The Federal Trade Commission finalized an order requiring Marriott International, Inc. and its subsidiary Starwood Hotels & Resorts Worldwide LLC to implement a comprehensive information security program to settle charges that the companies failed to implement reasonable data security, which led to three large data breaches affecting more than 344 million customers worldwide. In a complaint first…
Tag: FTC
Paging regulators to Aisle 4 to look at Pacific Union College’s data security and breach disclosure
On November 8, Pacific Union College in California notified the Maine Attorney General’s Office of a breach in March 2023 that impacted 56,041 people. Their notification, submitted by external counsel at McDonald Hopkins, indicates that the breach occurred between March 5 and March 19, 2023 and was discovered on October 9, 2023. That discovery date…
Privacy advocate files complaint with FTC over Maricopa County Community College District data breach
The 2013 breach at Maricopa County Community College District (MCCCD) in Arizona affected approximately 2.5 million faculty, staff, vendors, and students, making it the largest breach involving student information ever reported by a U.S. institution of higher education. A complaint by this privacy advocate alleges violations of the Safeguards Rule. Having researched and reported on breaches for about…
Rite Aid Agrees to Pay $1 Million to Settle HIPAA Privacy Case
See the companion press release from the FTC in a previous post. Rite Aid Corporation and its 40 affiliated entities (RAC) have agreed to pay $1 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, the U.S. Department of Health and Human Services (HHS) announced today….
Rite Aid Settles FTC Charges That It Failed to Protect Medical and Financial Privacy of Customers and Employees
The following is the FTC’s press release. In the next post, I’ll publish HHS’s press release on their settlement with Rite Aid. Rite Aid Corporation has agreed to settle Federal Trade Commission charges that it failed to protect the sensitive financial and medical information of its customers and employees, in violation of federal law. In…
FTC investigates some firms in P2P leaks
Jaikumar Vijayan of Computerworld was able to see a redacted copy of a letter (Civil Investigative Demand) sent by the FTC to some of the organizations who were found to be leaking information via P2P networks: It showed the agency is seeking information, dating back to mid-2007, on a wide-range of technology and process-related topics….