David Navetta writes: Security breaches in the online banking world continue to yield interesting lawsuits (you can read about three others in this post). The latest online banking lawsuit filed by Experi-Metal Inc. (“EMI”) against Comerica (the “EMI Lawsuit”) provides some new wrinkles that could further illuminate the boundaries of “reasonable security” under the law….
Category: Commentaries and Analyses
Nl: Student info often leaked
Karin Spaink provides an English summary of a news story on education sector breaches in the Netherlands: The teachers union (Algemene Onderwijsbond) researched how often student information is accessible via Google. They found quite a lot: list of home addresses, student reports, progress reports, assessment reports. The union notified all the universities, faculties and training…
The Cost Of A Breach, Heartland Style: At Least $129 Million; Might Be $229 Million
Evan Schuman comments: In its latest financial report, Heartland Payment Systems reported that it dropped $129 million on data breach costs last year (an incident that briefly placed Heartland on Visa’s Bad Breach Boy list). The company added that it still has a reserve of $100 million for additional expenses. As a processor, Heartland’s pain…
HHS starts to reveal healthcare breaches reported to government
When HITECH was passed as part of the stimulus bill, it introduced new data breach notification requirements, including a requirement that breaches of unsecured personal health information held by covered entities or their business associates affecting more than 500 individuals be reported to the U.S. Department of Health & Human Services. The requirement was somewhat…
Customer Vs. Bank: Who is Liable for Fraud Losses?
Linda McGlasson writes: At first this court case was a curiosity: Experi-Metal Inc. (EMI), a Michigan-based metal supply company, sued Comerica Bank, claiming that the bank exposed its customers to phishing attacks. But now this story shapes up as a significant test case for the banking industry, raising several key questions that must be answered…
Employee Misuse of Computer Access Ruled Not a Crime
Mary Pat Gallagher reports: Using a password-accessed workplace computer in violation of company rules or policies may get you disciplined, but it’s not enough to be prosecuted in New Jersey, says a Mercer County judge in a published case of first impression. Superior Court Judge Mitchel Ostrer threw out an indictment against Princeton Borough police…