TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
Crisis & Data Breach Response
Alston & Bird Health Care Advisory: HIPAA Audit Program Phase 2 Update
We have previously blogged about the U.S. Department of Health & Human Services HIPAA Audit Program, including the Audit Program pilot (November 30, 2011 and March 7, 2012), the release of the Office for Civil Rights (OCR) audit protocols (June 26, 2012), and the status of phase 2 of the Audit Program (February 26, 2014 […]
New California Law Expands Data Security Requirements, SSN Protections and Breach Notification Obligations
On September 30, 2014, the Governor of California signed Assembly Bill 1710, which made three small but important changes to the state’s privacy laws. The bill: (1) amended California’s breach notification law to require that the notifying entities offer identity theft protection services to affected individuals in certain cases; (2) required California businesses that “maintain” […]
Kim Peretti Interviewed by BankInfoSecurity
Kim Peretti, co-chair of the firm’s Security Incident Management & Response Team, was interviewed by BankInfoSecurity about what boards must know about security issues and how to keep directors risk-aware. In the interview, titled “Cybersecurity: What Boards Must Know,” Peretti discusses what directors don’t know about security, the pre- and post-breach responsibilities of boards, and how […]
Secret Service Estimates in Follow-Up Advisory that “Backoff” Malware Affected 1,000 U.S. Businesses
On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns […]