Padraic Halpin reports: Yahoo’s European regulator has ordered it to make privacy changes following a probe into what it said was one of the largest ever data breaches to impact EU citizens. […] It ordered the internet company to take specified actions, including ensuring that all its data protection policies take account of the applicable…
Eleventh Circuit Vacates FTC Cybersecurity Order against LabMD
Attorneys at Ropes & Gray, the law firm representing LabMD in LabMD vs. FTC, write: On June 6, 2018, at the urging of Ropes & Gray, the U.S. Court of Appeals for the Eleventh Circuit vacated an order that the Federal Trade Commission (the “FTC”) had imposed on LabMD, Inc. (“LabMD”) to overhaul the cancer…
Possible data breach of Wellington billing and payment system
Scott Sutton reports: Wellington officials said Thursday they were recently notified about potential unauthorized charges on credit cards used by customers to pay their utility bills. In a written statement, the village said on Wednesday they received a call from their vendor, Superion, notifying them of vulnerabilities in their software related to Click2Gov online payments for utility bills. Credit…
New York State suspends ex-URMC nurse who shared patient info with her new employer
Patti Singer reports: A nurse practitioner who three years ago took a list of patients when she left employment at the University of Rochester Medical Center and brought the names to her new employer has been suspended from practice, according to the New York State Education Department Office of the Professions. Martha C. Smith-Lightfoot was…
There’s a big problem for the FTC lurking in 11th Circuit’s LabMD data-security ruling
Alison Frankel writes about what she calls the less obvious takeaway from the 11th Circuit’s LabMD opinion: FTC enforcement actions for unfair practices cannot be based just on consumer injury, even “substantial” injury. This is going to get wonky, but, trust me, it’s what cybersecurity defense lawyers are already buzzing about. Read more on Reuters….
UK: Bible Society fined £100,000 by ICO after security failings put 417,000 supporters’ personal data at risk
The British and Foreign Bible Society, based in Swindon, has been fined £100,000 by the Information Commissioner’s Office, after their computer network was compromised as the result of a dharma variant ransomware attack in 2016. Between November and December 2016, the intruders used a brute force attack and exploited remote access that had been secured…