H. Deen Kaplan, Harriet Pearson, Timothy Tobin, and Stephanie Handler write: On November 9, 2015, Anthony Albanese, Acting Superintendent of the New York State Department of Financial Services (NYDFS), issued a letter to a wide array of federal and state financial services regulators that are part of the Financial and Banking Information Infrastructure Committee (FBIIC)….
Category: Of Note
Starwood Hotels & Resorts reports payment card information breach at 54 properties
Austen Hufford reports: A data breach at Starwood Hotels & Resorts Worldwide Inc. exposed payment card information for some of its North American hotels, the latest cybersecurity incident to sting a U.S. company. Read more on WSJ. A list of the 54 properties affected and the dates of compromise are provided here (pdf). In some…
FTC v. LabMD ruling issued: FTC loses data security enforcement case (Update2)
In a data security enforcement action that some have characterized as a modern version of David vs. Goliath, David won today, and the FTC lost. It was an enforcement action that the FTC never should have commenced, as I’ve argued repeatedly, and today’s loss may actually make future enforcement actions more difficult for them as the standard for demonstrating…
FBI alerts Owensboro Health to Breach at Muhlenberg Hospital; Breach Began in January, 2012
The breach in question may have begun in January, 2012, years before OH Muhlenberg acquired Muhlenberg Community Hospital, but it potentially impacted all patients, all payment guarantors, employees and some credentialed providers after that date and before OH Muhlenberg learned of the breach and contained it. This incident does not yet appear on HHS’s public…
OPM’s $20M contract for ID theft protection violated federal rules
Can OPM do anything right? In this week’s installment of their totally infuriating breach and breach response saga, it appears that they didn’t follow proper procedures in awarding a contract for ID theft monitoring services for breach victims. Jack Moore reports: The inspector general of the Office of Personnel Management says a $20 million sole-source…
Massive Hack of 70 Million Prisoner Phone Calls Indicates Violations of Attorney-Client Privilege
Jordan Smith and Micah Lee report: An enormous cache of phone records obtained by The Intercept reveals a major breach of security at Securus Technologies, a leading provider of phone services inside the nation’s prisons and jails. The materials — leaked via SecureDrop by an anonymous hacker who believes that Securus is violating the constitutional rights of inmates — comprise over…