Tanya Forsheit and M. Scott Koller of BakerHostetler have a good write-up of the new provisions in California law and how the language of AB 1710 has led to some confusion as to whether California now requires breached entities to offer free credit monitoring protection for 12 months if certain types of personal information are…
Category: Of Note
UPDATE: JP Morgan reveals data breach affected 76 million households and 7 million small businesses
Olivia Levoy of USA Today reports: The cyberattack on JP Morgan Chase & Co. first announced in July comprised information from 76 million households and 7 million small businesses, the company revealed in a filing with the Securities and Exchange Commission Thursday. Contact information, including name, address, phone number and email address, as well as…
JPMorgan Discovers Further Cyber Security Issues (UPDATED)
UPDATED: JPMorgan Chase told CNBC it was not aware of a new cyber attack on its computer network, striking down the NY Times article cited below. Original post: Jessica Silver-Greenberg and Matthew Goldstein report: For the second time in roughly three months, JPMorgan Chase is scrambling to contain the fallout from a security breach of its vast computer network,…
An FBI informant led hacks against 30 countries—now we know which ones
Dell Cameron writes: A Federal Bureau of Investigation (FBI) informant targeted more than two dozen countries in a series of high-profile cyberattacks in 2012. The names of many of those countries have remained secret, under seal by a court order—until now. A cache of leaked IRC chat logs and other documents obtained by the Daily…
California Amends Data Breach Notification Law, Does Not Require Mandatory Offering of Credit Monitoring
Andrew Hoffman writes: California Governor Jerry Brown signed into law an amendment to California’s data breach notification law on Monday. Although at least one news outlet has reported that the law requires a company to offer credit monitoring services, this interpretation is misguided. Rather, the law only places restrictions on certain companies if they choose to offer identity theft prevention and…
California strengthens breach notification and mitigation requirements (update 1)
The wait is over. Governor Jerry Brown signed AB1710 into law yesterday. The law not only requires “reasonable security procedures and practices appropriate to the nature of the [personal] information” a business owns, licenses, or maintains, but it also requires identity theft protection and mitigation services under some conditions. If notification of a breach is required,…