Data Security Law Blog

http://datasecuritylaw.com/

DataSecurityLaw.com is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Another Bumpy Week for Equifax: Virus Hits Website, IRS Suspends Contract and Hacked UK Residents Notified It was another chaotic week for Equifax Inc., still scrambling to stem the torrent of bad news after its massive data breach last month that has potentially affected more than half of the U.S.’s adult population. Here’s a quick rundown of last week’s developments: Close Call – A malicious virus – apparently from an Equifax vendor – stirred reports of another data breach when the credit reporting agency took an online portal down as a precautionary measure.  The company says... More
  • Justices to Hear DOJ Appeal on Microsoft Ruling: Is Email Stored Abroad Subject to a U.S. Warrant? The Supreme Court is poised to finally answer the question that’s been plaguing federal courts across the country:  must U.S. tech companies comply with warrants issued under the Stored Communications Act (“SCA”) that demand information from customer accounts that is stored on servers in a foreign country? We’ve written several times about the seminal Microsoft litigation.  It started in December 2013, when U.S. law enforcement officials served an SCA warrant on Microsoft seeking email content associated with an unnamed user’s... More
  • The Supreme Court Punts on Clarifying the Computer Fraud and Abuse Act The federal Computer Fraud and Abuse Act of 1986 (“CFAA”) has generated controversy and disagreement among courts and commentators regarding the scope of its application.  The statute, 18 U.S.C. § 1030, which provides for both criminal and civil penalties, prohibits accessing a computer or protected computer “without authorization” or in a manner “exceeding authorized access.”  Courts are divided as to the meaning of these phrases, yet the U.S. Supreme Court recently declined the opportunity to resolve the circuit split that... More
  • Equifax Flunked Index Provider’s Cybersecurity Test A Year Ago A financial index provider foretold the Equifax Inc. data breach more than a year ago, warning that the rating agency “is vulnerable to data theft and security breaches.” In an August 2016 report, MSCI Inc. – which selects index stocks based on its analysis of a company’s performance on environmental, social and governance issues – concluded that “Equifax shows no evidence of data breach plans or regular audits of its information security policies and systems.” “Equifax’s data security and privacy... More
  • Hackers Score Touchdown: NFL Players Association Hit With Data Breach A data breach of the National Football League Players Association’s (“NFLPA”) website has exposed the personal information of nearly 1,200 players and agents. Late last month, Kromtech Security Center, a German-based firm, identified a misconfigured online database on the NFLPA.com server that allowed hackers, or anyone else with internet access and the correct link, to access players’ and agents’ names, birth dates, addresses, cell phone numbers, and email addresses.  It appears that other highly confidential information, such as social security... More
  • Equifax: Can It Get Any Worse? U.S. Breach Toll Tops 145 Million It’s difficult to imagine things getting much worse for Equifax Inc.  But late yesterday, Equifax disclosed that an additional 2.5 million Americans are potentially affected by the massive breach, bringing the company’s revised estimate to 145.5 million U.S. consumers. Equifax says the additional consumer accounts were discovered during a forensic investigation. The company’s disclosure came on the eve of testimony by its former CEO, Richard F. Smith, who will face three Congressional hearings this week. First up is today’s hearing before... More
  • Justice Department Accuses Google of “Alarming” Tactics in Fight over SCA Search Warrant The ongoing dispute between the government and Google concerning the company’s refusal to hand over customer data stored on foreign servers has taken an odd twist.  Now, the Justice Department is demanding that Google be sanctioned for not abiding by the court’s most recent decision—ordering it to produce data associated with 22 email accounts—and calling Google’s conduct “a willful and contemptuous disregard of various court orders.”  The case is In the Matter of the Search of Content that Is Stored... More
  • Memo to Congress: Five Key Questions for Upcoming Equifax Hearings Richard F. Smith – who presided over Equifax Inc. as CEO during one of the largest data breaches in a generation – will testify before two congressional committees next week.  Smith will appear Tuesday before the House Energy and Commerce Committee and on Wednesday before the Senate Committee on Banking, Housing, & Urban Affairs. Both hearings will be webcast live. The House hearing is available here and the Senate hearing here. While lawmakers will be eager to use the hearings... More
  • Equifax Mea Culpa: Too Little, Too Late? Equifax Inc.’s interim CEO, Paulino do Rego Barros Jr., issued the company’s second public apology this morning for the massive data breach that has affected as many as 143 million U.S. consumers. In a Wall Street Journal op-ed, Barros acknowledged the company’s ball drop in handling the breach and promised to “act quickly and forcefully to correct our mistakes.” He said the company will introduce a new service that would permit consumers to control access to their personal credit data. Ironically,... More
  • Cyber Week in Preview: SEC Hack, Equifax CEO on Hot Seat and Energy Sector Cyber Spend As we start the new week, a recap of major cybersecurity developments: Equifax CEO Faces Senate Committee – Senate staffers are busy readying cross examination scripts for the testimony next week of Equifax Inc. Chief Executive Officer Richard F. Smith.  In an open hearing, members of the Senate Committee on Banking, Housing and Urban Affairs will question Smith about Equifax’s handling of the data breach, which has potentially affected the personal information of 143 million Americans.  The hearing will... More