Tag Archives: Hacker

Sixth Circuit Finds Coverage for Losses Resulting from Retailer’s Data Breach

Posted on September 4, 2012 by Hunton & Williams LLP

On August 23, 2012, the United States Court of Appeals for the Sixth Circuit held in Retailer Ventures, Inc. v. Nat’l Union Fire Ins. Co. that losses resulting from the theft of customers’ banking information from a retailer’s computer system are covered under a commercial crime policy’s computer fraud endorsement.

Continue reading…

Tags: Hacker, Insurance Providers, Litigation, Ohio, Security Breach, U.S. Federal Law, U.S. State Law

FTC Files Complaint Against Wyndham Hotels

Posted on June 26, 2012 by Hunton & Williams LLP

On June 26, 2012, the Federal Trade Commission announced that it had filed suit against Wyndham Worldwide Corporation and three of its subsidiaries (“Wyndham”) alleging failures to maintain reasonable security that led to three separate data breaches involving hackers accessing sensitive consumer data. The FTC’s complaint claims that Wyndham violated the FTC Act by posting misleading representations on Wyndham websites regarding how the company safeguarded customer information, and by failing to provide reasonable security for personal information it collected. According to the complaint, these alleged security failures led to unauthorized exposure of Wyndham’s customers’ personal information and caused financial injury to consumers and businesses through fraudulent charges and other costs.

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Hacker, Information Security, Payment Card, Personally Identifiable Information, Privacy Policy, Security Breach

RockYou Settles FTC Charges Related to Data Breach, COPPA Violations

Posted on March 28, 2012 by Hunton & Williams LLP

On March 27, 2012, the Federal Trade Commission announced a proposed settlement order with RockYou, Inc. (“RockYou”), a publisher and developer of applications used on popular social media sites. The FTC alleged that RockYou failed to protect the personal information of 32 million of its users, and violated multiple provisions of the FTC’s Children’s Online Privacy Protection Act (“COPPA”) Rule when it collected information from approximately 179,000 children.

Continue reading…

Tags: Consent Order, Consumer Protection, COPPA, Enforcement, Federal Trade Commission, Hacker, Information Security, Penalty, Privacy Policy, Security Breach, Social Media, U.S. Federal Law

Third Circuit Holds Data Breach Plaintiffs Lack Standing

Posted on January 20, 2012 by Hunton & Williams LLP

On December 12, 2011, the United States Court of Appeals for the Third Circuit affirmed a decision that employees of Ceridian Corporation’s (“Ceridian’s”) customers did not have standing to sue Ceridian after the payroll processing firm suffered a data breach.

In December 2009, a hacker may have gained access to personal and financial information of Ceridian’s customers, including names, addresses, Social Security numbers, dates of birth and bank account information. Although it is not known if the hacker read, copied or understood the data, Ceridian sent notification letters to affected individuals informing them of the breach and offering to provide one year of complimentary credit monitoring and identity theft protection.

Continue reading…

Tags: Consent Order, Consumer Protection, Credit Monitoring, Cybersecurity, Federal Trade Commission, Hacker, Identity Theft, Litigation, Security Breach, Social Security Number, U.S. Federal Law

Ceridian and Lookout Services Settle FTC Charges over Failure to Secure Customers’ Personal Information

Posted on May 5, 2011 by Hunton & Williams LLP

On May 3, 2011, the Federal Trade Commission announced that it had reached settlements with Ceridian Corporation and Lookout Services, Inc. after alleging both companies had misrepresented the extent of their data security practices and subsequently failed to safeguard their customers’ information.  According to the FTC’s press release, the settlements “are part of the FTC’s ongoing efforts to ensure that companies secure the sensitive consumer information they maintain.”

