A federal judge dismissed a data breach-related lawsuit against Heartland Payment Systems on Monday (Dec. 7), saying that the plaintiffs hadn’t proved any of their allegations that Heartland knew it had inadequate security and lied about it to shareholders. The judge’s detailed ruling sheds light on the environment data breach retail victims are likely to face in court and could provide some guidance on how they should act when discussing those breaches.
A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen after using uncompliant terminals.
According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.
The FBI said Friday it may investigate a breach of patient privacy laws at University Medical Center, where hospital officials are reeling with the realization that at least one of their employees has leaked confidential names, birth dates and Social Security numbers.
Now, under the HITECH Act, policing will become a two-way street — the business associate also must monitor the physician's compliance.
The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5.
The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bills are now headed to the full Senate for its stamp of approval.
Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.
This is a class action lawsuit brought by the FI Plaintiffs,
individually, and on behalf of similarly situated banks, credit unions and
other financial institutions that were injured as a result of a massive breach
in the computer systems (the “Data Breach”) at Defendant Heartland
Payment Systems, Inc. (“Heartland”).
In a 4-0 ruling Monday, the FTC approved a rule that will require Web based businesses that deal with personal health information, even if they are not bound by HIPAA laws, to report security breaches. The Health Breach Notification Rule was created and put in place because Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009.
Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.
At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.
Last September, California enacted the toughest patient privacy protections in the country, even tougher than HIPAA. They include specific penalties for medical-record snooping, rules requiring providers to report breaches far more quickly than HIPAA and requirements that safeguards like passwords be put in place. The new laws even establish a new state office supervising patient privacy and imposing fines when violations occur.