Yesterday TARGET announced that the hackers who committed the breach that has potentially affected as many as 110 million customers gained access to its systems through one of its vendors. Although the details are still emerging as the forensic investigation continues, this early report is a reminder that your vendors can be a potential source
Jason M. Weinstein
Is the Congressional Response to the Target Breach Off-Target?
In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type. Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard. But if the congressional response focuses entirely on breach notification and…
Video Interview: Discussing the Target Data Breach with LXBN TV
Following up on my recent commentary on the Target data breach, I had an opportunity to discuss its fallout in a video interview with Colin O’Keefe of LXBN. In the interview, I describe litigation Target now faces and share my opinion on what lawmakers should do to combat breaches like this.
TARGETed for a Breach – and Now TARGETed for Litigation
On Thursday, TARGET announced that it had been the victim of a cyber attack in which hackers stole data on credit and debit cards of as many as 40 million customers who made purchases at the height of the holiday shopping season. The incident was first reported the previous day by the website KrebsOnSecurity.com.…
The DPA for the USA
Officials in the EU often deride the lack of a national data protection authority in the US. It is absurd to suggest that the existence of a national DPA is itself a litmus test for a country’s commitment to privacy protection. Indeed, I would put the US system of constitutional checks and balances and sectoral…
Breach Protection
All too often, companies that have been victimized by data breaches are being blamed by regulators and class action lawyers for not doing more to prevent the breaches. Now more than ever, companies need to move proactively to manage their risks of a breach, before the breach occurs. Corporate Counsel has published my article on…
Lessons From Recent Trends In Privacy Class Actions
Law360 has published my article (subscription required) on data privacy class actions. The article discusses lessons from the first wave of these cases as well as steps companies can take in advance to reduce their litigation risks.
Cloud Computing: the US versus the EU
The International Association of Privacy Professionals has published my article on how US cloud providers and the US government can respond to the wave of hypocrisy from the EU over PRISM. The full article can be found here.
EU Data Protection – The Inconvenient Truth
In the wake of the leaks about the NSA’s PRISM program and domestic data collection activities, EU officials have, quite predictably, raised alarms that the NSA’s programs pose a grave threat to the privacy of EU citizens. In recent days, European Parliament members have been quoted as calling the NSA programs “shocking” and tantamount to…
The CFAA and the Insider Threat
Last week Rep. Zoe Lofgren introduced “Aaron’s Law,” legislation that would significantly amend the Computer Fraud and Abuse Act (CFAA). The proposed bill, drafted by Rep. Lofgren and Sen. Ron Wyden, is named in honor of the late Aaron Swartz, who took his own life earlier this year while under indictment for CFAA…