Contact

Click here for a confidential contact or call:

1-212-350-2764

Cybersecurity and Data Breaches

This archive displays posts tagged as relevant to cybersecurity and data breach issues. You may also be interested in the following pages:

Page 3 of 4

September 27, 2018

Uber has reached a $148 million settlement in a multi-state investigation arising from a 2016 data breach, which exposed the drivers’ license data of 600,000 drivers and other personal data from as many as 57 million customers.  Uber learned of the breach when anonymous hackers demanded $100,000 to keep the breach confidential.  Uber paid the hackers, but failed to disclose the breach or notify affected parties until November 2017.  The $148 million settlement, the largest multi-state data breach settlement to date, will be divided among all 50 states and the District of Columbia. Uber also agreed to implement additional security and compliance procedures.  Among the AG announcements: CA, CT, FL, GA, IL, NJ, NY, NC, PA, VA.

June 28, 2018

The SEC charged a former Equifax manager with insider trading in advance of the company’s September 2017 announcement of a massive data breach that exposed Social Security numbers and other personal information of approximately 148 million U.S. customers. This is the second case the SEC has filed arising from the Equifax data breach.  In March, the former chief information officer of Equifax’s U.S. business unit was charged with insider trading. SEC

April 24, 2018

The SEC announced that the entity formerly known as Yahoo! Inc. has agreed to pay a $35 million penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions of user accounts. According to the SEC’s order, within days of the December 2014 intrusion, Yahoo’s information security team learned that Russian hackers had stolen what the security team referred to internally as the company’s “crown jewels”: usernames, email addresses, phone numbers, birthdates, encrypted passwords, and security questions and answers for hundreds of millions of user accounts. Although information relating to the breach was reported to members of Yahoo’s senior management and legal department, Yahoo failed to properly investigate the circumstances of the breach and to adequately consider whether the breach needed to be disclosed to investors. The fact of the breach was not disclosed to the investing public until more than two years later, when in 2016 Yahoo was in the process of closing the acquisition of its operating business by Verizon Communications, Inc. SEC

March 14, 2018

The SEC charged Jun Ying, a former chief information officer of a U.S. business unit of Equifax with insider trading in advance of the company’s September 2017 announcement about a massive data breach that exposed the social security numbers and other personal information of about 148 million U.S. customers. According to the SEC’s complaint, Ying, who was next in line to be the company’s global CIO, allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach.  The SEC alleges that before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million.  According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses. SEC See related post re: final judgment, July 18, 2019.

March 6, 2018

New York announced a settlement with healthcare provider EmblemHealth and wholly owned subsidiary Group Health Incorporated ("EmblemHealth") after the company admitted a mailing error that resulted in 81,122 social security numbers being disclosed on a mailing. In addition to paying a $575,000 penalty, EmblemHealth agreed to implement a Corrective Action Plan and conduct a comprehensive risk assessment. NY

November 22nd, 2017

California announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations that they failed to implement basic, reasonable safeguards to protect patient medical information in violation of state and federal privacy laws. The settlement requires Cottage to maintain security practices and procedures to protect patients’ medical information from unauthorized access or disclosure. This settlement follows two separate data breach incidents by Cottage Health where more than 50,000 patients’ medical information was made publicly available online. CA

Equifax Executives May Find Themselves in Trouble with the SEC

Posted  09/11/17
By the C|C Whistleblower Lawyer Team Last Thursday, Equifax revealed that it experienced a data breach that affected 143 million people. Equifax is one of the largest credit rating agencies in the world, holding personal identifying information, and financial metrics of millions of Americans. On Friday, it became public that three Equifax executives sold nearly $2M worth of stock within hours of the breach. The...

September 5, 2017

Connecticut joined with 31 other states in a settlement with technology company Lenovo (United States) Inc. to resolve allegations that the company violated state consumer protection laws by pre-installing faulty software on laptop computers sold to Connecticut consumers that made consumers' personal information vulnerable to hackers.

August 9, 2017

Connecticut joined with 31 other states and the District of Columbia in a $5.5 million settlement with Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty Insurance Company, that resolves the states’ investigation into a 2012 data breach that exposed sensitive personal information of 1.2 million consumers across the country. On October 3, 2012, Nationwide and Allied (collectively, "Nationwide"), experienced a data breach when, the states’ investigation found, hackers exploited a vulnerability in the companies’ third-party Web application hosting software. The states’ investigation found that Nationwide had failed to apply a critical software patch that the third-party software company had deployed in 2009 to address the vulnerability. FL

May 23, 2017

New York announced that 47 states and the District of Columbia have reached a $18.5 million settlement with the Target Corporation to resolve the states’ investigation into the retail company’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. The agreement represents the largest multistate data breach settlement achieved to date and will bring $635,224.33 to New York State. The states’ investigation found that in November of 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database and to install malware on the system that was used to capture consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. NY, TX, CA

Newsletter

Subscribe to receive email updates from the Constantine Cannon blogs

Sign up for: