Lessons From a Presidential Campaign Data Breach

It was perhaps the first major allegation of a cyber breach in a presidential campaign when the Democratic National Committee (DNC) claimed that staff members from the campaign of Bernie Sanders accessed unauthorized information from a voter database maintained by DNC. The DNC leases this database to various campaigns and the campaigns supplement it with their own information. However, campaigns are blocked via firewalls from viewing information supplied by rival campaigns. In this case, members of the Sanders campaign are alleged to have accessed information…
Continue reading...

On the Rise: Cyber Breach Actions Take Center Stage

Yet another class action lawsuit has been filed following a cyber attack, this time against Excellus Health Plan Inc. and Lifetime Healthcare Inc. in federal court for the Western District of New York. The lawsuit was brought by self-proclaimed “New York City’s largest personal injury and mass-tort plaintiffs’ law firm” and the former employer of New York’s disgraced Assembly Speaker Sheldon Silver, who reportedly collected about $4 million in bribes and kickbacks during his employment, Weitz & Luxenberg P.C., as co-counsel with Faraci Lange LLP.…
Continue reading...

Not If, But When: Another Health Insurer Hacked

This post first appeared on Goldberg Segalla’s Insurance & Reinsurance Report blog. In mid-September, it was reported that hackers hit another set of health insurance companies. In this case, the hackers hit The Lifetime Healthcare Companies and its affiliates including Excellus BlueCross BlueShield, Univera Healthcare, and The MedAmerica Companies. A full list of plans affected can be found on the press release outlining the details of the attack. Hackers took information on approximately 10 millions customers including seven million from Excellus and three million from…
Continue reading...

Data Breach “Sky Is Falling”

Much like Chicken Little, data breach vendors and pundits continue to decry that the data breach sky is falling!  But is it?  A group of researchers set out to answer this very question. “Neither size nor frequency of data breaches has increased over the past decade,” concludes a new statistical analysis by Benjamin Edwards, Steven Hofmeyr and Stephanie Forrest presented during the June 2015 Workshop on the Economics of Information Security in the Netherlands. Instead, the three argue, the increases that have attracted recent media…
Continue reading...

PwC Issues 2015 Cybercrime Survey Results

“It’s been a watershed year for cybercrime,” explains PricewaterhouseCoopers LLC in its 2015 report analyzing data from 500 executives across US businesses, law enforcement and government agencies.  The survey and report, co-sponsored by PwC, CSO, Carnagie Mellon University and the United States Secret Service, provides a comprehensive analysis of trends in cybercrime and cyberthreats, as well as security spending and overall manage of these growing business risks. This year, a record 79 percent of respondents detected a security incident during the past 12 months, with…
Continue reading...

Millions Exposed in Multiple Heath Data Breaches

This summer, millions of medical patients have learned that their personal information, including names, addresses, birthdates, Social Security numbers, Medicare or health plan ID numbers, and some medical information (conditions, medications, procedures and test results) may have been exposed as a result of two separate security breaches. California’s UCLA Health announced on July 21, 2015 that their information system has been attacked, possibly beginning in November 2014, and that the unencrypted medical information of over 4.5 million patients may have been accessed.  This latest breach…
Continue reading...

New Federal Cybersecurity Legislation and Regulations Proposed in Washington DC

This week, new legislation and regulations have been proposed to address cybersecurity concerns in new automobiles and the nation’s Bulk Electric System. On Tuesday, Senators Edward J. Markey (MA) and Richard Blumenthal (CT) introduced new legislation to address the hacking risks associated with “connected vehicles.”  The Security and Privacy in Your Car Act of 2015 would mandate that sensitive software systems be isolated and additional safeguards be added “to protect consumers from security and privacy threats to their motor vehicles”.  The legislation followed a 2014…
Continue reading...

Sony Class Action Moves Forward

Because Sony’s former employees “face ongoing future vulnerability to identity theft” they can proceed with their class action, a California District Court ruled on Monday.  The case, Corona v. Sony Pictures Entm’t, Inc., is linked to the North Korean hackers who tried to stop Sony from releasing the movie The Interview.  It was filed less than a month after Sony became aware of the attack. Relying on the Ninth Circuit’s decision in Krottner v. Starbucks, the court held that the plaintiffs have…
Continue reading...

Federal Cybersecurity Problems “Decades in the Making”

Yesterday, the House Oversight Committee received testimony from federal officials regarding the April 2015 cyberattack on the Office of Personnel Management (OPM), which compromised the personal information of approximately 4 million government employees and retirees, including social security numbers.  The executive branch delayed reporting the incident until June 4, much to the dismay of the House Committee. OPM head Catherine Archuleta was under fire for what Committee Chairman Jason Chaffetz, R-Utah, called the “most devastating” cyberattack in United States’ history.  Ms. Archuleta attempted to avoid…
Continue reading...

“Anatomy of a Data Breach”

Blog contributor James M. Paulino II recently co-authored an article in DRI’s For the Defense. The article, “Anatomy of a Data Breach,” takes a look at fundamental concepts on both the technical and legal sides of the issue of cybersecurity to help companies and their counsel face the growing threat of data breaches head-on. “As the stage is set for the first major debate over federal legislation, two basic issues emerge for attorneys and clients alike. First and foremost, what exactly is a data…
Continue reading...