Peter A. Kurtz and Craig A. Newman write: It is not enough for companies to establish policies and procedures designed to prevent the misuse of material nonpublic information. Companies must also enforce those policies and procedures. That’s the lesson from the U.S. Securities and Exchange Commission’s recent settlement with Mizuho Securities USA LLC (“Mizuho”), a broker-dealer,…
Salesforce API error may have caused data leak
Tom Allen reports: Cloud computing firm Salesforce has warned customers that their information may have been shared with other customers’ accounts, due to an API error. In a security advisory, the CRM company says it became aware of the issue on the 18th July. The error impacted ‘a subset’ of Marketing Cloud customers using the…
AU: 7000 patient records from Women’s and Children’s hospital exposed online in embedded data- for 13 years
Simeon Thomas-Wilson reports: Medical records of more than 7000 people were exposed online for 13 years, forcing an urgent review by SA Health into whether there were any other breaches. Names, date of birth and test results for around 7200 pathology tests at the Women’s and Children’s Hospital from 1996 to 2005 were leaked online…
11th Circuit Decision in LabMD Case Could Have Repercussions Beyond the FTC
F. Paul Greene and Daniel J. Altieri consider the landscape after the 11th Circuit’s decision in the LabMD case, noting the state-level Unfair and Deceptive Acts and Practices (“UDAP”) laws and The Nationwide Assurance of Voluntary Compliance may become more prominent as tools for data security enforcement actions. They write, in part: The Nationwide Assurance…
University of Wisconsin system audit reveals risk of cyber attacks, student data at risk
A state audit finds the UW System could be an easy target for cyber attacks or hacks if changes are not made to information technology (IT) security systems. Auditors found risks to accounting, payroll and student data. The UW System has until the end of August to submit plans to the Joint Legislative Audit Committee…
Fashion Nexus reports 650k affected by hack by “white hat hacker” or “ethical hacker”
Tim Clark reports: Details including the email and home addresses of around 650,000 fashion shoppers were stolen following a security breach at ecommerce platform provider Fashion Nexus. The data breach allowed hackers to access customer details from fashion brands including Elle Belle Attire, AX Paris and Traffic People. Online fashion retailers Perfect Handbags and DLSB…