Data Breach Notification

Warner Music Discloses Data Breach Affecting e-Commerce Websites | 9/7/2020

… Group last week started informing customers of its e-commerce websites that their personal information may have been compromised as a result of a data breach suffered by an external service provider. In a data breach notification submitted to the California Attorney General, the music company said it learned of the breach on August 5, but the hackers had access to the impacted websites since April 25, 2020. It’s unclear …

Warner Music Notifies Customers of Web-Skimming Attack; Personal and Financial Data Potentially Viewed by Cybercriminals | 9/7/2020

US-based multinational entertainment and record label Warner Music Group has disclosed a web-skimming attack that may have let cybercriminals steal customers’ personal and financial data. According to a data breach notification submitted with California’s Office of the Attorney General, the incident involved an undisclosed “number of e-commerce websites operated by Warner Music Group (“WMG”) through an external service provider,” and “may have allowed an unauthorized third party …

Follow Data Breach Notification:    

Warner Music discloses months-long web skimming incident | ZDNet | 9/4/2020

… company’s online stores. Called “web skimming” or “magecart,” this type of attack happens when hackers take control over a website and insert malicious code that logs customer details entered inside payment forms. In a data breach notification letter filed today with the Office of the Attorney General in the state of California, Warner Music said it suffered one such attack earlier this year. Between April 25 and August 5, Warner …

Skimming incident targets Warner Music | 9/4/2020

Warner Music group filed a data breach notification letter with the Office of the Attorney General in California, stating it suffered a “web skimming” attack earlier this year, ZDNet reports. The company said hackers compromised “a number of U.S.-based e-commerce” supported by an external service provider, and customers’ personal information, including payment card details, may have been acquired by a third party. Meanwhile, a hacking operation deployed newly …

5 Things You Need to Know About the Draft Amendments to the PDPA | 9/3/2020

… PDPA since it was passed in 2012. Further amendments may be sought to included in the final Bill which is expected to be presented to Parliament soon. The proposed amendments include: 1. New: Mandatory Data Breach Notification Requirement To strengthen protection for individuals and make organisations more transparent when a data breach occurs: If the amendments are passed, organisations will now have to notify the PDPC of any data breach …

Charges From Botched Data Breach Responses Put the Heat on Corporate Execs | 9/3/2020

… studying the economics of information security concluded that more than 60% of U.S. data breaches go unreported. The cleverly titled study, “Estimating the Size of the Iceberg from Its Tip: An investigation into unreported data breach notification s” by Fabio Bisogni, et al.) clearly explains several reasons for such nonreporting: Many companies fail to even detect the incident or lack logs sufficient to establish that it resulted in unauthorized access to …

When and how to report a breach: Data breach reporting best practices | 9/3/2020

… has been exposed, particularly regarding Personally Identifiable Information (PII) or Protected Health Information (PHI) An important note on communication and breach notification Official notification of a breach is not always mandatory. The rules on data breach notification depend on a number of things: The extent of the breach, i.e., how many data records were affected The type of data, i.e., what type of data was exposed The geography of the …

HB 4186 of 2019 | 9/2/2020

Trade: data security; enactment of data breach notification act; make conforming changes to identity theft protection act. Amends sec. 4 of 2004 PA 452 (MCL 445.64 ). TIE BAR WITH: HB 4187’19 …

HB 4187 of 2019 | 9/2/2020

Trade: data security; data breach notification act; enact. Creates new act. introduced, that As Passed by the Senate As Passed by the Senate is the bill, as received from the House, House …

Facebook class action lawsuit could pave way for biometric privacy laws across the US - The Daily Swig | 9/2/2020

… of Appeals. However, it fared no better before the appellate court , which held that the plaintiffs had asserted a “concrete and particularized” injury that satisfied the requirements for Article III standing. RECOMMENDED Vermont amends data breach notification law with focus on biometric data protection This ruling that any violation of BIPA’s requirements amounts to a violation of a plaintiff’s substantive privacy rights significantly expanded the ability of complainants to pursue …

Data breach notification emails: Don’t batch-and-blast your database! | 8/31/2020

… set up a real time API or auto-batch process to keep newly acquired email addresses clean and safe to send and to improve your overall email results. A lot is riding on your data breach notification emails. This includes: Complying with data security laws, Keeping customers informed, Rebuilding trust and Mitigating damage to your brand and sender reputation. That’s why you have to be sure that your emails will …

