Compiled by: Richard Sheinis, Esq.

Uber Agrees to 20 Years of Privacy Audits After FTC Says it ‘Failed Consumers’
CNBC

Uber has settled with federal regulators that accused the start-up of “deceptive privacy and data security claims.” More than 100,000 names and …

86 Percent WhatsApp Users Exposed to Fraud, Hacking: Study
Deccan Chronicle

86 per cent WhatsApp users exposed to fraud, hacking: Study … Brigham Young University computer science PhD student who led the study.

Feds Charge Ex-Denali CTO Michael Leeper With Computer Fraud In Columbia Sportswear …
CRN

The U.S. Attorney’s office has charged ex-Denali CTO Michael Leeper (pictured) with one count of computer fraud, claiming that Leeper remotely and …

Anthem Breach Lesson: Why Granular Access Control Matters
BankInfoSecurity.com

… absolutely prevent a breach in any sort of operational business because you have to be sharing data – and people have to be working with that data …

Data Breach May Have Compromised Card Info for People Who Stayed at Denver, Winter Park Hotels
The Denver Channel

DENVER – If you stayed at the Magnolia Hotel in Denver or the Winter Park Mountain Lodge between August 2016 and March 2017, there’s a chance …

Beware Misconfiguration Errors: Little Slip-ups Can Have Huge Consequences
Healthcare IT News

In cybersecurity, that might not be the lack of the latest security technologies that cause a data breach but, instead, a simple misconfiguration in a …

TalkTalk Fined £100,000 for Wipro-Related Data Breach
European Communications (press release)

The UK’s Information Commissioner’s Office has slapped TalkTalk with a £100,000 fine for breaching the Data Protection Act. The fine relates to 2014, …

Letters Sent to Residents Affected by WARCOG Breach
Richland Source

WOOSTER – More than 100,000 people in Wayne and Ashland counties who were directly affected by the data breach of the Wooster-Ashland …

Israeli Firm Beats off New Generation of Cyberattacks
The Times of Israel

Hackers surreptitiously send RATs with remote access rights already … installing ransomware, in which hackers threaten to shut down computer or …

Researchers Hack a Computer Using DNA
Techworm

With each passing day, hackers are using innovative ways to breach cyber security systems. One such inventive method of hacking a computer is via …

Data Breach at Philly-area Ob/Gyn Practice Among this Year’s Largest Nationally
Philly.com

The personal data breach affecting 300,000 patients disclosed last month by Women’s Health Care Group of PA LLC was the third-largest reported …

New Jersey to Receive $5.5M in Nationwide Insurance Data Breach Settlement
Hackensack Daily Voice

New Jersey is among the 32 states including the District of Columbia that have entered into a settlement with Nationwide Mutual Insurance Company …

Featured on Hospitality Upgrade Magazine’s Tech Talk.
Written by: Sam Crochet, Esq.

In my June column, we discussed why the General Data Protection Regulation (GDPR) matters to the hospitality industry and the technical/organizational steps members should take to comply with the regulation. Practically speaking, any U.S. company desirous of European customers must comply with the GDPR as of May 25, 2018, or risk facing penalties as high as 4 percent of global revenue.

In this segment, we move on to two key requirements of the GDPR that supervisory authorities will be monitoring (and enforcing) closely: consent and breach notification.

1. Changes to How Hospitality Members Must Obtain “Consent” to Collect Data

The GDPR requires companies to give European consumers the chance to “opt in” to data collection by a statement or clear affirmative action. Presentation of the “opt in” request must be clear and concise. This is a stark shift from the former EU regime and the opposite of many U.S. state/federal laws. The rule requires major overhaul in written policies and customer forms (both digital and paper). For example, a hotel’s online booking page displaying pre-ticked boxes for consenting to the collection of names, email addresses, and telephone numbers will no longer suffice. Likewise, a hotel’s collection of personal information based on consumer inactivity or silence in the face of a privacy notice does not trigger consent. Instead, the consumer must be given the chance to express affirmative action at either ticking an empty box or providing some other explicit consent such as submitting a signature. Further, for those companies hoping to gain opt-in consent through electronic signatures that succeed boiler plate language, the GDPR requires organizations provide consent requests that are closely linked to the processing activity through clear affirmative action regarding that specific collection practice. Similarly, when data processing has multiple purposes, consent must be obtained for each purpose (i.e. marketing versus customer service).

