Litigation and legal developments concerning data breaches.
BOSTON – A Russian businessman was sentenced today in federal court in Boston for his involvement in an elaborate hack-to-trade scheme that netted approximately $93 million through securities trades based on confidential corporate information stolen from U.S. computer networks. Vladislav Klyushin, a/k/a “Vladislav Kliushin,” 42, of Moscow, Russia, was sentenced by U.S. District Court Judge […]
In September 2021, Jackson County Schneck Memorial Hospital (Schneck Medical Center) in Indiana disclosed that they had been a victim of a cyberattack. Their first statement is no longer available on their website but was archived by a news site. That statement did not disclose that personal and protected health information had been accessed and […]
Given the increasing number of data privacy laws in the U.S., entering into appropriate data processing agreements (“DPAs”) with vendors has now become a critical component of vendor management. It can also be one of the most time-consuming and complex aspects of data privacy compliance. This article discusses when an organization should enter into a […]
The Federal Trade Commission finalized an order with 1Health.io that settles charges that the genetic testing firm left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying consumers and obtaining their consent. In a complaint first announced in June 2023, the […]
U.S. officials said Tuesday that the FBI and its European partners infiltrated and seized control of a major global malware network used for more than 15 years to commit a gamut of online crimes including crippling ransomware attacks. They then remotely removed the malicious software agent — known as Qakbot — from thousands of infected […]
Texas recently enacted an amendment to its data breach notification law. As of September 1, 2023, there are two changes to the requirements when notifying the Texas Attorney General. In Texas, breaches of 250 residents or more must be reported to the Attorney General. Now, as amended, this will need to be done so as soon as […]
The Los Angeles Times reports that legislation being considered in California would make it easier for consumers to get every data broker to delete their personal information with just one request. Tech companies and other big businesses are fighting the bill. The bill, known as the Delete Act, faces a critical vote this Friday as […]
The Florida county’s State Attorney’s office declined to formally investigate former Schools Superintendent Robert Runcie and two other former administrators for attempting to hide a massive March 2021 ransomware attack from the public. Broward County, Fla., prosecutors have declined to launch a formal investigation into former Schools Superintendent Robert Runcie and two other former administrators’ […]
Stephen Mathias from Kochhar & Co. reports that in early August 2023, the Indian Parliament passed the Digital Personal Data Protection Act (the “Act”), bringing to a close a 5-year process to enact an omnibus data privacy law in India. The Act was ratified by the President of India and will come into effect once notified […]
Should senior IT professionals be liable for breaches?
In July, SolarWinds CISO Tim Brown and CFO Bart Kalsu received Securities and Exchange Commission notices of potential enforcement action over alleged violation of securities laws. The issue stems from their response to the Russian hack of the Orion network monitoring software in 2020 — a product used by more than 30,000 organisations. This isn’t the first […]