Data Breach

Subscribe to Data Breach RSS Feed

EasyJet Cyber-Attack: How to Avoid an Easy Hack

A cyber-attack on budget airline EasyJet that has resulted in the exposure of the email addresses and flight details of 9 million of its customers and the credit card details of 2,208 of them is a reminder to all of the vulnerabilities, risks and obligations in relation to personal data. Two years on from the … Continue Reading

Fraud in Times of Crisis

Following recent data security blogs by Francesca Fellowes and Dillon Ravikumar on April 20 and March 26, this update shares guidance from our colleagues in litigation. Ian Debbage and Gareth Timms, write about one of the intended aims of a security breach; fraud – what it is, how you can reduce the risks of fraud … Continue Reading

A Timely Reminder: Maintain Data Security in the Face of the Pandemic

The ongoing Coronavirus pandemic and related Government guidance, requiring social distancing and individuals to work from home where possible, has resulted in many organisations rapidly having to adapt the way in which they operate. Despite the unprecedented challenges that will need to be faced over the coming weeks, including in many cases significantly reduced resources … Continue Reading

ICO Issues Fine Against National Retailer for Security Failings

 An unhappy new year for Currys PC World and Dixons Travel stores, as the ICO has issued owners DSG Retail Limited with a Monetary Penalty Notice of £500,000 for serious security failings involving Point of Sale (“POS”) terminals in stores. Although the incident was investigated and addressed under the pre-GDPR legislation, the fine represents the … Continue Reading

Heightened Risk of Cyberattacks – What You Should Do Now

In recent days, all eyes have been on the escalating tension between Iran and the US.  While we wait and watch politics unfold, the Department of Homeland Security (DHS), New York’s Department of Financial Services and the Cybersecurity and Infrastructure Security Agency (CISA) have all issued notices concerning the heightened risk of an Iranian cyberattack. … Continue Reading

Ransomware Attacks – Why it Should Matter to Your Business

Gone are the days when ransomware attacks inflicted the unlucky few.  Today, all companies and organizations are susceptible to attack, no matter their size or industry.  In a client alert, our Data Breach Response team discusses the rising trends in ransomware attacks, the implications of becoming a victim, and what you can do to protect … Continue Reading

UK Ministry of Justice Announces Changes Regarding Privacy and Data Protection Claims

This summer the ICO has issued significant fines in relation to high profile data breaches since acquiring its new “GDPR charged” powers. With less publicity, but nonetheless important given the increasing awareness of the rights of data subjects to claim damages for breaches of data protection legislation, the Ministry of Justice has recently announced that … Continue Reading

Executive Hacks and What To Do

I was recently helping a client in Tokyo respond to a serious and sophisticated cyber breach where hackers executed a transfer of nearly US$1M out of the client’s Hong Kong bank account. In this instance, the hackers had hacked into the CEO’s cloud-based corporate e-mail account and had determined a way to create a transaction … Continue Reading

Illinois Supreme Court Decides Actual Harm Not Necessary to Sue under BIPA

On January 25, 2019, the Illinois Supreme Court ruled that a consumer need not demonstrate an adverse effect or specific harm, such as evidence that personal information was stolen or misused, to have standing to sue under the state’s Biometric Identity Protection Act (BIPA). The court held that a procedural violation of the law itself … Continue Reading

Illinois Supreme Court to Resolve the Conflict over the Scope of BIPA’s Private Right of Action.

In Illinois, the courts are grappling with an issue akin to the Article 3 standing issues that courts have been analyzing in post-breach cases for years, that is, whether a plaintiff must claim actual harm as a result of a statutory violation or whether the violation is sufficient by itself to support standing to sue.… Continue Reading

Why the ICO Fined Equifax £500,000

On 19th September 2018, the Information Commission Officer (“ICO”) fined credit reference agency Equifax Limited £500,000 for breaching the Data Protection Act 1998 (“DPA”). Finding that Equifax Limited failed to protect the personal data of up to 15 million UK individuals, the ICO awarded the maximum penalty for a breach under the DPA. The ICO … Continue Reading

Data Breach Laws on the Books in Every State; Federal Data Breach Law Hangs in the Balance

With no central federal data breach law, states have taken the reins, passing an increasing number of laws that require both the protection of citizens’ private data and prompt notice of any breach of that privacy.  Governors in the last two holdout states, South Dakota and Alabama, recently signed bills to enact laws governing data … Continue Reading

Independent Bank Class Action Alleges Specific Equifax Security Failures, Actual Harm and the Threat of Future Harm

In another lawsuit against Equifax, the Independent Community Bankers of America (ICBA), on behalf of thousands of community banks, seeks to hold Equifax accountable for the July 2017 data breach that potentially affected more than 145.5 million consumers. ICBA, along with Bank of Zachary and First State Bank, filed the class action last week in … Continue Reading

Breakfast Briefing – Cybersecurity Readiness and Effective Breach Response

The EU General Data Protection Regulation (GDPR) increases organizations’ obligations to a new level and also adopts, for the first time, specific breach notification guidelines. Cybersecurity readiness and effective responses are no longer the exclusive domain of IT departments -these are now board-level concerns.  Regardless of industry sector, size or commercial focus, companies not only … Continue Reading
LexBlog