Commentaries and Analyses – Page 873

Pain and Suffering in the Aftermath of a Breach

Posted on June 29, 2009 by Dissent

One of the obstacles to consumer class action lawsuits in response to data breaches has been that most individuals cannot demonstrate actual harm, where harm is defined by the courts in financial terms. As Judge D. Brock Hornby explained when he threw out most of the Hannaford Bros. lawsuit, Maine state law requires that there…

Coffman on the Heartland Lawsuits

Posted on June 29, 2009 by Dissent

Tom Field of BankInfoSecurity.com has an interesting interview with Richard Coffman, the Texas attorney who filed the first class action lawsuit against Heartland Payment Systems (HPY). Coffman represents banks and financial institutions suing HPY. One of the more intriguing aspects of the interview has to do with why Coffman thinks that banks and financial institutions…

Audit of US DOE on Incidents

Posted on June 26, 2009 by Dissent

Parts of the report were redacted, indicated by x’s below. Executive Summary: The Office of Inspector General (OIG) performed a review of the Department of Education’s (Department) external web sites. This audit was conducted in accordance with the Federal Information Security Management Act (FISMA) as enacted by Title III of the E-Government Act of 2002,…

Analysis of Savvis’ Motion to Dismiss Lawsuit

Posted on June 23, 2009 by Dissent

David Navetta has written a clear and helpful analysis of Savvis’ motion to dismiss Merrick Bank’s lawsuit against Savvis, arising out of the CardSystems Solutions breach.

EPIC Urges Comprehensive Strategy for ID Theft

Posted on June 18, 2009 by Dissent

From EPIC.org: With ID theft rapidly increasing in the United States, EPIC Executive Director Marc Rotenberg urged a Congressional Committee to address the root causes of the problem. In a testimony before the House Oversight Committee, Mr. Rotenberg said that the government typically acts only after the crime has occurred and warned that the problem…

Pointer: Commentaries on Merrick Bank v. Savvis

Posted on June 8, 2009 by Dissent

Last week, people started talking about a lawsuit first filed last year by Merrick Bank against Savvis Inc. The basis for the suit is that when Savvis audited CardSystems Solutions for compliance with the CISP security standards of the time, they gave them a clean bill of health. Merrick sued them after the breach, and…