Nicholas Iovino reports: The National Security Agency on Thursday defended hiding key details of its process for deciding whether to exploit or disclose software security flaws that make people vulnerable to hackers. The Electronic Frontier Foundation sued the NSA in 2014 for withholding records on the government’s handling of “zero days,” newly discovered security flaws…
Los Angeles physical therapy provider settles HHS charges that it impermissibly disclosed patient information
An announcement by HHS on Feb. 16 seems to have flown under most media radar. It seems that Complete P.T. used patient images and testimonials on their web site without patient consent, generating a complaint to HHS that HHS investigated and confirmed. Complete P.T. has admitted liability, agreed to pay $25,000, and has agreed to a…
California Attorney General Releases Report Defining “Reasonable” Data Security
I’ve previously posted a link to a report by the California Attorney General on breaches in California and recommendations, but I like that this post by Hunton & Williams focuses on the how the recommendations relate to “reasonable security:” Importantly, the Report states that, “[t]he failure to implement all the [Center for Internet Security’s Critical Security]…
ORCID Security Incident
ORCID describes itself as an “open, non-profit, community-based effort to provide a registry of unique researcher identifiers and a transparent method of linking research activities and outputs to these identifiers. ORCID is unique in its ability to reach across disciplines, research sectors, and national boundaries and its cooperation with other identifier systems.” The following notice was…
Spec’s Liquor Store Chain Suing Insurer Over 2014 Breach
And while we’re talking about data breach litigation…. In March, 2014, Spec’s Family Partners disclosed that 34 of its stores had been hit by a breach that exposed customer data from October 2012 through March 20, 2014. The “small percentage” of customers affected turned out to be approximately 550,000 customers and employees. Now Law360 is reporting…
Wendy’s accused of negligence after alleged data breach
So on January 27, Brian Krebs revealed that Wendy’s was looking into whether it had been breached. By February 8 – a long delay by today’s standards – a potential class action lawsuit was filed by attorneys for Jonathan Torres in the Middle District of Florida. Robbie Hargett of Legal Newsline has more on the lawsuit:…