Additionally, the GDPR gives consumers the right to withdraw consent at any time. Companies must notify consumers of this right before obtaining consent and, once consent is withdrawn, consumers can request their personal information be erased.

2. Changes to the Data Breach Notification Rules for Many Hospitality Members

Perhaps no section of the GDPR reflects increased consumer protectionism as much as the new data breach notification rules. Hospitality members under the GDPR will face far greater exposure to costly breach reporting requirements for EU citizens’ data than with U.S. consumers since there is more “personal data” under the GDPR. “Personal data” is any information relating to an identifiable natural person. This could feasibly be everything from names, telephone numbers, email addresses and photographs to IP addresses, online cookies, and mobile device IDs. Less restrictive U.S. state/federal laws often require “personal data” to include a full name and a social security, driver’s license, or financial account number. Given this increased exposure under the GDPR, hospitality members should immediately analyze the scope of the information they collect to determine how vulnerable they are to the GDPR’s definition of “personal data.” Depending on what data is being collected, companies will need to immediately reform their policies pertaining to breach response and subsequent notifications. On a side note, it is highly advisable to practice “pseudonymization” as data is only “personal” under the GDPR if it can be linked to an identifiable person. By de-humanizing information, a company can often avoid the obligations of the GDPR, costly breach reporting requirements, and the public relation storms that often follow a data breach.

In the event of a data breach involving EU residents’ data, U.S. companies will have to report the event to certain European Supervisory Authorities within 72 hours of obtaining notice of the breach. This is more precise than many state laws, which generally include a “reasonable time period” or “without undue delay” standard. Further, whereas notification to the European Supervisory Authorities turns on whether there is a general “risk” to the consumer, the obligation to provide notification to consumers themselves turns on whether there is “high risk” to the consumer. Thus, when reviewing or developing a breach response procedure, hospitality members under the GDPR need to factor whether a breach’s risk to a consumer meets this high standard, at which point it would have to provide immediate consumer notice. This ambiguity could trouble hospitality members struggling to respond in the hours and/or days following a breach. The GDPR does offer some clarity, indicating “high risk” may incorporate severe vulnerabilities such as threat of identity theft, financial loss, fraud, discrimination, and/or damage to reputation.

GDPR auditors will not smile kindly on U.S. companies seeking loopholes in the law. The highest potential fines will be reserved for companies violating the most basic principles for processing, such as consent or breach notification.

Hospitality members can reduce exposure under the GDPR by performing a full risk assessment starting with the scope and legal significance of their data collection practices. (1) Revising internal policies/procedures to accommodate the GDPR’s consent and notification requirements and (2) tailoring breach response protocol to the timing and risk/high risk test will go a long way toward avoiding a violation and, most importantly, will document the compliance steps members have taken in the event of an EU audit.

Compiled by: Richard Sheinis, Esq.

Hackers Demand Ransom for Stolen HBO Data
RollingStone.com

Hackers Demand Ransom for Stolen HBO Data … On Monday, the hackers behind HBO’s recent data breach demanded ransom to prevent the …

Cyber Criminals’ Next Deadly Target: Grandpa’s Pacemaker
Sacramento Bee

The May 12 WannaCry ransomware attack – which locked down some 150,000 computers around the world – had a calamitous impact on Britain’s …

Siemens to Update Medical Scanner Software to Deal With Security Bugs
U.S. News & World Report

“It’s pretty serious,” UK-based independent computer security analyst … He said hospitals in general were badly protected against hacking, partly …

Study: Computers Analyzing Instagram Posts Can Find Signs of Depression
NBC4 Washington

Roughly 43 percent of their initial participants refused to share their Instagram data out of privacy concerns. Reece and Danforth did not immediately …

VPN Provider Accused of Sharing Customer Traffic With Online Advertisers
BleepingComputer

On Monday, the Center for Democracy & Technology (CDT) – a US-based privacy group – has filed a complaint with the US Federal Trade …

Man Who Hacked his Former Employer Gets 18-Month Prison Sentence
Dark Reading

Jason Needham, 45, was sentenced for breaching the computer networks and email of his former employer, Allen & Hoshall. Needham, a co-owner of …

