security breach

Subscribe to security breach via RSS

Businesses are on notice to pay more attention to computer security in order to protect business assets and private information, and to thwart infiltrations that threaten interconnected computers.  And help is available from the United States Computer Emergency Readiness Team (“US-CERT”).

Department of Homeland Security (“DHS”) Secretary Michael Chertoff and Assistant Secretary of Cybersecurity Greg Garcia recently warned that an uptick in cyber attacks  reveal a growing threat to critical U.S. infrastructure and private networks. Garcia warned that hackers “are making massive efforts to compromise computer systems on a global scale,” a reference to the fifty percent in crease in cyber-attacks between 2006 and 2007.  Chertoff called upon businesses to help protect networks and infrastructure from infiltration and data theft.  Secretary Chertoff remarked, “There’s no question this is the vulnerability of the 21st century.”

On Saturday, California Governor Arnold Schwarzenegger vetoed AB 779, legislation that would have amended California’s landmark data security breach legislation. The bill would have been the first to follow law enacted by Minnesota earlier this year and effective August 1, 2007, that amended Minnesota’s security breach notification law by, among other things, prohibiting businesses from retaining certain payment card data after authorization of a transaction.

We thought it might be helpful to provide citations to the 37 state (plus D.C. and Puerto Rico) breach notification laws that cover private entities (Oklahoma’s law, that only addresses state agencies, is not included). We also provide links, or uploaded copies, where available.

A recent decision from the Southern District of Ohio echoes prior decisions of district courts addressing negligence claims against companies that have experienced a data breach. The court held that the cost of obtaining credit monitoring services does not count as damages without evidence of identity fraud. Kahle v. Litton Loan Servicing LP, case no. 1:05cv756.

On April 26, 2007, New York Attorney General Andrew Cuomo announced that his office entered into a settlement with CS STARS LLC for violating the state’s Information Security Breach and Notification Law, which is codified at N.Y. Gen. Bus. Law § 899-aa. Cuomo’s office targeted CS STARS for delaying, for seven weeks, the issuance of legally required notification regarding the theft of a computer which contained the personal information of approximately 540,000 worker’s compensation recipients.

The protection of Social Security numbers (SSNs) from identity thieves has emerged as a hot news topic in the past few weeks. In California, it was revealed that, for the past three years, the Secretary of State’s office has been selling in bulk electronic UCC filings containing SSNs. Those filings were available to the public on the Secretary’s website, so that lenders and creditors could verify the availability of personal property used as collateral. Approximately one-third of the state’s two million UCC filings contained SSNs. Secretary of State Debra Bowen immediately shut off web-based access to the UCC filings and took down the offending part of the website.