Hunton & Williams writes: On November 29, 2017, the EU’s Article 29 Working Party (”Working Party”) announced the establishment of a task force to coordinate the plethora of national investigations throughout the EU into Uber’s 2016 data breach that affected approximately 57 million users worldwide. The task force is being led by the data protection…
Morrisons’ data leak could see thousands of workers given payout
Jan Colley, Simon Smith, and Gareth Bartlett report: Staff at Morrisons could be about to receive a massive payout after their personal details were posted on the internet. A huge data leak by the supermarket giant has allowed a claim by thousands of workers. They are seeking compensation for the upset and distress caused and…
Stanford University data glitch exposes truth about scholarships
Nanette Asimov reports: Stanford Business School officials are admitting that for years they have given steep price breaks to preferred applicants while claiming the scholarships were only for needy students — and say they will close a glitch that allowed public access to thousands of confidential student financial aid records. A student discovered in February…
Florida-based credit firm left 111GB of sensitive customer data exposed on AWS server
Patrick Howell O’Neill reports: A Florida-based credit repair company left 111 gigabytes of extremely sensitive customer information and internal company data publicly accessible on the internet possibly for up to two years. The National Credit Federation publicly exposed 47,000 files that included customer names, addresses, dates of birth, driver’s licenses, Social Security cards, credit reports,…
National data breach notification law introduced by Senate Commerce Committee members
Patrick Howell O’Neill reports: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports…
More than two years after compromise, Combat Brands was still battling malware?
First, there was this: On January 25, 2017, Combat Brands began investigating some unusual activity reported by its credit card processor. Combat Brands immediately began to work with third-party forensic experts to investigate these reports and to identify any signs of compromise on its systems. On February 23, 2017, Combat Brands discovered that it was…