Disney Sued, Accused of Violating Child Data Privacy Laws
SC Magazine

Disney was hit with a class action lawsuit for allegedly violating the Child Online Privacy Protection Act (COPPA) laws by capturing children’s data and …

Facebook May Have to Delete Your Embarrassing Posts
CNNMoney

The government said its goal was to give people more control over their own data. It would require companies to receive “explicit” consent from users …

Australian Red Cross Data Breach Caused by Third-Party Error
SC Magazine

An error by a third-party vendor’s employee led to the massive data breach that hit the Australian Red Cross last year. The investigation into the breach …

UCLA System Hacked In Cyber Attack
CBS Los Angeles

LOS ANGELES (CBSLA.com) – UCLA officials are notifying about 32,000 people this week about a cyberattack on a university computer server …

Cyber Expert Who Stopped ‘WannaCry’ Attack Arrested in US on Hacking Charges
New York Daily News

A screenshot shows a WannaCry ransomware demand, provided by cyber security firm Symantec, in Mountain View, California, U.S. May 15, 2017.

Federal Appeals Court Overturns CareFirst Data Breach Ruling
HealthITSecurity.com

August 08, 2017 – A Federal appeals court reversed a previous ruling over the CareFirst data breach that took place in 2015 and impacted 1.1 million

Compiled by: Richard Sheinis, Esq.

Hackers Threaten ‘Game of Thrones,’ as HBO Confirms Cyberattack
New York Times

HBO confirmed on Monday that the network had been the target of a cyberattack, as an anonymous hacker boasted about leaking full episodes of …

Court Says Health Insurance Company Can Be Sued for Data Breach
The Hill

The nation’s second-most powerful court ruled Tuesday that a health insurance company’s customers can sue the provider for a 2014 cyberattack in …

Ransomware Attacks Steal Headlines, but Accidental Data Breaches Remain a Major Cause of Loss
Nasdaq

New York, Aug. 01, 2017 (GLOBE NEWSWIRE) — Beazley, a pioneer in cyber and data breach response insurance, today released its Beazley Breach …

Hackers Claim ‘Breach’ of Cyber Firm FireEye
The Hill

Unknown hackers have dumped information online, purportedly coming from a breach of Mandiant, a subsidiary of cybersecurity firm FireEye. In a post …

Google’s New Shopper-Tracking Program Sparks a Federal Privacy Complaint
Los Angeles Times

A prominent privacy rights watchdog is asking the Federal Trade … to protect the data – a method that should be audited by outsiders and may be …

Ex-fraudster Arrested in Seattle for Hacking Media Sites that Posted Stories on his Canadian Crimes
National Post

The FBI in Seattle arrested Rakhshan on Friday in a bizarre computer-hacking case, accusing him of extortion and other offences involving a U.S. …

You’ve Split from Your Fitness Tracker. Can You Get Your Data Back?
USA TODAY

What happens to all that data you’ve put so much sweat into? … According to Jawbone’s privacy policy (jawbone.com/privacy), your data is broken …

Galt House Hotel: Data Breach Could Affect Guests
The Courier-Journal

LOUISVILLE, Ky. – A four-star Kentucky hotel has discovered a data breach threatening guests’ credit card information. News outlets report The Galt …

Plastic Surgery Associates Announces Data Breach
Rapid City Journal

SIOUX FALLS | Plastic Surgery Associates of South Dakota has announced a data breach that might have left some patient records open to hackers.

Healthcare Clinic Suffers Ransomware Attack; 300K Patients Impacted
Hack Read

This without a doubt is the second largest health data breach caused by a ransomware attack. An Oaks, Philadelphia based women’s healthcare clinic …

Parkbytext Investigating Potential Customer Data Breach
Irish Times

Mobile parking operator company Parkbytext are investigating a potential data breach with customer’s data. Motorists use the parkbytext to pay for …

Virgin America Data Breach Hits Employees and Contractors
SC Magazine

An unauthorized third party managed to gained access to certain Virgin America information systems containing employee and contractor data

Anthem Reports Data Breach Impacting 18,500 Members
FierceHealthcare

Anthem has reported a data breach impacting more than 18,500 members after a business associate discovered a rogue employee improperly …

UniCredit Data Breach Hits 400,000 Customers
Asset Finance International (press release) (blog)

UniCredit, Italy’s largest bank, has announced it has been the victim of a data security breach due to unauthorized access, through an Italian …

Customer Information Released in WestJet Data Breach
Calgary Sun

The company says it has notified the Information and Privacy Commissioner of Alberta and the federal Privacy Commissioner about the disclosure of …

Compiled by: Richard Sheinis, Esq.