Uber’s Former Security Chief Has Been Charged With Allegedly Covering Up a Data Breach | 8/30/2020

… didn’t immediately report the incident to the public or any authorities. Instead, it paid the perpetrators $100,000 in exchange for their silence and didn’t announce the breach until November 2017. That decision violated the data breach notification laws in every state requiring that companies disclose the theft of their customers’ personal information. In 2018, Uber agreed to a $148 million fine as part of a settlement with the attorneys general …

Data Breach Notifications: How, What, When, and Why | 8/28/2020

… attachments. An email is an easy vehicle for a cyber-criminal to use to download a malware onto your computer.That is why you should never open links from an unknown source. What Is a Data Breach Notification Plan? Unfortunately, even the best security mechanism may fall and a data breach may occur. That is why you need to create, for good measure, a data breach notification plan. This plan helps …

Industry Groups Urge FTC to Modify Breach Notification Rule | 8/25/2020

Several health IT industry groups are urging the Federal Trade Commission to update its health data breach notification rule. That’s because the rule, designed to cover health data not protected under HIPAA, currently applies only to personal health records and related vendors, and it needs to address technological developments and regulatory gaps that have evolved since it was implemented a decade ago. See Also: 11 Guidelines for Minimizing Vulnerability for …

Attias v. CareFirst, Inc. | 8/11/2020

… negligence per se, fraud, constructive fraud, and breach of a duty of confidentiality); two contract claims (breach and unjust enrichment); and four statutory claims (D.C., Maryland, and Virginia consumer protection laws and the D.C. data breach notification statute). All told, the seven plaintiffs raised fifty-four claims stemming from the data breach. 3 CareFirst moved to dismiss for lack of standing and failure to state a claim. The district court …

Beyond Data Breach: Evaluating Coverage for Misuse of Information Claims | 7/11/2020

New and comprehensive privacy and cyber regulations continue to proliferate across the globe. These are not your father’s data breach notification laws. The scope of information included within these mandates has expanded significantly beyond the limited categories of personally identifiable information found in early notification laws to now include broad categories of information like browsing history, biometric information, geolocation information, and audio, visual, thermal, and olfactory information, depending on the …

ICO: UK government reported 495 data breaches during fiscal year | 7/10/2020

PublicTechnology reports the U.K. Information Commissioner’s Office received 495 data breach notification s from government entities during the 2019–20 fiscal year. At least 10 of the data security lapses prompted the affected agencies to take remedial action. The number of reported incidents is a 290% increase in comparison to those in the 2017–18 fiscal year, which was the last before the EU General Data Protection Regulation took force …

London authorities arrest suspected unknown customers, matchmaking plentyOfFish that is website hacked, plus additional briefs | 7/9/2020

… systems and hijack, for instance, Twitter and fb records. HTTPS will eventually be provided as being a standard environment to all the people. A California lawmaker introduced a bill that would update the state’s data breach notification law, SB-1386, to include additional requirements for organizations that lose sensitive data»For a third time. The suggestion by Sen. Joe Simitian (D-Palo Alto), would need that violation alerts emails include …

The Stopwatch Is Ticking – How Ransomware Can Set a Breach Notification in Motion | 7/9/2020

… also puts the enterprise at risk of running afoul of legislation designed to protect consumer data as well as from litigation by affected customers. The situation presents a number of difficulties for organizations regarding data breach notification laws. Do companies have to report a data breach? Who do you have to report a data breach to? When do you have to report a data breach and under what circumstances? In …

Louisiana Now Requires IT Partners Serving Government to Register: Here’s What that means! | 7/9/2020

… Activity Requiring Reporting to the State The law will require IT Consultants to notify the State of Louisiana in the event of a range of online security incidents, including: Ransomware payments that take place Data breach notifications need to go out and similar events Though all 50 states have laws covering data breaches on the books, this law requires the IT Company to not only contact the impacted parties, usually …

Dutch DPA Releases 2019 Annual Report | 7/8/2020

… DPA focused on enforcement actions, after having raised awareness about the EU General Data Protection Regulation (the “GDPR”) in 2018. Below are key findings from the Report. In 2019, the Dutch DPA: Received 26,956 data breach notification s, compared to 20,881 in 2018. Received 27,854 complaints, including 959 international complaints. According to the Dutch DPA, the number of complaints shows how important privacy has become for individuals. This is confirmed by …

