Kieren McCarthy reports: Uber has subpoenaed GitHub to unmask netizens suspected of hacking its database of taxi drivers. The ride-booking app maker is trying to force GitHub [PDF] to hand over the IP addresses of anyone who visited a particular gist post between March and September last year. That gist is believed to have contained a login…
Category: Of Note
Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor
Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…
Wyndham: Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are ‘Unfair’
Katherine Gasztonyi writes: On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether unreasonable cybersecurity practices…
Does Clapper Silence Data Breach Litigation? A Two-Year Retrospective
Andrew Hoffman writes: This February 26, 2015, marks the two-year anniversary of the U.S. Supreme Court’s decision in Clapper v. Amnesty International USA,[1] which required plaintiffs to allege that a threatened injury is “certainly impending” in order to constitute an injury-in-fact sufficient to convey Article III standing. In this time, federal district courts in at least twelve data…
Target Says Credit Card Data Breach Cost It $162M In 2013-14
Ingrid Lunden reports: When it comes to data breaches, retailers are one of the biggest targets these days, and today we have some detail on the costs around one of the more high-profile attacks. Target today said that it has booked $162 million in expenses across 2013 and 2014 related to its data breach, in which hackers…