Swedish Government Scrambles to Contain Damage From Data Breach
New York Times

STOCKHOLM – Sweden’s government is scrambling to contain the political fallout from a huge breach of confidential data, including the possible …

Apple Issues Cyber Warning for iPhone Users, Issues Security Patch
Fox Business

The latest cyber threat is also a risk to Android device users, but Google has taken steps as well to block the virus. “The vulnerability also has the …

Iran-Linked Cyber Spies Use Simple Yet Effective Hacks: Report
Reuters

TEL AVIV (Reuters) – A cyber spying group with links to Iran and active for the past four years is targeting countries including Israel, Saudi Arabia, …

Arrested Russian’s Wife Denies US Charge He Is Global Hacking Mastermind
New York Times

His case provides a rare insight into U.S. efforts to track down and prosecute international cyber criminals. It comes at a time when Russian hackers …

Hackers are Targeting Hotel Wi-Fi with Particularly Evil Malware
BGR

Just because your hotel offers complimentary Wi-Fi, it doesn’t mean you have to take it. Hackers may be lurking, looking to compromise your computer, …

TNT Parcels ‘Backed Up to Ceiling’ in Wake of Massive Cyberattack
The Guardian

Parcels are backing up at TNT depots in their thousands after the company admitted it is still struggling to deal with the aftermath of June’s cyber-attack …

Data Breach Reported at Atlantis, Paradise Island Resort
ConsumerAffairs

Data breach reported at Atlantis, Paradise Island resort … “The Resort has confirmed that malware may have captured data from some credit and debit …

Millions of Social Security Numbers Accessed in Kansas Agency Data Breach
Digital Trends

If you entered your data into a job search service for any of these 10 affected states, then you’ll want to check to see if your social security number was …

Thailand Seizes $21 Million in Assets from Dead Founder of Dark Net Marketplace AlphaBay
Reuters

… he was the administrator of AlphaBay, an online site devoted to the sale of illicit goods, ranging from computer hacking tools to drugs and weapons.

Israeli Party Victim to Pro-Palestinian Cyber Attack
The Jerusalem Post

The Meretz party website was hacked late Saturday night by a pro-Palestinian cyber hacker under the alias Th3Falcom, with the message “Alquds …

Compiled by: Richard Sheinis, Esq.

Cyber Attack Could do as Much Damage as Superstorm Sandy
New York Post

A major, global cyber attack could trigger an average of $53 billion of economic losses, a figure on par with a catastrophic natural disaster such as …

22,000 People Agree to Clean Toilets for WiFi Because They Didn’t Read the Terms
Gizmodo

… and a marketing stunt to announce that Purple is the first WiFi provider to be compliant under the new General Data Protection Regulation (GDPR).

FedEx Says Cyberattack to Hurt its 2018 Results
CNBC

Package delivery company FedEx said its 2018 results would be hurt in part due to disruption of operations at its TNT Express unit as a result of a …

India’s Religare Says It Suffers Cyber Attack
New York Times

MUMBAI – Several units of India’s Religare financial services group suffered a cyber attack, but its systems, operations and sensitive client …

UAE Denies Washington Post Report it Orchestrated Qatar Hack
CNN

UAE had no role whatsoever in the alleged hacking described in the article,” Al … shameful act of cyber terrorism is being attributed to a fellow member of the … US investigators in June told CNN that they believed Russian hackers …

Nearly 150,000 Attempts to Hack SC Voter Registration System on Election Day: Report
The Hill

The publication said most of the hacking attempts in South Carolina likely came from automated computer bots. The report comes as the federal probe …

Huge Data Breach at Health Insurance Company Bupa Could Affect 20,000 Australian Customers
Daily Mail

A data breach at international health insurance company Bupa has compromised the personal details of almost 20,000 Australian customers.