Continue reading…

Tags: Consent Order, Consumer Protection, Enforcement, Federal Trade Commission, Hacker, Information Security, Security Breach, Social Security Number

Another Sony Service Breached by Hackers

Posted on May 3, 2011 by Hunton & Williams LLP

On May 2, 2011, Sony Computer Entertainment America (“Sony”) disclosed that hackers had gained access to the personal information of 24.6 million customers who played games on the Sony Online Entertainment (“SOE”) network.  Sony stated that hackers may have accessed names, addresses and birth dates of SOE gaming customers, as well as credit card data of about 12,700 non-U.S. accounts and 10,700 bank account numbers from “an outdated database from 2007.”  Sony clarified that the SOE breach was not the result of a second attack, but rather occurred as part of the broad incursion against the company that affected 77 million PlayStation accounts, as the company previously disclosed on April 26. Continue reading…

Tags: Congress, Consumer Protection, Cybersecurity, Hacker, Information Security, Online Privacy, Payment Card, Security Breach, Sony

Court Finds Allegations of Harm Sufficient to Allow Breach-Related Class Action Suit to Proceed

Posted on April 22, 2011 by Hunton & Williams LLP

On April 11, 2011, the United States District Court for the Northern District of California declined to dismiss four of the nine claims in a class action lawsuit filed against RockYou, Inc. (“RockYou”), a publisher and developer of applications used on popular social media sites.  The suit stems from a December 2009 security breach caused by an SQL injection flaw that resulted in the exposure of unencrypted user names and passwords of approximately 32 million RockYou users.  RockYou subsequently fixed the error and acknowledged in a public statement that “one or more individuals had illegally breached its databases” and that “at the time of the breach, the hacked database had not been up to date with industry standard security protocols.”  After receiving notification of the security breach from RockYou in mid-December, on December 28, 2009, a RockYou user who had signed up for a photo-sharing application filed a complaint seeking injunctive relief and damages for himself and on behalf of all other similarly-situated individuals.  

Continue reading…

Tags: California, Class Action, Hacker, Litigation, Online Privacy, Privacy Policy, Security Breach

Hackers Identify Privacy Vulnerabilities in Photo Sharing Websites

Posted on August 12, 2010 by Hunton & Williams LLP

BBC News is reporting that privacy was a major topic at this year’s Hackers on Planet Earth (“HOPE”) conference that was held in New York in July.  Participants spoke to the BBC about privacy vulnerabilities that they have discovered on various Internet sites.  For example, one participant discussed how GPS data embedded in digital photos users post online, combined with other information available in the photos and on the Internet, may reveal the exact locations where the users work, live and travel, as well as users’ real-time locations.  Participants explained that their goal is to identify the privacy vulnerabilities and provide information to others on how to protect their privacy online.  Hear the full interview.

Tags: Hacker, Information Security, Online Privacy

Hacking Overtakes Theft and Loss as Leading Cause of Reported Security Breaches

Posted on March 12, 2010 by Hunton & Williams LLP

In 2009, for the first time in three years, more publicly reported data security breaches were caused by hackers than by other sources, such as insider theft.  The nonprofit Identity Theft Resource Center (“ITRC”) tracks breaches involving five categories of data loss: (i) “data on the move,” such as lost laptops; (ii) accidental exposure; (iii) insider theft; (iv) losses involving subcontractors; and (v) hacking.  The ITRC’s 2009 Breach Report analyzed 498 publicly reported breaches affecting over 222 million total records, concluding that hacking may be on the rise.

Continue reading…

Tags: Hacker, Identity Theft, Information Security, Security Breach, U.S. State Law

Class Action Lawsuit Against Heartland Dismissed

Posted on December 14, 2009 by Hunton & Williams LLP

The court in In re Heartland Payment Systems, Inc. Securities Litigation, Civ. No. 09-1043 (D. N.J. Dec. 12, 2009) recently dismissed a class action lawsuit brought by investors in Heartland, a processor of payment card transactions whose stock value dropped significantly after it suffered a data security breach in which hackers allegedly stole 130 million payment card numbers.  The plaintiffs argued that Heartland’s statements to the effect that it had adequate security systems and that it took the issue of computer network security very seriously were fraudulent because Heartland knew it had poor data security and failed to remedy critical problems soon enough to prevent the theft.

Continue reading…

Tags: Class Action, Hacker, Information Security, Litigation, Payment Card, Privacy Policy, Security Breach