Louisiana Now Requires MSPs Serving Government to Register: Here’s Why It’s a Great Idea! | 7/8/2020

… of Activity Requiring Reporting to the State The law will require MSPs to notify the State of Louisiana in the event of a range of online security incidents, including if ransomware payments take place, data breach notification s need to go out and similar events. Though all 50 states have laws covering data breaches on the books, this law requires the MSP to not only contact the impacted parties, usually the …

Vermont Updates Data Breach Notification Law | 7/8/2020

Vermont Updates Data Breach Notification Law Jul 7, 2020 Vermont recently amended its data breach notification law. The changes will go into effect July 1, 2020. As amended, the definition of “personal information” now includes the following when combined with a consumer’s first name or first initial and last name: Individual taxpayer identification number, passport number, military identification card number, or other identification number that originates from a government identification …

Data Privacy and Protection Manager | Parisima Talent | 7/5/2020

… environment and then Designs and Develops the overall Data Privacy and Protection Regulatory Framework. • Establishes, advises, and coordinates Client’s Data Privacy & Protection compliance framework. • Designs, implements, and maintains an adequate integrated incident response and data breach notification procedure as required in line with Client’s policies, standards, and procedures. • Develops, coordinates and provides guidance, assessments, training, and monitoring of the compliance and Data Privacy/Protection control environments within the business units …

Brazilian Data Protection under Covid-19: Legal Certainty is the Main Casualty, by Luca Belli and Nicolo Zingales | 7/3/2020

… and, in its most refined expression, the General Data Protection Regulation . However, key elements remain undefined, such as the procedures for data subject requests, the criteria used to deem data anonymized, the procedures for data breach notification s and the criteria for the conduct of Data Protection Impact Assessments, just to name a few examples. If anything, the arrival of the Covid-19 pandemic has made the establishment of the ANPD …

HIPAA

Compliance and Data Privacy Regs IT Security Pros Should Worry About | 11/20/2019

… data and patient data in the U.S. are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act … In the U.S., for example, 46 states have their own data breach notification laws (and each such state, accordingly, has its very own definition of such basic terms as “data” and “breach”) – with Massachusetts and …

The New SHIELD Act Changes Breach Notification Rules and Data Security Standards for New Yorkers’ Personal Information - Insights - Proskauer Rose LLP | 8/21/2019

… Hacks and Improve Electronic Data Security Act (the “ SHIELD Act “ or the “ Act “). The Act amends New York State’s current data breach notification law, which covers breaches of certain personally-identifiable computerized data (referred to … under the Health Insurance Portability and Accountability Act of 1996 (“ HIPAA “). The Act requires HIPAA covered entities to report to the New York State Attorney General in the event data breach reporting to the Secretary …

Digital Health

My Health Record Opt Out Switch Led to Surge in Privacy Complaints, 35 Data Breach Notifications | 11/13/2019

My Health Record Opt Out Switch Led to Surge in Privacy Complaints, 35 Data Breach Notifications Joseph Brookes 2019-11-13 Switching Australia’s ehealth system, known as My Health Record, to an opt out model led to a surge in privacy complaints, the privacy watchdog revealed in its annual report on digital health. The Office of the Australian Information Commissioner says it has now received over 60 privacy complaints and 35 data …

Weekly Australian Health IT Links – 11th November, 2019. | 11/11/2019

… fun bits and pieces. By Dana McCauley November 5, 2019 — 7.45pm Thirty-seven data breaches involving the federal government’s controversial digital health records system were reported in 2018-19, including one where the wrong parent was … 42 data breaches (in 28 notifications)” in 2017-18 and “35 data breach notifications” in 2016-17. However, as with previous years, there were “no purposeful or malicious attacks compromising the integrity or security of the My …

Alphabet Inc

REFILE-UPDATE 4-Uber-Waymo trial delayed as U.S. judge raises prospect of ‘cover-up’ | Reuters | 11/29/2017

… Heather Somerville and Dan Levine SAN FRANCISCO, Nov 28 (Reuters) - Uber Technologies Inc withheld evidence in a lawsuit filed by Alphabet Inc’s Waymo, a U.S. judge said on Tuesday, delaying a trial to give Waymo … have filed lawsuits against Uber for failing to comply with data breach notification laws. Reporting by Heather Somerville; Writing by Dan Levine, Peter Henderson and Heather Somerville; Editing by Meredith Mazzilli and Tom Brown …

