Tag Archives: laws

Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security

A federal judge dismissed a data breach-related lawsuit against Heartland Payment Systems on Monday (Dec. 7), saying that the plaintiffs hadn’t proved any of their allegations that Heartland knew it had inadequate security and lied about it to shareholders. The judge’s detailed ruling sheds light on the environment data breach retail victims are likely to face in court and could provide some guidance on how they should act when discussing those breaches.

via StorefrontBacktalk » Blog Archive » Heartland Lawsuit Dismissed, “Insufficient Evidence” Of Weak Security.

Restaurants file lawsuit against payment terminal vendor after customers have identities stolen – SC Magazine UK

A group of US restaurants have filed a class action lawsuit against a point of sale vendor after customers had their identities stolen after using uncompliant terminals.

According to a report on Finextra, seven restaurants in Louisiana and Mississippi are seeking millions of dollars in damages from vendor Radiant and its distributor Computer World after hundreds of their customers had their identities stolen as a result of payments terminals that were not PCI DSS compliant.

via Restaurants file lawsuit against payment terminal vendor after customers have identities stolen – SC Magazine UK.

Senate Committee Passes Data Breach Laws

The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.

Two sweeping bills that would set new standards for data breach notifications made their way out of the Senate Judiciary Committee Nov. 5.

The committee voted yes on the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means the bills are now headed to the full Senate for its stamp of approval.

via Senate Committee Passes Data Breach Laws.

Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues

Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance

via StorefrontBacktalk » Blog Archive » Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues.

HEARTLAND Lawsuit filed #PCI

Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.

This is a class action lawsuit brought by the FI Plaintiffs,
individually, and on behalf of similarly situated banks, credit unions and
other financial institutions that were injured as a result of a massive breach
in the computer systems (the “Data Breach”) at Defendant Heartland
Payment Systems, Inc. (“Heartland”).

HEARTLAND-FILING-9_2_09.pdf (application/pdf Object).

FTC: Organizations not bound by HIPAA must report breaches – Security

In a 4-0 ruling Monday, the FTC approved a rule that will require Web based businesses that deal with personal health information, even if they are not bound by HIPAA laws, to report security breaches. The Health Breach Notification Rule was created and put in place because Congress directed the FTC to issue the rule as part of the American Recovery and Reinvestment Act of 2009.

via FTC: Organizations not bound by HIPAA must report breaches – Security.

More holes found in Web’s SSL security protocol – Network World

Security researchers have found some serious flaws in software that uses the SSL (Secure Sockets Layer) encryption protocol used to secure communications on the Internet.

At the Black Hat conference in Las Vegas on Thursday, researchers unveiled a number of attacks that could be used to compromise secure traffic travelling between Web sites and browsers.

via More holes found in Web’s SSL security protocol – Network World.

How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT

Last September, California enacted the toughest patient privacy protections in the country, even tougher than HIPAA. They include specific penalties for medical-record snooping, rules requiring providers to report breaches far more quickly than HIPAA and requirements that safeguards like passwords be put in place. The new laws even establish a new state office supervising patient privacy and imposing fines when violations occur.

via How will California’s tougher-than-HIPAA privacy laws impact U.S.? – FierceHealthIT.