In early August, “Flash Gordon” (@s7nsins on Twitter) contacted me to say that he discovered a leak involving the House of Representatives. In light of all the talk about Russia trying to hack our elections, I decided that we probably should notify the House right away in case there was any kind of sensitive files…
Category: Of Note
Another State Data Security Law: Ohio Gets in on the Action
Craig A. Newman of Patterson Belknap writes: Starting today, Ohio businesses with written cybersecurity programs will be looking for a free pass if they are sued under state law over a data breach. Ohio’s Data Protection Act (Senate Bill 220, Ohio Rev. Code § 1354.01, et seq.) goes into effect today, creating a safe harbor…
NJ Settles Charges Against Business Associate Responsible for Virtua Medical Patient Data Breach: Vendor Owner Pays $200,000 and is Barred From Owning or Managing Any Business in NJ Again
One question that occasionally pops up is how often businesses go out of business after or due to a data breach. My answer to that is “not often,” but we do it occasionally. In some cases, the breach may just have been a final straw for an already shaky business. Yesterday, during a webinar with…
Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches
Hunton writes: Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers (“SSNs”) to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs. The amendment was passed as part of…
Private messages from 81,000 hacked Facebook accounts for sale
Andrei Zakharov reports: Hackers appear to have compromised and published private messages from at least 81,000 Facebook users’ accounts. The perpetrators told the BBC Russian Service that they had details from a total of 120 million accounts, which they were attempting to sell, although there are reasons to be sceptical about that figure. Facebook said…
Virginia Hospital Must Answer for Snooping Employees’ Privacy Breach
From Bloomberg Law: A Virginia health-care system will have to answer claims that it is liable for its employees’ snooping into a patient’s confidential health information. A Virginia trial court shouldn’t have dismissed Lindsey Parker’s complaint alleging Carilion Healthcare Corp. and Carilion Clinic should be held liable for their employees’ wrongdoing, the Virginia Supreme Court…