Archives: Security Breach

Subscribe to Security Breach RSS Feed

OCR Settles First Enforcement Action for Untimely Reporting of a Breach

On January 7, 2016, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement with Presence Health stemming from the entity’s failure to notify affected individuals, the media and OCR within 60 days of discovering a breach. This marks the first OCR settlement of 2017 and the first enforcement action relating to untimely breach reporting by a HIPAA covered entity.… Continue Reading

Home Depot Prevails in Shareholder Derivative Lawsuit Over 2014 Data Breach

Recently, the U.S. District Court for the Northern District of Georgia dismissed a shareholder derivative lawsuit against Home Depot Inc. (“Home Depot”) arising over claims that Home Depot’s directors and officers (the “Defendants”) acted in bad faith and violated their duties of care and loyalty by disregarding their oversight duties in connection with a 2014 … Continue Reading

FINRA Fines Brokerage Firm $650,000 After Cyber Attack

On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.… Continue Reading

Adobe Settles Multistate Data Breach Enforcement Action

On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. … Continue Reading

CIPL and AvePoint Release Global GDPR Readiness Report

On November 9, 2016, the Centre for Information Policy Leadership at Hunton & Williams LLP and AvePoint released the results of a joint global survey launched in May 2016 concerning organizational preparedness for implementing the EU General Data Protection Regulation. … Continue Reading

FinCEN Issues Advisory on SAR Reporting Obligations Involving Cyber Crime

Recently, the U.S. Department of Treasury’s Financial Crimes Enforcement Network issued an advisory entitled Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, to help financial institutions understand how to fulfill their Bank Secrecy Act obligations with regard to cyber events and cyber-enabled crime.… Continue Reading

FTC Issues Guide for Businesses on Handling Data Breaches

On October 25, 2016, the Federal Trade Commission released a guide for businesses on how to handle and respond to data breaches. The 16-page guide details steps businesses should take once they become aware of a potential breach. The guide also underscores the need for cyber-specific insurance to help offset potentially significant response costs.… Continue Reading

G-7 Endorses Best Practices for Bank Cybersecurity

On October 11, 2016, Group of Seven financial leaders endorsed the Fundamental Elements of Cybersecurity for the Financial Sector, a set of non-binding best practices for banks and financial institutions to address cybersecurity threats. … Continue Reading

Department of Defense Finalizes Rule for Cyber Incident Reporting

On October 4, 2016, the U.S. Department of Defense finalized a new mandatory cyber incident reporting rule for defense contractors. The new rule applies to DoD contractors and subcontractors that are targets of any cyber incident with a potential adverse impact on information systems and "covered defense information" on those systems. … Continue Reading

New Jersey Moves Forward With Shopper Privacy Bill

On September 15, 2016, the New Jersey Senate unanimously approved a bill that would limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading

Final Rules for the Data Privacy Act Published in the Philippines

Recently, the National Privacy Commission of the Philippines published the final text of its Implementing Rules and Regulations of Republic Act No. 10173, known as the Data Privacy Act of 2012. The IRR has a promulgation date of August 24, 2016, and went into effect 15 days after the publication in the official Gazette. … Continue Reading

TalkTalk Appeal Against ICO Fine for Late Notification of Data Breach Dismissed by First-Tier Tribunal

On August 30, 2016, the First-tier Tribunal (Information Rights) (the “Tribunal”) dismissed an appeal from UK telecoms company TalkTalk Telecom Group PLC (“TalkTalk”) regarding a monetary penalty notice issued to it on February 17, 2016, by the UK Information Commissioner’s Office (“ICO”). The ICO had issued the monetary penalty notice to TalkTalk, for the amount … Continue Reading
LexBlog