Michael Billok, Christopher Stevens, Clifford Tsan of Bond Schoeneck & King PLLC write: A bill currently pending before the New York State Assembly (A10475) would make a number of significant changes to New York’s data breach notification statute (General Business Law Section 899-aa) in the event that it is passed and signed into law. The…
Category: Of Note
LeakedSource uploads data set with 32,888,300 Twitter credentials
From LeakedSource: Twitter credentials are being traded in the tens of millions on the dark web. LeakedSource has obtained and added a copy of this data to its ever-growing searchable repository of leaked data. This data set was provided to us by a user who goes by the alias “[email protected]”, and has given us permission…
Morgan Stanley Fined Over Inadequate Security Tied to Galen Marsh Data Breach
Matt Robinson reports that Morgan Stanley has been fined $1 million by the U.S. Securities and Exchange Commission to settle allegations that it failed to protect customer data improperly taken by a former financial adviser, Galen Marsh. Marsh pleaded guilty in September, 2015 to making thousands of unauthorized searches on his employer’s system and to copying information on…
ERISA and Cybersecurity
Larry Goldstein of McGuireWoods LLP writes: Employee benefit plan data stored online may include participants’ names and Social Security numbers, account information and protected health information (PHI), all of which are inviting targets for hackers. Highly-publicized data breaches in recent years have called attention to the obligations of benefit plan administrators (typically the employers sponsoring…
Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches
A public service announcement from the FBI (Alert Number I-060116-PSA): The Internet Crime Complaint Center (IC3) continues to receive reports from individuals who have received extortion attempts via e-mail related to recent high-profile data thefts. The recipients are told that personal information, such as their name, phone number, address, credit card information, and other personal details,…
Danish Authorities Investigate OkCupid Incident
Joseph Cox reports the follow-up to a breach that I covered on PogoWasRight.org. The breach involved a Danish grad student dumping OkCupid users’ personal and sensitive info in a data set for “research” purposes, claiming it was “public” data. They had neither sought nor obtained consent to scrape the user database, and although they did not include…