Uber-Waymo trial delayed as U.S. judge raises prospect of ‘cover-up’ | Yahoo News | 11/29/2017

By Heather Somerville and Dan Levine SAN FRANCISCO (Reuters) - Uber Technologies Inc withheld evidence in a lawsuit filed by Alphabet Inc’s Waymo, a U.S. judge said on Tuesday, delaying a trial to give Waymo time … have filed lawsuits against Uber for failing to comply with data breach notification laws. (Reporting by Heather Somerville; Writing by Dan Levine, Peter Henderson and Heather Somerville; Editing by Tom Brown and Leslie Adler …

Zack Whittaker

Tuft & Needle exposed thousands of customer shipping labels | TechCrunch | 12/2/2019

Zack Whittaker @zackwhittaker / 21 hours Mattress and bedding giant Tuft & Needle left on an unprotected cloud server hundreds of thousands of FedEx shipping labels containing customer names, addresses and phone numbers. More than 236,400 shipping … Tuft & Needle said it would “comply” with any applicable state data breach notification laws, but did not explicitly say if the company would inform customers of the security lapse …

Millions of SMS messages exposed in database security lapse | TechCrunch | 12/1/2019

Zack Whittaker @zackwhittaker / 15 hours A massive database storing tens of millions of SMS text messages, most of which were sent by businesses to potential customers, has been found online. The database is run by … to inform regulators, such as state attorneys general, per state data breach notification laws. The company is just one of many SMS providers that have in recent months left systems — and sensitive text messages — on …

Jeffrey Katz

Mixcloud data breach exposes over 20 million user records | Yahoo News | 11/30/2019

… listing. Mixcloud last year secured a $11.5 million cash injection from media investment firm WndrCo, led by Hollywood media proprietor Jeffrey Katzenberg. It’s the latest in a string of high profile data breaches in recent … company planned to inform regulators under U.S. state and EU data breach notification laws. Co-founder Nico Perez also declined to comment further. As a London-based company, Mixcloud falls under U.K. and European data …

Mixcloud data breach exposes over 20 million user records | Yahoo News | 11/30/2019

… listing. Mixcloud last year secured a $11.5 million cash injection from media investment firm WndrCo, led by Hollywood media proprietor Jeffrey Katzenberg. It’s the latest in a string of high profile data breaches in recent … company planned to inform regulators under U.S. state and EU data breach notification laws. Co-founder Nico Perez also declined to comment further. As a London-based company, Mixcloud falls under U.K. and European data …

Troy Hunt

Credential stuffing explained: How to prevent, detect and mitigate | CSO Online | 10/30/2019

data breach notification service run by security researcher Troy Hunt, tracks over 8.5 billion compromised credentials from over 410 data beaches. The service only includes credentials from data sets that are public or have been widely distributed on underground forums, but many database dumps have remained private and are only available to small groups of hackers. An entire underground economy based on selling stolen credentials and specialized tools supports automated …

Hackers Breach Forum Of Popular Webcomic ‘XKCD’ - VICE | 9/3/2019

The data breach affected 560,000 users. Tweet Image: XKCD Hackers have breached the forum of the popular webcomic XKCD, stealing around 560,000 usernames, email and IP addresses, as well as hashed passwords. XKCD disclosed the breach over the weekend, after security researcher Troy Hunt, who maintains the data breach notification website Have I Been Pwned alerted them. The forum has been taken offline. “The xkcd forums are currently offline. We’ve …

Eric Geller

The future and past of Energy and Commerce - POLITICO | 10/29/2019

With help from Eric Geller, Mary Lee, Martin Matishak, Matthew Brown and Cristiano Lima Editor’s Pro’s services, at politicopro.com . Quick Fix Story Continued Below — The House Energy and Commerce Committee is losing one of its … issues as diverse as encryption, supply chain, telecom security and data breach notification, and Walden prioritized those issues as chairman from 2017 to 2019 and ranking member since January. In addition to moving several grid …

