Garrett M. Graff reports: The three college-age defendants behind the creation of the Mirai botnet—an online tool that wreaked destruction across the internet in the fall of 2016 with unprecedentedly powerful distributed denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for a novel ruling from a federal judge: They hope to be…
Commentary: What Constitutes Negligence in Company Data Breaches?
Amy L. Hanna Keeney of Adams and Reese writes about an opinion in a court case that stemmed from one of TheDarkOverlord’s hacks: their attack on Athens Orthopedic Clinic (AOC). I had covered that breach extensively, including commenting on the fact that AOC did not offer any free services to patients whose data had not…
DealerBuilt Settles with New Jersey AG Over Data Breach
Hunton Andrews Kurth reports: On September 7, 2018, the New Jersey Attorney General announced a settlement with data management software developer Lightyear Dealer Technologies, LLC, doing business as DealerBuilt, resolving an investigation by the state Division of Consumer Affairs into a data breach that exposed the personal information of car dealership customers in New Jersey…
Another security breach at Grindr reveals users’ exact location
Tom Capon reports: Grindr’s security issues are once again in the spotlight as a third party app pinpointed users’ exact location. Despite constant reassurances from the app about the difficulties of exploiting their location technology, the latest security breach revealed how malicious parties can locate users. Discovered by blog Queer Europe, they used a third-party…
In a Data-Breach Lawsuit, Can Plaintiffs Use a Company’s Data Breach Notice to Establish Standing?
Alex M. Pearce of Ellis & Winters LLP writes: ….. When a business suffers a data breach, state laws require the business to send a notice to affected individuals. Those laws typically prescribe the contents of the required notice—sometimes in detail. North Carolina’s data breach notification statute, for instance, requires the notice to include “[a]dvice…
State Department email breach exposed employees’ personal information
Eric Geller and Nahal Toosi report: The State Department recently suffered a breach of its unclassified email system, and the compromise exposed the personal information of a small number of employees, according to a notice sent to the agency’s workforce. State described the incident as “activity of concern … affecting less than 1% of employee…