Back in September 2013, online ticket broker Vendini was sued by its insurer, who, not surprisingly, did not want to have to provide coverage for a breach that may have affected up to three million customers (previous coverage of the breach and aftermath linked from here). Now the law firm of King & Spalding reports: On February…
Category: U.S.
NY: Two-Factor Authentication May Be Coming to a Bank Near You
David Smyth of Brooks, Pierce, McLendon, Humphrey & Leonard, LLP writes: When I was at the SEC and online broker-dealers’ customers were the victims of hacking incidents, I used to wonder, why don’t the broker-dealers require multi-factor authentication to gain access to accounts? It was a silly question. I knew the answer. Multi-factor authentication is a pain and…
Hospital Sues Bank of America Over Million-Dollar Cyberheist
Brian Krebs reports: A public hospital in Washington state is suing Bank of America to recoup some of the losses from a $1.03 million cyberheist that the healthcare organization suffered in 2013. In April 2013, organized cyber thieves broke into the payroll accounts of Chelan County Hospital No. 1 , one of several hospitals managed by the Cascade Medical Center in Leavenworth, Wash….
U. of Chicago notifies employees and former students of hack
The University of Chicago breach reported on this site in January and February has now been reported to at least one state attorney general. The breach involved a database belonging to the Biological Sciences Division. In a copy of their notification letter, submitted to the Vermont Attorney General’s Office, Dr. Everett Vokes, Chairman of the Department of…
The Daily Mail did what U.S. media didn’t do: FOI the U.S. Education Department for Insider Breaches
From the good-for-them dept.: The Daily Mail in the U.K. filed a Freedom of Information request with the U.S. Education Department and obtained over 100 pages of responsive documents to their request for records relating to employee misuse of department computers. They have made the entire file available on their site. Note that this is…
Complicated relationships and breach notification requirements
A notification to the New Hampshire Attorney General’s Office from McDermott Will & Emery LLP provides a useful illustration of how some organizations may be struggling to determine their notification obligations to states as a result of the Anthem breach: If a law firm has trouble figuring out their obligations, can you imagine what others are struggling with? Coincidentally, perhaps, an attorney at…