Nate Morabito reports: Despite mistakenly sending confidential personal records to the wrong people, the Social Security Administration refused to offer free credit monitoring to those whose identities were compromised, but the federal agency appears to now have changed its stance. As we reported Friday, several people from Charlotte confirmed SSA sent their original documents to…
Category: U.S.
NY: Syracuse University email hack compromises personal info of 9,800
Michael Sessa reports: The names and Social Security numbers of about 9,800 Syracuse University students, alumni and applicants have been exposed after someone gained unauthorized access to an employee’s email account. The university has sent letters to affected students, alerting them that the university had investigated a data security breach involving some of their personal information….
NY: Man Pleads Guilty to Stealing Nude Photos of Dozens of Victims
A New York man pleaded guilty Monday to computer fraud and aggravated identity theft related to his hacking of online social media accounts and theft of nude images of dozens of female victims. Acting Assistant Attorney General Nicholas L. McQuaid, Acting U.S. Attorney Antoinette T. Bacon of the Northern District of New York, Special Agent…
When to Report a Breach: Consideration of Encryption States
Matt Fisher of Carium writes: Data breaches grab headlines on a daily basis and arise from a number of different scenarios. However, one question that is not necessarily examined closely (at least in news articles), is whether encryption was in place and why the encryption did not prevent the breach. That rhetorical question does not…
What Does the Fifth Circuit’s Vacating of HHS HIPAA Fines Mean for Companies This Year?
Here is some more commentary on the Fifth Circuit opinion in MD Anderson v. HHS. Elfin Noce, Liisa Thomas & Susan Ingargiola of SheppardMullin write, in part: On the ruling regarding the disclosure of ePHI, the Fifth Circuit held that HHS had failed to establish that MD Anderson disclosed ePHI to someone outside of the covered entity. The…
Lessons from Wengui v. Clark Hill: Structuring a Two Track Cyber Investigation
Stephanie A. Diehl of Proskauer writes: As the D.C. District Court in Wengui v. Clark Hill recently commented, “[m]alicious cyberattacks have unfortunately become a routine part of our modern digital world. So have the lawsuits that follow them….” The court’s decision in that case has added another data point to developing jurisprudence of the cyberattack landscape, specifically…