Hackers calling themselves TeamHans have hacked the giant Canadian communications and media firm, Rogers, and dumped a lot of corporate proprietary data to prove it. According to the hackers, who announced the hack on Twitter where they tweet as @TeamHans_, the dump includes: Contracts with corporate customers Sensitive corporate e-mails Sensitive documents regarding Rogers (corporate…
Category: Of Note
FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers
Kieren McCarthy reports: Uber has subpoenaed GitHub to unmask netizens suspected of hacking its database of taxi drivers. The ride-booking app maker is trying to force GitHub [PDF] to hand over the IP addresses of anyone who visited a particular gist post between March and September last year. That gist is believed to have contained a login…
Two Wyoming Bills Amending the State’s Breach Notification Statute Are Headed to the Governor
Hunton & Williams write: On February 23, 2015, the Wyoming Senate approved a bill (S.F.36) that adds several data elements to the definition of “personal identifying information” in the state’s data breach notification statute. The amended definition will expand Wyoming’s breach notification law to cover certain online account access credentials, unique biometric data, health insurance information, medical…
States Respond to Recent Breaches with Encryption Legislation
Scott Weinstein of McDermott Will & Emery writes: In the wake of recent breaches of personally identifiable information (PII) suffered by health insurance companies located in their states, the New Jersey Legislature passed, and the Connecticut General Assembly will consider legislation that requires health insurance companies offering health benefits within these states to encrypt certain types of PII, including social…
Wyndham: Third Circuit Requests Briefing on Whether FTC Declared Unreasonable Cybersecurity Practices Are ‘Unfair’
Katherine Gasztonyi writes: On February 20, the Third Circuit sent a letter to counsel in FTC v. Wyndham Worldwide Corp., identifying at least one topic that will be addressed in the upcoming oral argument regarding the parties’ dispute over whether the FTC has the authority to regulate companies’ data security practices: whether unreasonable cybersecurity practices…
Does Clapper Silence Data Breach Litigation? A Two-Year Retrospective
Andrew Hoffman writes: This February 26, 2015, marks the two-year anniversary of the U.S. Supreme Court’s decision in Clapper v. Amnesty International USA,[1] which required plaintiffs to allege that a threatened injury is “certainly impending” in order to constitute an injury-in-fact sufficient to convey Article III standing. In this time, federal district courts in at least twelve data…