Trump Hotels Hit with Data Breach
Payment Week

Fully 14 different hotels were involved in the breach, and this is the third time that Trump International Hotels have had a data breach happen since …

Verizon Leak a Reminder to Businesses: Safeguard Your Cloud Data
USA TODAY

“Complexity is the enemy of security.” His take: data leaks are going to keep happening until cloud storage systems become more automated and …

Ashley Madison Reaches US$11.2M Deal in American Lawsuits Over Data Security
CTV News

The Toronto-based parent company of the infidelity dating site Ashley Madison says it has reached a US$11.2-million settlement in American …

Featured on Hospitality Upgrade Magazine’s Tech Talk.
Written by: Sam Crochet, Esq.

US companies collect, analyze, and leverage consumer data to optimize efficiency, advertise and, hopefully, increase profits. However, with the rise of data breach incidents, varying laws and consumer demand pressure companies to secure networks, scrutinize vendor usage—such as security of one cloud processor versus another, and be transparent with “collection practices.” Privacy officers and in-house counsels may already understand US data privacy is controlled by a patchwork of state and industry-specific federal laws. However, companies across the hospitality community are (or should be) racing against the clock to satisfy increased requirements of the EU’s General Data Protection Regulation (GDPR), which becomes effective May 25, 2018. The GDPR will replace the current Data Protection Directive, which was well-intentioned, but inadequate in light of growing technologies. There are notable changes and increased obligations within the GDPR to which US businesses must adhere or risk huge financial penalties. This if the first of several articles updating readers on why the GDPR matters and what steps members of the hospitality industry should take to comply with the regulation.

The European Union’s General Data Protection Regulation: What Steps Must Members of the Hospitality Industry Take?

1. Who does the GDPR affect?

The law is geographically expansive as it applies to the processing of EU residents’ personal data (name, ID number, reference to a physical, economic, or cultural identity of a person, etc.) regardless of the company/processor’s location. For instance, if a hotel markets its services to EU residents beyond merely having a website, than it will likely be controlled by the GDPR1)GDPR Article 3.. Practically speaking, any organization desirous of European customers—regardless of whether the organization has a European-based office—must comply with the GDPR2)“A Primer on the GDPR: What You Need to Know.” Bowman, Courtney, December 23, 2015.

2. What are the consequences if a company does not comply with the GDP

US companies controlling or processing data of EU residents face increased penalties for violating the new regulation. Fines can reach 4 percent of annual global revenue, or 20 million Euros per violation3)GDPR Article 83(5). It should be noted consumers have a right to judicial remedy against companies and processors under the GDPR.. The regulation also grants European Supervisory Authorities the power to ban a company’s data collection practices altogether4)GDPR Article 58.. Obviously, US companies cannot afford to mishandle security of EU residents’ data. Below, I list some of the GDPR issues/requirements most applicable to the hospitality industry:

  • Stricter Technical and Organizational Security Measures
  • New Data Subject Consent Rules
  • More Demanding Breach Notification Rules; and
  • Vendor Scrutiny and Use of Business Associate Contracts

Stricter Technical and Organizational Security Measures

Unlike some state/federal laws and the current European Data Protection Directive, the GDPR increases the safeguards a company must take to protect customer information against unauthorized access, accidental loss or alteration. The regulation mandates companies implement appropriate technical and organizational measures. “Appropriate” actions include, but are not limited to:

(1) “Encryption” or “Pseudonymization” of personal data—The regulation explicitly names encryption as a technique to avoid improper disclosure of customer information. Encryption software often comes at a higher cost and has its administrative obstacles. As a result, some businesses may instead benefit from “pseudonymization” of personal data. Hospitality members should know the GDPR does not apply to consumer information unrelated to identifiable persons and, further, expressly approves pseudonymization—the concept of removing personal “identifiers” from information to eliminate a link to one’s identity—which would remove data from the scope of the GDPR. Encryption and/or pseudonymization help organizations meet other GDPR requirements as well. For example, depending on the risk of harm, companies must notify European authorities and citizens following a data breach incident (the subject of another article). Since encryption/pseudonymization reduce the risk of harm to EU citizens, companies using these techniques stand a higher chance of avoiding costly reporting obligations.

(2) A contingency plan amidst a technical incident (such as a cyber attack or “ransomware” event)—Companies under the GDPR should have an emergency plan establishing how they will respond and operate during a data breach incident. For example, during a cyber attack on a hotel chain, the hotel should be prepared with a plan employees have practiced so appropriate personnel can (a) identify what data has been compromised, (b) trigger “back up” data for normal business operations, (c) work with the in-house IT team (and potentially an outside forensic specialist) to contain/eradicate an attack, (d) restore operating systems, and (e) examine alongside counsel the various legal obligations arising out of the event.

(3) Utilize regular tests to evaluate effectiveness of technical/organizational security measures—For example, an IT “penetration test” is a simulated attack on a computer network to identify security strengths and weaknesses. Such a tactic assists businesses to identify what software/issues need addressing to improve security. Also, administrative fire drills to test the aforementioned contingency plan will help businesses prepare for a data breach incident5)GDPR Article 32; GDPR Recital 49..

Keep in mind GDPR violations carry heavy penalties that could crush small businesses. Documenting steps you have taken to address the above issues may establish mitigating factors that could go a long way towards dramatically reducing penalties amidst a GDPR audit.

This article only broadly addresses the GDPR’s technical and organizational security requirement. Contact a privacy attorney to analyze the best approach for your organization and to understand the finer points of the GDPR’s technical/organizational requirements.

GDPR Article 3.
“A Primer on the GDPR: What You Need to Know.” Bowman, Courtney, December 23, 2015
GDPR Article 83(5). It should be noted consumers have a right to judicial remedy against companies and processors under the GDPR.
GDPR Article 58.
GDPR Article 32; GDPR Recital 49.

References   [ + ]

1. GDPR Article 3.
2. “A Primer on the GDPR: What You Need to Know.” Bowman, Courtney, December 23, 2015
3. GDPR Article 83(5). It should be noted consumers have a right to judicial remedy against companies and processors under the GDPR.
4. GDPR Article 58.
5. GDPR Article 32; GDPR Recital 49.

Compiled by: Richard Sheinis, Esq.

Hackers are Targeting Nuclear Facilities, Homeland Security Department and FBI Say
CNBC

Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations. Wolf Creek Nuclear Operating …

Man Pleads Guilty to Manipulating Lottery Winning Tickets via Hacked Computer
BleepingComputer

Eddie Tipton, 54, admitted to creating malware in the form of a DLL file, which he loaded on the secure computers of the Multi-State Lottery Association …

Illinois Legislature Considers First of Its Kind Geolocation Privacy Law
On the Wire (blog)

Illinois Legislature Considers First of Its Kind Geolocation Privacy Law … Ann Williams, would require private entities collecting geolocation data to first …

Data Breach Hits California Association of Realtors
SC Magazine

A subsidiary of the California Association of Realtors suffered a data breach that exposed user information for a two-month period earlier this year.

WSU Gets Costly Lesson in Theft of Hard Drive with More than 1 Million People’s Personal Data
The Seattle Times

The incident hasn’t exactly endeared WSU to individuals who received the letters about the breach of data. The letters referred to some of them as …

Avanti Markets’ Credit Card And Biometric Data Are Breached
Vending Times

TUKWILA, WA — The vending industry’s largest micromarket company last week suffered a security breach in which hackers managed to gain access …

WWE Reportedly Left 3 Million Fans’ Personal Information Unsecured on Third-Party Server
Washington Post

“It’s unfortunate by being a WWE fan, you’re now part of a data breach,” … While it was Bob Dyachenko of the security firm Kromtech who discovered …

Diseases Infect People-but Cyberattacks Infect X-Rays and MRIs Machines
Quartz

… and Drug Administration warned in January 2017 that implanted heart devices made by St. Jude Medical were vulnerable to computer hacking

11 Healthcare Privacy Incidents Reported in June
Becker’s Hospital Review

Privacy incidents at government departments, equipment suppliers and … Waverly (Iowa) Health Center shut down its computer systems for just over …

Dozens of Fresno Unified Employees Affected by Data Breach
KFSN-TV

Gilroy Police said there is no way to pinpoint where or when the FUSD data breach happened– but it appears the information is a couple of years old.

Texas Association of School Boards Data Breach Exposes Teachers’ Social Security Numbers
Government Technology

(TNS) — The Victoria school district was one of many districts affected by a data breach through the Texas Association of School Boards.

