Katherine Gasztonyi reports: Today, the U.S. Court of Appeals for the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp.The court focused on several themes: First, whether Congress has entrusted the FTC to define new unfair practices, whether the FTC has declared that unreasonable cybersecurity practices are unfair, and whether the FTC is asking the…
Category: Of Note
The Daily Mail did what U.S. media didn’t do: FOI the U.S. Education Department for Insider Breaches
From the good-for-them dept.: The Daily Mail in the U.K. filed a Freedom of Information request with the U.S. Education Department and obtained over 100 pages of responsive documents to their request for records relating to employee misuse of department computers. They have made the entire file available on their site. Note that this is…
Ca: Rogers hacked by TeamHans, customer contracts and sensitive corporate e-mails dumped
Hackers calling themselves TeamHans have hacked the giant Canadian communications and media firm, Rogers, and dumped a lot of corporate proprietary data to prove it. According to the hackers, who announced the hack on Twitter where they tweet as @TeamHans_, the dump includes: Contracts with corporate customers Sensitive corporate e-mails Sensitive documents regarding Rogers (corporate…
FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers
Kieren McCarthy reports: Uber has subpoenaed GitHub to unmask netizens suspected of hacking its database of taxi drivers. The ride-booking app maker is trying to force GitHub [PDF] to hand over the IP addresses of anyone who visited a particular gist post between March and September last year. That gist is believed to have contained a login…
Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor
Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…