The U.S. Department of Health and Human Services' Office for Civil Rights and the Health Care Industry Cybersecurity Task Force have published important materials addressing cybersecurity in the health care industry. This blog entry provides highlights on these materials.… Continue Reading
On December 27, 2016, the Securities and Exchange Commission announced charges against three Chinese traders who allegedly made almost $3 million in illegal profits by fraudulently trading on nonpublic information that had been hacked from two New York-based law firms.… Continue Reading
On July 25, 2016, Lisa Sotto, partner and head of the Global Privacy and Cybersecurity practice at Hunton, discussed cybersecurity and the changing regulatory landscape on KUCI’s Privacy Piracy radio show. This blog post contains a link to the full interview. … Continue Reading
On February 23, 2016, the Federal Trade Commission announced that it reached a settlement with Taiwanese-based hardware manufacturer ASUSTeK Computer, Inc. to resolve claims that the company engaged in unfair and deceptive security practices in connection with developing network routers and cloud storage products sold to consumers in the U.S.… Continue Reading
On August 24, 2015, the Third Circuit issued its opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, affirming the Federal Trade Commission's authority to regulate companies' data security practices under the unfairness prong of Section 5 of the FTC Act.… Continue Reading
Last week, the Cybersecurity Unit of the U.S. Department of Justice released a guidance document discussing best practices for cyber incident response preparedness based on lessons learned by federal prosecutors while handling cyber investigations and prosecutions.… Continue Reading
On March 3, 2015, the Third Circuit heard oral arguments in FTC v. Wyndham Worldwide Corp. on whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act.… Continue Reading
On October 8, 2014, the Department of Homeland Security reported that over the course of several months, the network of a large critical manufacturing company was compromised. … Continue Reading
A hacking operation that breached government servers, banks and corporations in Germany, Switzerland and Austria for more than a decade highlights concerns about the extent to which such breaches are covered by specialty cyber insurance policies. … Continue Reading
On April 7, 2014, a federal court issued an opinion allowing the Federal Trade Commission to proceed with its case against the Wyndham Worldwide Corporation for unfair data security practices.… Continue Reading
The recently publicized Secure Sockets Layer bug affecting Apple products raises a question regarding insurance coverage: as The Internet of Things expands, who will be held liable for damage caused by coding errors that create security risks?… Continue Reading
A recent cyber attack that involved plugging infected USB sticks into compromised ATMs challenges the argument that traditional insurance policies exclude cyber risks by covering only physical injuries to tangible property. … Continue Reading
The scale of some recent cyber events has been extraordinary and is leading companies to seek protection through both technology and financial products, such as insurance. This blog entry details the potential impact of some insurers' reluctance to remove terrorism exclusions from their policies.… Continue Reading
On June 5, 2013, a federal district court in Ohio held that the Stored Communications Act can apply to an employer reading a former employee's personal emails on a company-issued mobile device that the employee returned at the end of the employment relationship.… Continue Reading
The United States Court of Appeals for the Sixth Circuit recently upheld a lower court decision that losses resulting from the theft of customers’ banking information in a retailer’s computer system were covered under a commercial crime policy’s computer fraud endorsement. … Continue Reading
On June 26, 2012, the Federal Trade Commission announced that it had filed suit against Wyndham Worldwide Corporation and three of its subsidiaries (“Wyndham”) alleging failures to maintain reasonable security that led to three separate data breaches involving hackers accessing sensitive consumer data. The FTC’s complaint claims that Wyndham violated the FTC Act by posting … Continue Reading
On March 27, 2012, the Federal Trade Commission announced that RockYou, Inc., would pay a $250,000 fine to settle allegations that it violated multiple provisions of the Children’s Online Privacy Protection Act Rule when it collected information from approximately 179,000 children.… Continue Reading
On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that its customers’ employees did not have standing to sue Ceridian Corporation, a payroll processing firm that suffered a data breach. … Continue Reading
On May 3, 2011, the Federal Trade Commission announced that it had reached settlements with Ceridian Corporation and Lookout Services, Inc. after alleging both companies had misrepresented the extent of their data security practices and subsequently failed to safeguard their customers' information.
… Continue Reading
On May 2, 2011, Sony disclosed that hackers had gained access to personal information of 24.6 million customers who played games on the Sony Online Entertainment network.
… Continue Reading
On April 11, 2011, a federal district court in California held that breach of contract and negligence claims in a consumer lawsuit stemming from a data security breach may proceed, rejecting defendant application developer RockYou's argument that the plaintiff had failed to sufficiently allege any actionable harm or loss.
… Continue Reading
A report issued by the Identity Theft Resource Center found that hackers took over the top spot as the leading cause of data security breaches in 2009.
… Continue Reading
The court in In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D. N.J. Dec. 12, 2009) recently dismissed a class action lawsuit brought by investors in Heartland, a processor of payment card transactions whose stock value dropped significantly after it suffered a data security breach in which hackers allegedly stole 130 million … Continue Reading
