Elizabeth Casale, Rachel Harris, Layla Husen, and Luke Sosnicki of of Thompson Coburn write: The Second Circuit recently joined a growing number of federal courts to decide when a data breach of personally identifiable information (“PII”) is actionable. According to the Second Circuit, plaintiffs do not have standing to bring a lawsuit when there is…
Kr: Facebook recommended to pay 300,000-won compensation per victim over personal data breach
Yonhap News Agency reports: The state watchdog on personal information protection on Friday recommended the operator of Facebook to pay 300,000 won (US$256.70) in compensation to each of 181 users demanding damages for the provision of their personal information to third parties without consent. The recommendation to Meta Platforms, Inc. was made by the Personal…
Private proof-of-vaccine app Portpass continues to expose personal data even after relaunch and updates
Robson Fletcher reports: Personal information belonging to more than 17,000 users of the private proof-of-vaccination app Portpass is still unsecured and visible online — including, in some cases, photos of drivers’ licences and passports — despite assurances from the company that its data-security problems have been fixed. The Calgary-based smartphone app was temporarily taken offline in late September…
Customers Can Pursue Negligence Claims Directly Against Vendor (Blackbaud)
David Kessler and Susan Ross write: On October 19, 2021, a federal trial court in South Carolina ruled that a group of consumers could proceed with common law negligence and gross negligence claims directly against their organizations’ vendor that had been the victim of a security breach—instead of suing the organizations of which they were…
FBI warns of Ranzy Locker ransomware threat, as over 30 companies hit
Graham Cluley writes: The FBI has warned that over 30 US-based companies had been hit by the Ranzy Locker ransomware by July this year, in a flash alert to other organisations who may be at risk. According to the alert, issued with the Cybersecurity and Infrastructure Security Agency (CISA), most of the victims were compromised after brute…
UK: Tesco worker compensated after supermarket lost 15 years of her medical records
Tristan Cork reports: A woman from Bristol has been awarded £3,000 in compensation after discovering Tesco had lost 15 years of her employment records, including sensitive medical information. Jacqueline Ogborne worked for the supermarket chain for 30 years but said the data breach left her ‘feeling violated’. The 55-year-old only discovered Tesco had lost her employment…