Jonathan Stempel reports: A federal judge on Tuesday rejected Target Corp’s bid to dismiss a lawsuit by banks seeking to recoup money they spent reimbursing fraudulent charges and issuing new credit and debit cards because of the retailer’s late 2013 data breach. U.S. District Judge Paul Magnuson in St. Paul, Minnesota said Target played a…
Category: Of Note
Sony Breach May Have Exposed Employee Healthcare, Salary Data
Brian Krebs reports: The recent hacker break-in at Sony Pictures Entertainment appears to have involved the theft of far more than unreleased motion pictures: According to multiple sources, the intruders also stole more than 25 gigabytes of sensitive data on tens of thousands of Sony employees, including Social Security numbers, medical and salary information. Several files being…
German Constitutional Court Rejects the Extradition of “World’s #2 Hacker” to US
Germany’s top court won’t agree to extradite an alleged hacker to the U.S. until it is assured the hacker won’t face a “disproportionate” sentence, if convicted. The Associated Press reports that the Federal Constitutional Court overturned a lower court’s approval of Ercan Findikoglu’s extradition: It said Frankfurt’s regional court needs to obtain assurances from U.S. authorities that…
Report: FIN4 Hacker Group Targets Pharma Execs For Insider Edge On Stock Market
Angelo Young reports: A group of financially savvy computer hackers has been stealing data from more than 100 organizations, mainly targeting publicly traded health care, pharmaceutical and biotechnology companies, to gain insider knowledge and game the stock market. The news underscores the vulnerabilities of corporate computer networks and the many ways that cybercriminals use low-tech “social…
Italy: Garante introduces ‘progressive’ mandatory breach notification
DataGuidance reports: The Italian Data Protection Authority (Garante) issued, on 26 November 2014, its general resolution on biometrics (‘the Resolution’), which includes a new 24-hour data breach notification obligation. The requirement was introduced a means of balancing the new simplified rules on authorisation for use of biometrics which will no longer require the Garante’s prior…
Data Security Auditor May be Drawn Into Data Breach Class Action for Failing to Identify Vulnerabilities
DrinkerBiddle reports a development in Storm v. Paytime, Inc., No. 14-cv-01138-JEJ (M.D. Pa.): In August, Paytime, Inc., a payroll services company, moved to dismiss a putative class action filed in the wake of a data breach in which the personal and financial information of more than 230,000 people was compromised. Paytime argued that the plaintiffs lack standing, have failed to plead…