Data Breach

4 lessons from dismissal in Michaels and SuperValu cases

When most people think of data breach lawsuits, they think of large class action cases and settlements like Remijas v. Neiman Marcus and Target. But the vast majority of courts are denying class certification in cyber security cases. Within nearly a week of each other, two federal courts in New …

Data Breach

FTC Fines Company $250k for Falsely Claiming Its Software Provided “Encryption”

The FTC recently announced settlement with Henry Schein Practice Solutions for $250,000 in exchange for resolving the FTC’s claims that Schein falsely advertised that its dental office management software provided encryption. You can read the article, “The Database Software says it is ‘encrypted’… but is it?” here at McDonald Hopkins’ …

Data Breach

South Florida-based Cryptsy Exchange Closed Down by Hackers (& Lawsuit)

If you log onto the once-popular virtual currency exchange, Cryptsy, you can see the virtual version of tumbleweeds blowing through a western town in the form of “volume – 00.00” across the board. On January 14, 2016, the host “Big” Paul Vernor posted this blog post stating that hackers had …

Data Breach

Nine Ways that Companies Get Hacked

This one page article explains the 9 most common ways your clients and companies get hacked — in a single page Palm Beach Bar article. Don’t know a DDOS from a SQL attack? Brute force or a reverse brute force. Read the kama sutra of hacking-for-lawyers, here.

Data Breach

The Government Can Sue Your Company For Negligent Cyber Security

The recent cases of FTC v. Wyndham and In Re TerraComm and YourTel America, we have seen that federal government agencies are pursuing companies who have negligent cybersecurity standards — and the government is winning. In fact, the government need not point to specific statutory violations to win these cybersecurity cases …

Data Breach

20+ Federal Government Agencies’ Standards for Cyber Security

In light of the rulings in FTC v Wyndham and In Re TerraCom and YourTel, it is evident that government agencies are taking the position that they can pursue “common law” cyber security negligence claims rather than relying on standards set by regulation or statute.  At least some of these …

Data Breach

Department of Defense: Interim Rule on CyberSecurity

The Department of Defense has issued an Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS). The specific focus is on new rules  which require contractor reporting on network penetrations. Additionally, this Rule implements DoD policy on the purchase of cloud computing services. The Interim Rule is here. According to …

Data Breach

NIST Draft Practice Guide: Securing Electronic Health Records on Mobile Devices

The National Institute for Standards and Technology issued a “draft” version of a Cybersecurity Practice Guide aimed at doctors, hospitals, and other health care providers. The 82-page Guide discusses how medical providers access patient data remotely and that “the use of mobile devices to store, access and transmit electronic health care …

Data Breach

Second Cir: Facebook Case Reveals Difference b/t CFAA & SCA Statute of Limitation Periods

The Second Circuit confirmed that the Computer Fraud and Abuse Act (18 USC 1030) and the Stored Communications Act (18 USC 2701) calculate the starting point of their two year statute of limitation differently.  If someone’s email and/or social media accounts are hacked, the statutory periods are calculated differently.  This …

Data Breach

Recent Government Guidelines on Data Breach / Cyber Security

Various federal agencies have been busy this Winter-Spring 2015 issuing various guidelines regarding data breach and cyber security: DOJ Best Practices for Victim Response and Reporting of Cyber Incidents (April 2015) – drafted “with smaller, less well-resourced organizations in mind…” Office of National Coordinator for Health Information Technology (April 2015) …

Data Breach

Storm v Paytime — Data Breach Case

According to Judge John E. Jones, III, “[t]here are only two types of companies left in the United States… ‘those that have been hacked and those that don’t know they’ve been hacked.’” Citing the now infamous USAToday article statistic that 43% of companies have experienced a data breach, the US …