Click here for a confidential contact or call:


Cybersecurity and Data Breaches

This archive displays posts tagged as relevant to cybersecurity and data breach issues. You may also be interested in the following pages:

Page 5 of 6

March 14, 2018

The SEC charged Jun Ying, a former chief information officer of a U.S. business unit of Equifax with insider trading in advance of the company’s September 2017 announcement about a massive data breach that exposed the social security numbers and other personal information of about 148 million U.S. customers. According to the SEC’s complaint, Ying, who was next in line to be the company’s global CIO, allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach.  The SEC alleges that before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million.  According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses. SEC See related post re: final judgment, July 18, 2019.

March 6, 2018

New York announced a settlement with healthcare provider EmblemHealth and wholly owned subsidiary Group Health Incorporated ("EmblemHealth") after the company admitted a mailing error that resulted in 81,122 social security numbers being disclosed on a mailing. In addition to paying a $575,000 penalty, EmblemHealth agreed to implement a Corrective Action Plan and conduct a comprehensive risk assessment. NY

November 22nd, 2017

California announced a $2 million settlement with Cottage Health System and its affiliated hospitals in California resolving allegations that they failed to implement basic, reasonable safeguards to protect patient medical information in violation of state and federal privacy laws. The settlement requires Cottage to maintain security practices and procedures to protect patients’ medical information from unauthorized access or disclosure. This settlement follows two separate data breach incidents by Cottage Health where more than 50,000 patients’ medical information was made publicly available online. CA

Equifax Executives May Find Themselves in Trouble with the SEC

Posted  09/11/17
By the C|C Whistleblower Lawyer Team Last Thursday, Equifax revealed that it experienced a data breach that affected 143 million people. Equifax is one of the largest credit rating agencies in the world, holding personal identifying information, and financial metrics of millions of Americans. On Friday, it became public that three Equifax executives sold nearly $2M worth of stock within hours of the breach. The...

September 5, 2017

Connecticut joined with 31 other states in a settlement with technology company Lenovo (United States) Inc. to resolve allegations that the company violated state consumer protection laws by pre-installing faulty software on laptop computers sold to Connecticut consumers that made consumers' personal information vulnerable to hackers.

August 9, 2017

Connecticut joined with 31 other states and the District of Columbia in a $5.5 million settlement with Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty Insurance Company, that resolves the states’ investigation into a 2012 data breach that exposed sensitive personal information of 1.2 million consumers across the country. On October 3, 2012, Nationwide and Allied (collectively, "Nationwide"), experienced a data breach when, the states’ investigation found, hackers exploited a vulnerability in the companies’ third-party Web application hosting software. The states’ investigation found that Nationwide had failed to apply a critical software patch that the third-party software company had deployed in 2009 to address the vulnerability. FL

May 23, 2017

New York announced that 47 states and the District of Columbia have reached a $18.5 million settlement with the Target Corporation to resolve the states’ investigation into the retail company’s 2013 data breach, which affected more than 41 million customer payment card accounts and exposed contact information for more than 60 million customers. The agreement represents the largest multistate data breach settlement achieved to date and will bring $635,224.33 to New York State. The states’ investigation found that in November of 2013, cyber attackers accessed Target’s gateway server through credentials stolen from a third-party vendor. The credentials were then used to exploit weaknesses in Target’s system, which allowed the attackers to access a customer service database and to install malware on the system that was used to capture consumer data, including full names, telephone numbers, email and mailing addresses, payment card numbers, expiration dates, CVV1 codes, and encrypted debit PINs. NY, TX, CA

December 14, 2016

The operators of the Toronto-based dating site have agreed to settle FTC and state charges that they deceived consumers and failed to protect 36 million users’ account and profile information in relation to a massive July 2015 data breach of their network. The settlement requires the defendants to implement a comprehensive data-security program, including third-party assessments. In addition, the operators will pay a total of $1.6 million to settle FTC and state actions. FTC

November 15, 2016

Resolving a multistate investigation into a 2013 data breach that involved the personal information of more than 50,000 Massachusetts residents, software company Adobe Systems, Inc. (Adobe) has agreed to pay $1 million and implement new policies and practices to prevent future breaches. An investigation by the states revealed that in September 2013, Adobe received an alert that the hard drive for one of its application servers was nearing capacity. In responding to the alert, Adobe learned that an unauthorized attempt was being made to decrypt customer payment card numbers maintained on the server. The states allege that the nature of the attack was foreseeable and that contrary to Adobe’s representations to its customers, it did not take reasonable steps to protect consumers’ personal information, or to promptly detect the attack and prevent the theft of consumers’ data. The states allege that the data breach of certain Adobe servers included those containing the personal information of approximately 534,000 residents of the participating states, including approximately 53,000 Massachusetts residents. MA, OH, IL

June 8, 2016

Morgan Stanley Smith Barney LLC will pay a $1 million penalty to settle charges related to its failures to protect customer information, some of which was hacked and offered for sale online.  As a result of failures to adopt policies and procedures reasonably designed to protect customer data, from 2011 to 2014, a then-employee impermissibly accessed and transferred data regarding approximately 730,000 accounts to his personal server which was ultimately hacked by third parties.  SEC
1 3 4 5 6


Subscribe to receive email updates from the Constantine Cannon blogs

Sign up for: