...and the suits go on,
la de da de da de da....
Target
Faces Nearly 70 Lawsuits Over Breach
Still reeling from the
hit to its reputation from
last month’s massive data breach, Target
Corp. faces nearly 70 class-action lawsuits.
… Gregory Little,
an attorney at White & Case LLP who defends companies against
class actions, said retail companies are at “significant risk” of
facing class actions as large data breaches become more common. “As
technology makes it easier to harm larger numbers of individuals,
there is greater likelihood that class actions are going to be
brought,” said Mr. Little.
… Some small banks
are also seeking damages from Target for the costs they are incurring
because of the breach. Alabama State Employees Credit Union, which
leads a class action case of affected banks, said in its complaint
that it has been “swamped by customers and its members needing to
close accounts” to prevent fraudulent activity, forcing the small
bank to spend time and money creating new cards and refunding lost
deposits.
(Related)
Target's
Payment Processors Could Face Hefty Fines Due to Data Breach
Payment processing
firms that have been assisting retailer Target, which recently
suffered a major data breach, could face millions of dollars in fines
and costs due to the issue.
Target's partners could
face consumer lawsuits and fines that payment networks such as Visa
Inc and MasterCard Inc often levy after cyber security incidents,
Reuters has reported.
… Reuters noted
that a similar hacking in the mid-2000s at retailer TJX Companies
resulted in penalties of $880,000 (£536,000, €644,000) for Fifth
Third Bancorp of Ohio, which processed transactions for TJX.
Any electronic purchase
from a store like Target involves several companies. They include
the banks that issue credit or debit cards, the "merchant
acquirer" who handles the payment for the store when the card is
swiped and companies such as Visa and MasterCard who operate the
networks through which payment request and confirmation are sent.
(Related) Target must
calculate that with 110,000,000 records compromised, they might as
well offer monitoring to all of their 110,000,002 customers. Great
PR target.
JPMorgan’s
Dimon: Target breach is a wake-up call
More Target-sized
security breaches will happen if banks and retail stores don’t
start working together to further protect customers’ data, JPMorgan
Chase’s CEO Jamie Dimon said Jan. 14.
JPMorgan
has replaced 2 million credit and debit cards as a result
of the Target breach, Dimon said. That number is expected to rise.
JPMorgan is the world’s largest issuer of credit cards.
… “Target has
taken the extraordinary step to offer free credit
monitoring to all of its customers, not just those affected by the
breach. This is an opportunity Target customers may want
to take advantage of, depending on individual circumstances,”
Wasden said.
As I've been saying...
In case you missed it
earlier today, the Senate Judiciary Committee held a hearing on the
Report of the President’s Review Group on Intelligence and
Communications Technologies (the PRGICT
Report), where the Group members testified regarding their
proposed reforms and recommendations for U.S. national security
surveillance programs. If you were unable to catch the hearing
today, a full
video is available on C-SPAN (unfortunately, an embeddable
version is not yet available, but we’ll update this post
accordingly once one is up).
… In the C-SPAN video at around the 20:50 mark, Senator Leahy
asks Morell whether Americans should be concerned about Section 215,
given that only metadata is collected under the program. Here was
Morell’s response:
“I’ll
say one of the things that I learned in this process, that I came to
realize in this process, Mr. Chairman, is that there is quite a bit
of content in metadata. When you have the records of phone calls
that a particular individual made, you can learn an awful lot about
that person. And that’s one of the things that struck me. There
is not, in my mind, a sharp distinction between metadata and content.
It’s more of a continuum.”
I would never for a
second believe that France was not already doing this. Are they now
worried about appearances?
Winston Maxwell writes:
France’s
December
18, 2013 law on military spending contains two provisions that
facilitate the collection of data by the French military and
intelligence services. The first provision relates to the collection
of passenger name records (PNRs). Under the new law, airlines are
required to send PNRs to authorities in accordance with a yet to be
adopted government decree. The data may be held for up to five years
and may not contain sensitive data (i.e., data relating to the
passenger’s racial or ethnic origin, religious or philosophical
beliefs, political opinions, trade union membership, health, or
sexual orientation. The French data protection authority, the CNIL,
was consulted in connection with these new PNR provisions).
The
second and more controversial government data collection provision is
article 20 of the December 18 law that permits French
intelligence and security agencies to collect metadata from telecom
operators and hosting providers, including in real time.
Read more on Hogan
Lovells Chronicle
of Data Protection.
Might be an interesting
seminar topic again, if the rules have changed.
Erica Gann Kitaev
writes:
One
hot area of data privacy litigation over the past several years has
been data breach class actions brought under the California
Confidentiality of Medical Information Act (“CMIA”),[1]
which provides that a person may recover $1,000 “nominal”
damages against a healthcare provider who has negligently “released”
the person’s medical information. Until recently, no California
appellate court had directly analyzed what constitutes a “release”
of medical information under the CMIA. The court in The
University of California v. Superior Court (Platter)[2]
addressed this question for the first time in 2013 and held that the
mere loss of possession of computer equipment containing medical
information was not sufficient to constitute a release of the
information itself.
Read more about notable
cases of 2013 and their implications on Data
Privacy Monitor.
Looks like a job for
Ethical Hacker Man!
Thanks for watching
that YouTube video! That will be 50 cents, please.
Sound unrealistic? It's
actually a distinct possibility, after a Federal appeals court on
Tuesday struck down an FCC ruling meant to prevent an Internet
service provider -- the company you pay for online access -- from
prioritizing some website traffic over others.
And because that rule
was wiped off the books, those ISPs are suddenly able to do just
that. With service providers suddenly able to charge
based on the type of content you watch or the sites you visit,
it's easy to imagine a system like that of today's cable television
market. Want HBO? It's an extra $5. Want our streaming video
package, with YouTube, Hulu, TV.com, and more? That's $5 too.
Don't pay and you can't
watch. Period.
… “A broadband
provider like Comcast might limit its end-user subscribers’ ability
to access The New York Times website if it wanted to spike
traffic to its own news website,” the
ruling notes.
“We don't need no
stinking jurisdiction/authorization/budget/management!” After all,
we're all chasing the same people, right?
Jennifer Lynch writes:
Customs
& Border Protection recently “discovered” additional daily
flight logs that show the agency has flown its drones on behalf of
local, state and federal law enforcement agencies on 200 more
occasions more than previously released records indicated.
Last
July we reported, based on daily flight log records CBP made
available to us in response to our Freedom
of Information Act lawsuit, that CBP
logged an eight-fold increase in the drone surveillance it
conducts for other agencies. These agencies included a diverse group
of local, state, and federal law enforcement—ranging from the FBI,
ICE, the US Marshals, and the Coast Guard to the Minnesota
Bureau of Criminal Investigation, the North Dakota Bureau of
Criminal Investigation, the North Dakota Army National Guard, and the
Texas Department of Public Safety.
Read more on EFF.
Department of
Horrendous Spending? A 30% increase so far.
Rising
Costs and Delays in Construction of New DHS Headquarters
by Sabrina
I. Pacifici on January 14, 2014
Reality
Check Needed: Rising Costs and Delays in Construction of New DHS
Headquarters at St. Elizabeths. U.S. House of Representatives
Committee on Homeland Security, January 2014, Prepared by Majority
Staff of the Committee on Homeland Security.
“Rep. Jeff Duncan
(R-SC), Chairman of the Subcommittee on Oversight and Management
Efficiency, released a…report examines the Department of Homeland
Security’s (DHS) planning process for its new headquarters and
details how taxpayer dollars have been spent on the project to date.
Originally founded in 1852 as a government-run hospital for the
mentally ill, St. Elizabeths is a national historic landmark. In
2006, the hospital was chosen as the future site of a consolidated
headquarters complex for DHS, in an effort to build cohesiveness
among Department components. The project has
received $1.3 billion in funding to date and only the U.S.
Coast Guard headquarters complex has been completed. The 26-page
report reviews the potential areas of cost growth, selection and
planning issues, and the effects of green initiatives and the site’s
historic status on construction costs, among other concerns.
Specifically, the report found that it remains unclear how active DHS
officials were in choosing the site of their future headquarters.
Furthermore, DHS has pushed final completion to
fiscal year 2026, 10 years beyond the original schedule, and delays
in construction have increased costs by 30% – about $1 billion.
The report questions why DHS has not conducted a major reassessment
nor considered a new approach to headquarters consolidation…”
The expanded use of technology has changed the paradigm of the
workspace requirements by allowing a greater emphasis on working from
home as a way to reduce square footage requirements. This allows for
more shared work spaces… With statements made by senior
leadership, the morale concerns, the $1 billion cost increase, and
slippage of the completion date to FY 2026, the Committee questions
why there has not been a major reassessment of the headquarters
consolidation project now with a ten year extension to the project’s
deadline and why DHS has not considered a new approach to
headquarters consolidation.”
[From
the report:
When it was originally
proposed and approved, the St. Elizabeths project had a price tag of
$3.45 billion; however, in the Department’s most recent update on
the project, DHS and GSA submitted cost projections of $4.5 billion
with a completion date of 2026.
Tools for techies?
4
Best Tools For Creating Screenshots Compared
No comments:
Post a Comment