Hunton Andrews Kurth writes: On April 15, 2019, the Greek Data Protection Authority (“DPA”) fined Hellenic Petroleum S.A. EUR 20,000 for unlawful processing of personal data and EUR 10,000 for failing to adopt appropriate data security measures. Hellenic Petroleum S.A. had engaged a vendor to conduct a study on its behalf. The study was exposed…
Category: Of Note
KY: Scott County Schools victim of $3.7 million scam
WKYT reports: Scott County Schools has announced the district is a victim of a multi-million dollar online scam. The FBI is now investigating after Superintendent Dr. Kevin Hub said an undisclosed vendor told the district it never was paid for an invoice from two weeks ago. As the district investigated, it learned it fell victim…
i-Dressup and a data security mess-up
Lesley Fair of the FTC writes: Kids love to play dress-up, but parents wouldn’t want them rummaging through the attic or climbing to the top shelf of the wardrobe without permission and proper supervision. The i-Dressup.com website offered users – including children – a virtual way to play dress-up and design clothes without those potential…
MA: Medical billing service notifies patients of ransomware incident
Massachusetts-headquartered Doctors’ Management Service, Inc. provides medical billing services to physicians and hospitals. You may never have heard of them, but your hospital or physician might have provided them with your protected health information if your doctor or hospital contracts with them. This week, DMS sent notice of what they strangely describe as a “recent…
Marcus Hutchins’ plea leaves unsettled whether writing certain types of code is illegal – Ekeland
In May, 2017, a young man from the U.K. became known as an “accidental hero” for saving the world from the further spread of WannaCry ransomware. But months later, this same hero, Marcus Hutchins, known online as @MalwareTech, was arrested in the U.S. as he tried to fly home after attending the Black Hat and…
Washington AG Ferguson bill strengthening data breach laws passes Legislature
From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND …