David Cohen, Douglas Meal, and Michelle Visser of Ropes and Gray, the firm that represented LabMD against the FTC, write: Representing LabMD in its successful petition to the U.S. Court of Appeals for the 11th Circuit has been a fascinating experience in a number of ways. One of those is what the case reinforced for…
(UPDATED) Equifax Agrees to New Data Breach Safeguards in Consent Order With State Regulators
Dan M. Clark reports on six major actions Equifax agreed to take to settle eight states’ charges against them over the 2017 data breach. From his report, because I cannot find a copy of the actual consent decree online just yet: The company’s board members will have to review and approve a written risk assessment…
Nearly $1 Million Stolen from Connecticut Higher Education Trust Accounts During Security Breach
NBC CT reports: Nearly $1 million was stolen from CHET — Connecticut Higher Education Trust — accounts during a security breach and 21 account holders were affected, according to the Office of the State Treasurer. Connecticut State Treasurer Denise Nappier said that TIAA-CREF Tuition Financing, Inc., the CHET Direct program manager, alerted the state Treasury…
Marketing Firm Exactis Leaked a Personal Info Database With 340 Million Records
Andy Greenberg reports: You’ve probably never heard of the marketing and data aggregation firm Exactis. But it may well have heard of you. And now there’s also a good chance that whatever information the company may possess about you, it recently leaked onto the public internet, available to any hacker who simply knew where to look….
In Wake of Equifax Data Breach, Credit Reporting Agencies Made Subject to NY State Cybersecurity Regulations
Dan Clark reports: Credit reporting agencies will now be required to register with the state and comply with its cybersecurity regulations, the state Department of Financial Services announced Monday. The new rules are the state’s response to last year’s data breach at Equifax, a credit reporting agency, that exposed the personal information of 143 million people. If a…
Casino Rama Would Have to Disclose 2016 Data Breach Investigation Reports, Ontario Court Rules
This site has previously noted the hack and subsequent extortion demands affecting Casino Rama in Ontario, including the dump of some of their data when they did not pay the extortion demand. Now Daniel Thompson reports: An Ontario-based casino which has been facing a class-action lawsuit would have to hand over a computer forensics investigation…