Dunkin’ Donuts Sued By NY Because Rewards Program Hacked.

Dunkin’ Donuts – recently rebranded as just Dunkin’ (although they still sell donuts) – has been sued by the state of New York. According to the official complaint, Dunkin’ was hacked as early as 2015 and, instead of doing what was necessary and legal, the company decided to engage in fraud and deception. Last year, […] read more

CEOs of Tech Companies Unironically Ask Congress for Federal Data Privacy Law.

Many media outlets are reporting that the CEOs of fifty-one “tech companies” have urged the US Congress to pass a federal data privacy law. The letter itself, from the Business Roundtable, an association which includes these fifty-one companies and others, notes that: There is now widespread agreement among companies across all sectors of the economy, […] read more

Georgia Supreme Court To Decide Precedent-Setting Data Breach Case.

According to ajc.com, lawyers argued last week, in front of Georgia’s Supreme Court justices, whether the threat of future harm to data breach victims is enough to receive compensation or if actual financial losses are necessary. This is a far cry from years past, when courts used to toss out data breach lawsuits for lack […] read more

Moody’s Downgrades Equifax “Because Of Data Breach”.

Equifax had a data breach, a preventable one (or so they say *), in 2017. It was the biggest in US (and world) history, a dubious honor that could potentially be retained for a good long while. The consequences of said breach? Until last week, the answer would have been “pretty much nil.” (* As […] read more

Canada NWT Laptop Not Encrypted Because It’s “Very Difficult To Encrypt”.

Approximately two weeks ago, Canada’s cbc.com reported on the theft of a government laptop with promises of more articles on the same in the weeks to come. Earlier this week, the last article was posted. The story is a doozy. To summarize, an employee with the Department of Health and Social Services (Northwest Territories, Canada) […] read more

Anthem, Yahoo To Shell Out Additional Money Over Data Breaches.

This week saw additional headaches for two US companies involved in major data breaches (we’re talking top ten in US history to date). Yahoo, now a part of Verizon, has agreed to settle a lawsuit for $50 million. In addition, Anthem, Inc. – the Indiana-based BlueCross BlueShield insurance company – has agreed to settle HIPAA […] read more

Most of the Used Memory Cards Bought Online Are Not Properly Wiped.

According to tests carried out by researchers at the University of Hertfordshire (UK), nearly two-thirds of memory cards bought used from eBay, offline auctions, and second-hand shops were improperly wiped. That is, the researchers were able to access images or footage that were once saved to these electronic storage units… even if they were deleted. […] read more

Australia’s Notifiable Data Breaches Law Nets 31 Reports In 3 Weeks.

A new Australian law appears to be succeeding in finally unveiling the current state of data breaches in the Land Down Under. According to a release by the country’s information commissioner’s office (the OAIC), thirty-one data breaches were reported to the government since the law took effect on February 22, 2018.   Notifiable Data Breach […] read more

Fresno State Hard Drive Stolen, 15000 Affected.

At least 15,000 California State University, Fresno “student athletes, sports-camp attendees, and Athletic Corporation employees” were affected by a data breach earlier in the year, according to kmph.com and other news sites. A hard drive, 18 laptops, and other items were reported missing on January 12 from the university’s North Gym building. On the face […] read more

HIPAA Security Trickle-down? Notifications State Sensitive Information Not Contained In Stolen Devices.

According to databreaches.net, two medical entities recently alerted patients of a data breach: Eastern Maine Medical Center (EMMC) and Nevro Corporation. In the case of EMMC, an external hard drive went missing. For Nevro, a number of laptops were stolen during a break-in. Information contained in these devices was not protected with data encryption in […] read more