As reported on our sister blog Consumer Privacy World, Home Depot recently reached a settlement in a lawsuit related to a September 2014 data breach that affected the payment card information of nearly 40 million customers. In addition to a financial settlement, Home Depot agreed to implement and maintain various cybersecurity protocols, including:… Continue Reading
A financial institution has asked a Virginia federal court to overturn a magistrate judge’s order to disclose its forensic report, detailing its 2019 data breach. If your company experiences a data breach, it is imperative to immediately retain outside counsel who understands the nuances of cybersecurity events and attorney work product privileges. Here we provide … Continue Reading
A cyber-attack on budget airline EasyJet that has resulted in the exposure of the email addresses and flight details of 9 million of its customers and the credit card details of 2,208 of them is a reminder to all of the vulnerabilities, risks and obligations in relation to personal data. Two years on from the … Continue Reading
Following recent data security blogs by Francesca Fellowes and Dillon Ravikumar on April 20 and March 26, this update shares guidance from our colleagues in litigation. Ian Debbage and Gareth Timms, write about one of the intended aims of a security breach; fraud – what it is, how you can reduce the risks of fraud … Continue Reading
The ongoing Coronavirus pandemic and related Government guidance, requiring social distancing and individuals to work from home where possible, has resulted in many organisations rapidly having to adapt the way in which they operate. Despite the unprecedented challenges that will need to be faced over the coming weeks, including in many cases significantly reduced resources … Continue Reading
Virgin Media is reportedly one of the latest UK companies to suffer a data security breach. On 5 March 2020, it published a statement on its website explaining that one of its databases had been accessed without Virgin Media’s authorisation, due to a configuration issue. It is reported that the database had been left unsecured … Continue Reading
An unhappy new year for Currys PC World and Dixons Travel stores, as the ICO has issued owners DSG Retail Limited with a Monetary Penalty Notice of £500,000 for serious security failings involving Point of Sale (“POS”) terminals in stores. Although the incident was investigated and addressed under the pre-GDPR legislation, the fine represents the … Continue Reading
In recent days, all eyes have been on the escalating tension between Iran and the US. While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading
Gone are the days when ransomware attacks inflicted the unlucky few. Today, all companies and organizations are susceptible to attack, no matter their size or industry. In a client alert, our Data Breach Response team discusses the rising trends in ransomware attacks, the implications of becoming a victim, and what you can do to protect … Continue Reading
This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading
I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading
On January 25, 2019, the Illinois Supreme Court ruled that a consumer need not demonstrate an adverse effect or specific harm, such as evidence that personal information was stolen or misused, to have standing to sue under the state’s Biometric Identity Protection Act (BIPA). The court held that a procedural violation of the law itself … Continue Reading
In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.… Continue Reading
On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA. The ICO … Continue Reading
With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy. Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 27 November 2017.… Continue Reading
In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading
The latest data privacy Alert from the Squire Patton Boggs’ Data Protection & Cybersecurity team covers news from the week of 6 November 2017. … Continue Reading
The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns. Regardless of industry sector, size or commercial focus, companies not only … Continue Reading