Compiled by: Richard Sheinis, Esq.

‘Petya’ Computer Virus Spreads All the Way Across the World, but is Gradually Slowing Down
The Independent

The computer virus that spread rapidly across the world is still making its ….. “And I think it underlines the whole need for debate over privacy versus …

Automobile Association Under Fire for Car-Crash Handling of Data Breach
The Register

Breakdown and car insurance outfit AA has been scolded for its handling of a data breach that spilled customer email addresses and partial credit …

FBI: More Than 200,000 Records Breached in Wooster Area
Cleveland 19 News

The FBI is warning of a government computer data breach that involves more than 200,000 records containing confidential personal information of …

Google Staffers Hit by Breach at Third-Party Booking Firm
Infosecurity Magazine

“The unauthorized party was able to access the name, contact information and payment card data associated with certain hotel reservations …

US, Israeli Experts Warn of Danger to Data Privacy in Digital Age
The Jerusalem Post

Strauss emphasized that “data breaches are not a matter of if, it’s a matter of when.” He urged companies to pre-designate who will assess breaches, …

Google DeepMind Health Trial Breached UK Privacy Law
Computerworld Australia

The UK’s information commissioner has ruled that a Google DeepMind trial that used NHS data ran afoul of the country’s privacy laws. Google was …

Facebook Tracking Lawsuit Dismissed by Judge
USA TODAY

… other Facebook users, the now 5½-year-old lawsuit characterized the tracking as “the single most pervasive and grave threat to data privacy today.”.

Family Firm in Ukraine Says It Was Not Responsible for Cyber Attack
Reuters

Sergei Linnik, general director of Ukrainian software development firm Intellect Service, and his daughter Olesya pose for a picture at the company’s …

Indiana Medicaid Patients Warned of Possible Data Breach
WRTV Indianapolis

If you’re a Medicaid member in Indiana, you could be receiving a letter about a possible data breach involving your personal information. According to …

Saint Thomas Health Data Breach from Misplaced Documents
HealthITSecurity.com

Recent potential health data breaches include an instance of misplaced documents, a ransomware attack, and an online error resulting in document …

Compiled by: Richard Sheinis, Esq.

New Cyberattack Spreads From Russia to Britain
New York Times

Computer systems from Russia to Britain were victims of an international cyberattack on Tuesday in a hack that bore similarities to a recent one that …

Anthem to Pay Record $115M to Settle Data Breach Suit
SC Magazine

Anthem to pay record $115M to settle data breach suit … to implement further security measures, such as enhancements to its data security system, …

Cyberattack Hits Entire Heritage Valley Health System, Shuts Down Computers
WTAE Pittsburgh

A cyberattack is affecting the Beaver and Sewickley hospitals and all other care facilities in the Heritage Valley Health System on Tuesday.

Howard County Government Website Hacked with Pro-Islamic State Message
Baltimore Sun

The Howard County government website was hacked Sunday with messages supporting the Islamic State, part of a larger attack on local government …

FTC Data Security Enforcement Standard Center in LabMD Case
HealthITSecurity.com

The case of medical testing company LabMD and the FTC continues, with the commission’s data security enforcement standard a key focus area.

Health Information of More Than 2k Aetna Members Available Online for Months
Becker’s Hospital Review

The payer said the privacy breach involved “two computer services that display documents to members.” Jim Routh, chief security officer for Aetna, …

Fired Employee Hacks and Shuts Down Smart Water Readers in Five US Cities
BleepingComputer

According to court documents obtained by Bleeping Computer, Flanagan worked between November 2007 and November 2013 for an unnamed …

FBI Believes a Collierville Man Hacked Computer to Steal Personal Information of Autistic Children
FOX13 Memphis

MEMPHIS, Tenn. – The FBI believe a Collierville man hacked into a computer system and tried to steal the personal information of autistic children, …

Virgin Media Hack Risk is a Wake-Up Call to Check Your Router
USA TODAY

Home routers, which link personal computers to the Internet and often store sensitive information, are riddled with security issues. The Which?

600+ Patients Affected in Illinois Health System Data Breach
Becker’s Hospital Review

Carbondale-based Southern Illinois Healthcare will notify more than 600 patients after a third-party vendor’s technical error led to a breach of …