The rest of the congressional cyber agenda - POLITICO | 9/9/2019

With help from Eric Geller and Martin Matishak Congress returns today, and could move legislation on internet of things security, encryption and more. — First in MC: Progressive groups sent a letter to congressional Democrats seeking … drop this month. Once more, there’s a movement afoot on data breach notifications to consumers, but other sessions of Congress are littered with the corpses of similar measures. — Some of the other major bills are …

Martin Matishak

The future and past of Energy and Commerce - POLITICO | 10/29/2019

With help from Eric Geller, Mary Lee, Martin Matishak, Matthew Brown and Cristiano Lima Editor’s Pro’s services, at politicopro.com . Quick Fix Story Continued Below — The House Energy and Commerce Committee is losing one of its … issues as diverse as encryption, supply chain, telecom security and data breach notification, and Walden prioritized those issues as chairman from 2017 to 2019 and ranking member since January. In addition to moving several grid …

The rest of the congressional cyber agenda - POLITICO | 9/9/2019

With help from Eric Geller and Martin Matishak Congress returns today, and could move legislation on internet of things security, encryption and more. — First in MC: Progressive groups sent a letter to congressional Democrats seeking … drop this month. Once more, there’s a movement afoot on data breach notifications to consumers, but other sessions of Congress are littered with the corpses of similar measures. — Some of the other major bills are …

Travis Kalanick

Uber hack lawsuit adds to an already daunting list | CNBC | 12/1/2017

… and sweeping changes since being tapped for the position in August to rid the company of scandal tied to founder Travis Kalanick. The company has made efforts to improve working conditions for drivers and has … the company. The Washington lawsuit claims Uber violated the state’s data breach notification law, which requires that the state be notified within 45 days of a breach if more than 500 Washington residents were impacted …

Uber’s messy data breach collides with launch of SoftBank deal | 11/23/2017

… on more than 57 million customers and drivers that was stolen from the company - and decided under the previous CEO Travis Kalanick not to report the matter to victims or authorities. Uber was first hacked … are likely to go after Uber for breaking laws on data breach notification within a reasonable period of time. At least two class action lawsuits have been filed against the company in the United States …

Dara Khosrowshahi

Uber hack lawsuit adds to an already daunting list | CNBC | 12/1/2017

… filings over the ride-hailing company’s undisclosed 2016 hack — a trend that continues to plague the company’s cultural reversal. CEO Dara Khosrowshahi has made clear and sweeping changes since being tapped for the position in … the company. The Washington lawsuit claims Uber violated the state’s data breach notification law, which requires that the state be notified within 45 days of a breach if more than 500 Washington residents were impacted …

REFILE-UPDATE 4-Uber-Waymo trial delayed as U.S. judge raises prospect of ‘cover-up’ | Reuters | 11/29/2017

… autonomous vehicle ambitions and is the highest-stakes legal challenge on a lengthy list of litigation that new Chief Executive Dara Khosrowshahi inherited when joining the company in August. The hearing on Tuesday centered on … have filed lawsuits against Uber for failing to comply with data breach notification laws. Reporting by Heather Somerville; Writing by Dan Levine, Peter Henderson and Heather Somerville; Editing by Meredith Mazzilli and Tom Brown …

Dan Levine

REFILE-UPDATE 4-Uber-Waymo trial delayed as U.S. judge raises prospect of ‘cover-up’ | Reuters | 11/29/2017

Adds dropped word in 6th paragraph and fixes typo in paragraph 16) By Heather Somerville and Dan Levine SAN FRANCISCO, Nov 28 (Reuters) - Uber Technologies Inc withheld evidence in a lawsuit filed by Alphabet Inc’s … have filed lawsuits against Uber for failing to comply with data breach notification laws. Reporting by Heather Somerville; Writing by Dan Levine, Peter Henderson and Heather Somerville; Editing by Meredith Mazzilli and Tom Brown …

Uber-Waymo trial delayed as U.S. judge raises prospect of ‘cover-up’ | Yahoo News | 11/29/2017

By Heather Somerville and Dan Levine SAN FRANCISCO (Reuters) - Uber Technologies Inc withheld evidence in a lawsuit filed by Alphabet Inc’s Waymo, a U.S. judge said on Tuesday, delaying a trial to give Waymo time … have filed lawsuits against Uber for failing to comply with data breach notification laws. (Reporting by Heather Somerville; Writing by Dan Levine, Peter Henderson and Heather Somerville; Editing by Tom Brown and Leslie Adler …