions in data security law is whether reports created by forensic firms investigating data breaches at the direction of counsel are protected from…
Category: Commentaries and Analyses
Substantial Risk of Harm in Data Breach Class Actions Ripe for Supreme Court Review
Jonathan Forman writes: Early in May, the U.S. Court of Appeals for the Second Circuit in Whalen v. Michaels Stores, Inc., No. 16-260 (L) (2d Cir. May 2, 2017), affirmed the dismissal of a data breach class action brought against Michaels Stores Inc. (Michaels) for failing to sufficiently allege an injury to support standing. This…
“Shoot the messenger:” NYC hospital and vendor threaten DataBreaches.net for reporting on their security failure
Vendor’s mistake potentially exposed “millions” of Bronx-Lebanon Hospital patients’ information; Hospital and vendor try to claim that iHealth Solutions was “hacked” by security researchers who uncovered the security problem; Hospital and vendor issue series of demands, threaten DataBreaches.net for reporting on incident; On May 3, Kromtech Security’s research team, conducting routine research, found that confidential and sensitive patient…
EPIC v. FBI: Agency Cyber Hack Notification Procedures Fall Short
Via EPIC.org: In Freedom of Information Act lawsuit EPIC v. FBI, EPIC has obtained the FBI notification procedures that would have applied to the Russian cyberattacks during the 2016 Presidential election. The documents obtained by EPIC establish that the FBI Cyber Division is to “notify and disseminate meaningful information to victims and the CND [Computer Network…
NZ: ‘Human error’ in MSD data breach
An employment investigation is underway at the Ministry of Social Development after a review into a blunder involving client information in a controversial information-sharing programme slated the ministry for its management of that programme. The review was into an April incident where one organisation accessed an organisation’s folder on a new IT system for social…
Report: Hackers ‘aligned’ with Vietnam government attacked international firms and media
Jon Russell reports: A hacker group “aligned with Vietnamese government interests” carried out attacks on corporate companies, journalists and overseas governments over the past three years, according to a report from cyber security firm FireEye. FireEye, which works with large companies to secure their assets from cyber threats, said it has tracked at least 10 separate attacks…