Log in

Posts Tagged ‘Debit card’

The John Anderson et al. vs. Hannaford Bros. Co. et al. case

November 1st, 2011

Retrieved from the website of the United State...

The First Circuit's decision may change some data breach laws

An appeals court’s decision may bring a major change in the data breach laws. The court’s decision is to permit negligence and contract putative class action litigation. This is specifically related to a grocery store chain data breach because of the alleged damages incurred.

Maine Law

The First Circuit has held that consumer claims for reimbursement of the cost of identity theft insurance and of fees for replacement of credit and debit cards following a breach of their personal information can be a cognizable injury under certain circumstances. For now, Maine Law recognizes this decision.

Case history

In the year 2007 hackers breached Hannaford’s – a popular grocery store chain – electronic payment processing system and stole up to 4.2 million credit and debit card numbers, with expiration dates and security codes. Fortunately customer names were not stolen. Hannaford made a public announcement about the breach and added that it had received a total of 1,800 reports of fraudulent credit and debit card activity. Some financial institutions canceled/reissued customer cards and monitored the accounts. But some of these institutions assessed fees on the consumers for offering such services. To be on the safer side, some consumers purchased identity theft insurance and/or credit monitoring services. The plaintiffs in the above lawsuit of Hannaford claimed damages that included these fees and services. In addition, allegations included loss of accumulated miles reward points, inability to earn reward points, emotional distress, and the time and effort spent during this period.

As per the initial Maine law time and effort were not to be counted as cognizable offences. Hence previously the court had ruled in Hannaford’s favor dismissing all claims.

The circuit court’s appeal

The First Circuit was trying to assess whether the mitigation damages alleged by plaintiffs for negligence and breach of implied contract could be considered as a cognizable injury under Maine law.

The court’s ruling

First Circuit held that mitigation damages that arise from negligence and breach of implied contract claims can be cognizable under Maine law. But they have to be “reasonably foreseeable” and “reasonable,” and are for actual financial losses rather than just time or effort expended.

The Hannaford decision is a classic example of what a common man can do against a faulty legal system. The legal system is harsh but if you are armed with information and know your rights, you can appeal in the court of law and get your voice heard. Data breach victims can now heave a sigh of relief.

Alertsec helps keep Data Safe

The above case is a clear indication that in the absence of full disk encryption, privacy of people can get affected. To keep your sensitive data safe from thefts and hacking, it is very important to use Data encryption software. Everyday we are reading incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Comments Off »

Posted in Computer security, Data Protection, data breach, data encryption

Tags: Class action data breach Debit card Grocery store Hannaford Hannaford Bros. Co. identity theft Law Maine Maine Law United States Court of Appeals for the First Circuit

“SEEN or HEARD anything?” about the Laptop

April 21st, 2010

: Image via Wikipedia

While delivering his talk in South Korea, Dr. Robert Levine would have got little idea that his laptop would be stolen. A couple of months ago, Dr. Levin, a nuerologist specializing in ears, was conducting a lecture and he later discovered that his laptop containing vital information for over 22 years was stolen from the premises.

According to the analysis done by Mass. Eye and Ear it was determined that Dr. Levine’s laptop contained critical demographic and health information of around 3,526 patients all of whom were treated by Dr. Levine at Mass. Eye and Ear during February 3, 1988 and February 16, 2010. Additionally, the laptop also included info of a small number of participants in research conducted by Dr. Levine at Mass. Eye and Ear who were not also Dr. Levine’s patients, as follows:

67 participants in somatic tinnitus modulation research
One participant in pulsatile tinnitus research.

As per the new rules defined by the legislation, the responsible authority has to inform the affected individuals. Following the regulations, Mass Eye and Ear is informing the patients and research participants about the loss of information.

What kind of information was present?

It is typically believed, that Dr. Lveine’s laptop contained the following types of information:

Name, Address, Telephone numbers, E-mail, Date of birth and age, Sex, Medical record numbers, Dates of service, Medical information, including diagnoses, symptoms, test results, and prescriptions, Name and contact information for patient pharmacies and Research participant status.

The light at the end of this news is that critical information like Social Security numbers, financial account numbers, and credit or debit card numbers were not present on the laptop. Due credit needs to be given to the hospital for taking all the necessary action from their side. Letters have been dispatched to the affected individuals and also a notice has been posted on the website to inform all the individuals whose contact data is out of date.

Individuals who fit into one of the categories above, and who do not receive a letter directly from Mass. Eye and Ear, may contact the Mass. Eye and Ear Breach Response Center at 877-313-1395 to determine if they are affected.

According to the hospital, the computer was password protected and contained a tracking device called as “LoJack.” The hospital contacted contacted LoJack and they discovered the installation of a new operating system on the computer following the theft. It was also discovered that the software through which information about the affected Mass. Eye and Ear individuals was not installed again.

On April 9 it was determined that it was unlikely that continued monitoring of the computer would lead to its retrieval, and a command was sent by LoJack to the computer permanently disabling the hard drive and rendering any information, including information about affected Mass. Eye and Ear individuals contained on the hard drive, permanently unreadable.

Although there is no risk of exposure of financial information, it is believed that the information of the patients could be used to obtain medical care or medications in their name.

John Fernandez, Mass. Eye and Ear president and CEO said, “Mass. Eye and Ear apologizes to those affected for any concern, inconvenience, or risk that this incident may cause,”. “We regret that this incident occurred and are taking appropriate steps to protect individuals associated with Mass. Eye and Ear who may have been affected by this breach and to limit or prevent where possible such breaches in the future.”

About Alertsec Xpress

Alertsec Xpress offers computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.For more information visit us at www.alertsec.com

2 comments »

Posted in Data Protection, Encryption

Tags: Debit card Health care identity theft information security LoJack Social Security number South Korea Theft

Data Breach Protection Law (HB 583) passed by Mississippi

April 16th, 2010

: Image via Wikipedia

Residents of the US state of Mississipi must be a happy, secured and protected bunch now.

On the opposite side of spectrum there is increasing pressure on organizations, small businesses and other agencies to adopt secure methods of data protection.

The state of Mississippi has become the 46th in the US to pass the ruling which requires that organizations and agencies owned by the government should inform the general public whenever there is a data loss incident or compromise of information without any delay. Primarily this data loss implies to loss of personal information either which is either natural or caused by malicious attackers. This data includes social security numbers, driver’s license or state identification numbers, or any credit or debit card account information.

HB 583 has defined the breach of information security as the loss of personal information that has not been secured by encryption.

The Purpose of the law?

Reduce the time taken by the responsibile companies to inform the victims about the data breach incidents. Previously there have been many incidents, where reports of data leakage emerged after over 2 years when the incident had first happened. It seems that the government, wants to cut down this time and ensure that the organizations treat these cases with a high level of seriousness.

The legislation was signed by Governor Haley Barbour on April 1 and it goes into effect from the 1st of July.

Additionally, the organizations hold responsibility for informing the appropriate law enforcement agencies and also conducting their inhouse investigations for determination of the type of the incident.

Once again, it is a commendable job by the state legislators to fight cybercrime and hold individual companies and organizations to a higher level of responsibility for protecting consumer data.

To read the full version of the House Bill as sent to the governor, click here

Is your organization unprotected? Talk to Alertsec

We at Alertsec offer you convenient and cost-effective computer security software for Windows 2000, XP, Vista and 7. Alertsec Xpress provides computer security software from Check Point as a fully customizable and pre-packaged data encryption software solution.