Archives: The Saga Continues

Subscribe to The Saga Continues RSS Feed

HR Bewar(y): Job applications and resumes could have ransomware attached

You recently engaged a contract HR recruiter to work onsite helping with increased hiring. The contractor is reviewing hundreds of job applications for several new job postings. Not surprisingly, many of the job applications have a PDF resume attached. The contract recruiter clicks on one of the attached resumes and enables the associated macro to … Continue Reading

Wyndham checks out of FTC dispute

Yesterday the FTC announced it has settled its claims against Wyndham for inadequate data security, with Wyndham signing on to essentially the same consent order used by the FTC in most of its more than 50 concluded data security enforcement matters. The settlement marks the end of a three-year legal battle in which Wyndham attempted, unsuccessfully, to restrict … Continue Reading

FTC v. LabMD – 50 shades of white hat

The FTC has pursued enforcement actions against more than 50 companies for inadequate data security, and to date only two, Wyndham Hotels and LabMD, have pushed back. On the heels of a Third Circuit victory in its Wyndham litigation, the FTC recently suffered a blow when its administrative complaint against LabMD was dismissed – by an FTC administrative … Continue Reading

Target update: Happy holidays for banks

Talk about a “bank holiday” – under a settlement deal filed in court yesterday, Target will pay $39.4 million  to a litigation class of banks and credit unions to settle financial institution claims related to the retailers’ massive 2013 data breach, which compromised at least 40 million credit cards. The preliminary settlement is the first time … Continue Reading

Third Circuit gives FTC green light for data security enforcement

Months. Actually, years. That’s how long the notion has been brewing that the Federal Trade Commission has no authority to enforce reasonable data security under the unfairness prong of FTC Act Section 5. The stakes are high – the FTC can pursue essentially any commercial company under the FTC Act for unfair or deceptive trade … Continue Reading

Federal Cyber Legislation Update #2

As high-profile data breaches continue to make news, it appears Congress could finally pass legislation establishing a national standard for data breach notification. Currently, PII breach notification is governed by a patchwork of state laws, making compliance burdensome and time consuming for affected businesses. To further complicate matters, many states have recently passed or are … Continue Reading

FTC v. Wyndham: the battleground for reasonable data security

In 2012, the Federal Trade Commission filed suit in federal court against hotelier Wyndham and its various subsidiaries (“Wyndham”), claiming that Wyndham’s allegedly unreasonable data security practices allowed hackers to steal personal information and payment data of Wyndham’s customers. The FTC’s claims were not unusual – by 2012 the FTC had spent a decade pursuing companies … Continue Reading

Taking stock of the Target data breach

The Target data breach disrupted the 2013 holiday shopping season, shook the retail industry, and shocked many who assumed that a nationwide retailer would have the security controls in place to prevent such an attack. The breach exposed credit card data of 40 million individuals and personal data of approximately 70 million consumers. A quarter billion … Continue Reading

Federal Cyber Legislation Update #1

After years of debate, Congress last December passed three bills focused on combating cybercrime. President Obama quickly signed each bill into law. They include: National Cybersecurity Protection Act of 2014. The most notable piece of legislation for the private sector, this Act establishes a framework for private entities and government authorities to share intelligence about cyber … Continue Reading

Another notch in the hacking holster: Cyber outlaws hit Anthem hard

Having no need to brandish bandanas to obscure identity or firearms to force entry, cyber bandits, in a sophisticated and well-orchestrated robbery, waltzed into the IT vaults of Anthem, the second-largest U.S. health insurer, and walked off with personally identifiable information on about 80 million current and former members, a population that comprises Anthem customers, … Continue Reading
LexBlog