A massive data breach hit one of the country’s largest education software providers. According to EducationWeek, PowerSchool provides school software products to more than 16,000 customers, largely K-12 schools, that serve 50...more
The best practice approach to effectively handling a data security incident starts with a proactive response plan. But when the inevitable occurs, will your plan stand up to the test? Join our panel of experts as they discuss...more
At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take...more
It is a commonly-held belief that younger, more tech-savvy individuals are less likely to engage in risky cyber practices than their “senior,” pre-internet counterparts. Recent evidence, however, indicates to the contrary...more
On July 31, 2019, Governor Carney signed the Delaware Insurance Data Security Act (formerly, HB 174) into law. Based on the National Association Of Insurance Commissioners (NAIC) Insurance Data Security Model Law, the...more
Security researchers have warned municipalities repeatedly about how they are being targeted with ransomware, that they are at high risk, and the need to make data security a high priority. Please see full Publication blow...more
Massachusetts’ breach notice law has been amended, requiring companies who suffer a data breach to provide more information to the Attorney General about the incident. The law will go into effect in a month, on April 11,...more
The Governor of Massachusetts has just signed into law amendments to the state’s data breach notification law. The amendments will go into effect April 11, 2019. Under the amended law, companies whose breaches involve Social...more
There is a little-known provision from a new federal law that will most likely impact your hiring practices and your standard hiring documents—and it kicked in last Friday. As of September 21, all employers must update their...more
In an age where data is widely available and almost everything is stored online, data breaches are becoming more common, and the outcomes of cases involving data breaches are unpredictable. Data involved in a breach can range...more
A bi-partisan privacy and data security bill, which will significantly impact companies with North Carolina employees, is in the works. North Carolina State Representative Jason Saine (R), Appropriations Chairman of...more
A North Carolina bill designed to strengthen the state’s data breach notification statute could radically change incident response. Through the Act to Strengthen Identity Theft Protections, North Carolina could quickly become...more
As we all know, over the past few years there have been a host of data breaches by entities that most of us expected would safeguard that information. The latest loss of roughly 150 million Americans' personal information is...more
The Equifax breach is not the biggest in terms of the number of people affected (the 2016 Yahoo breach compromised data associated with over 500 million user accounts compared to the 143 million people affected by the Equifax...more
On August 17, 2017, Delaware amended its personal information protection law, Delaware Code Title 6, Chapter 12B. The amendment becomes effective 240 days after enactment or March 14, 2018. The amended law significantly...more
We’ve all gotten them–the dreaded letter that informs us that our data has been compromised, including our Social Security number. Some have received so many of these “notifications” that they are de-sensitized, throw their...more
As reported on Friday in the Krebs on Security blog, online broker Scottrade had sent an e-mail to customers earlier that day stating that it recently had learned from law enforcement officials that Scottrade was one of a...more
Connecticut’s data breach notification law currently requires notification “without unreasonable delay.” Effective October 1, 2015, Connecticut will (a) require notice of any breach of security not only “without unreasonable...more
The Securities and Exchange Commission (“SEC”) recently settled its first cybersecurity-related enforcement action against a Missouri based registered investment adviser, R.T. Jones Capital Equities Management, Inc. (the ...more
Lawyers for former employees of Sony Pictures Entertainment (“SPE”) indicated in a September 2, 2015 filing that they have tentatively reached a settlement with SPE in the class action suit resulting from the data breach...more
Exellus BlueCross BlueShield has announced that the personal information of at least 10 million members has been compromised in a “very sophisticated” cyberattack that occurred on December 23, 2013 and was discovered by the...more
The Office of Personnel Management (OPM) and the Defense Department announced this week that a Portland, OR based vendor has been selected to assist with breach notification and credit assistance for the almost 22 million...more
This Is The End? - Settlement appears imminent in an employee class action against Sony Pictures Entertainment (“SPE”) arising from disclosure of their personally identifiable information (“PII”) in a massive data breach...more
On August 17, 2015, the Internal Revenue Service (“IRS”) announced that a breach of U.S. taxpayers’ personal information, first disclosed in May, was three times worse than previously thought. While initial reports indicated...more
The list of companies hit by cyber-attacks continues to grow. This time, Florida-based web hosting company, Web.com, has announced that it suffered a data breach that may have compromised credit card information and other...more