Contact

Click here for a confidential contact or call:

1-212-350-2764

Cybersecurity and Data Breaches

This archive displays posts tagged as relevant to cybersecurity and data breach issues. You may also be interested in the following pages:

Page 4 of 4

May 23, 2017

New York announced that 47 states and the District of Columbia have reached a $18.5 million settlement with the Target Corporation to resolve the states’ investigation into the retail company’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. The agreement represents the largest multistate data breach settlement achieved to date and will bring $635,224.33 to New York State. The states’ investigation found that in November of 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database and to install malware on the system that was used to capture consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. NY, TX, CA

December 14, 2016

The operators of the Toronto-based AshleyMadison.com dating site have agreed to settle FTC and state charges that they deceived consumers and failed to protect 36 million users’ account and profile information in relation to a massive July 2015 data breach of their network. The settlement requires the defendants to implement a comprehensive data-security program, including third-party assessments. In addition, the operators will pay a total of $1.6 million to settle FTC and state actions. FTC

November 15, 2016

Resolving a multistate investigation into a 2013 data breach that involved the personal information of more than 50,000 Massachusetts residents, software company Adobe Systems, Inc. (Adobe) has agreed to pay $1 million and implement new policies and practices to prevent future breaches. An investigation by the states revealed that in September 2013, Adobe received an alert that the hard drive for one of its application servers was nearing capacity. In responding to the alert, Adobe learned that an unauthorized attempt was being made to decrypt customer payment card numbers maintained on the server. The states allege that the nature of the attack was foreseeable and that contrary to Adobe’s representations to its customers, it did not take reasonable steps to protect consumers’ personal information, or to promptly detect the attack and prevent the theft of consumers’ data. The states allege that the data breach of certain Adobe servers included those containing the personal information of approximately 534,000 residents of the participating states, including approximately 53,000 Massachusetts residents. MA, OH, IL

SEC Enforcement Spotlight – 32 charged in international scheme to trade on hacked news releases

Posted  08/12/15
On August 11th, the SEC announced the filing of fraud charges against 32 defendants for taking part in an international scheme to profit from stolen non-public corporate earnings announcements.  See SEC Press Release The SEC’s complaint alleges that over a five-year period, two Ukrainian men, Ivan Turchynov and Oleksandr Ieremenko, used advanced techniques to hack into two or more newswire services and steal...

January 7, 2015

Florida Attorney General Pam Bondi, along with eight other attorneys general, announced a settlement with Nevada-based online retailer Zappos.com, Inc. to resolve allegations that Zappos placed consumers’ personal data at risk by allegedly failing to protect financial information during a data breach that occurred in 2012. Zappos has agreed to pay $106,000 to the states and must take certain actions intended to better protect consumers’ information. FL

Newsletter

Subscribe to receive email updates from the Constantine Cannon blogs

Sign up for: