More on Genesco’s lawsuit over Visa’s fines following a data breach: Jeffrey Benzing reports that Genesco is arguing that Visa’s own internal documents show that they view breach fines as penalties and not compensatory. Genesco argues that the fines are therefore unenforceable under California law. Read more about their legal argument on Main Justice. Previous…
Category: Commentaries and Analyses
Opening The Flood Gates? California Voters May Create Presumption Of Harm In Privacy Breach Cases
Julian D. Perlman of BakerHostetler writes: California has moved one step closer towards amending its Constitution to create a presumption of harm whenever personal data is shared without a consumer’s express opt-in, a change that would clear a significant hurdle to many privacy breach lawsuits. On Thursday, California Secretary of State Debra Bowen approved steps…
International Data Breach Laws Are All Over The Map
Ben DiPietro reports: Laws on sharing and disclosure of data and personal information differ widely among countries, greatly complicating the compliance challenges of companies operating internationally. Read more on Wall Street Journal. As DiPietro reports, different laws also differentially impact – and may impede – forensic analysis of breaches.
Data Broker Giants Hacked by ID Theft Service
Brian Krebs has a must-read investigative piece about how ssndob.ms – an underground marketplace selling oodles of usable personal information (some of which we saw earlier this year on exposed.su) – gained access to major U.S. consumer and business data aggregators to obtain some of the data they were selling. LexisNexis, Dun & Bradstreet, Kroll…
Breach notifications: what really happened vs. what they tell us
I’ve often pointed out how breach notification letters to those affected may omit details that consumers might want to know but breached entities probably prefer we not know. I came across another example today. Let’s start with what happened, as described by attorneys for Vector Security to the Maryland Attorney General’s Office. Vector Security provides…
Kierkegaard & Perry Labs report hack through a “known bug” in their platform
I think it would be fair to say that Kierkegaard & Perry Labs, Inc’s breach notification to Maryland in July impressed me somewhat unfavorably. KPL was reporting a hack that had compromised some customers’ names, addresses, and credit card numbers with expiration dates and CVV codes. Their investigation revealed that 8 customers’ information was acquired (not…