Log in

Posts Tagged ‘Law’

The John Anderson et al. vs. Hannaford Bros. Co. et al. case

November 1st, 2011

Retrieved from the website of the United State...

The First Circuit's decision may change some data breach laws

An appeals court’s decision may bring a major change in the data breach laws. The court’s decision is to permit negligence and contract putative class action litigation. This is specifically related to a grocery store chain data breach because of the alleged damages incurred.

Maine Law

The First Circuit has held that consumer claims for reimbursement of the cost of identity theft insurance and of fees for replacement of credit and debit cards following a breach of their personal information can be a cognizable injury under certain circumstances. For now, Maine Law recognizes this decision.

Case history

In the year 2007 hackers breached Hannaford’s – a popular grocery store chain – electronic payment processing system and stole up to 4.2 million credit and debit card numbers, with expiration dates and security codes. Fortunately customer names were not stolen. Hannaford made a public announcement about the breach and added that it had received a total of 1,800 reports of fraudulent credit and debit card activity. Some financial institutions canceled/reissued customer cards and monitored the accounts. But some of these institutions assessed fees on the consumers for offering such services. To be on the safer side, some consumers purchased identity theft insurance and/or credit monitoring services. The plaintiffs in the above lawsuit of Hannaford claimed damages that included these fees and services. In addition, allegations included loss of accumulated miles reward points, inability to earn reward points, emotional distress, and the time and effort spent during this period.

As per the initial Maine law time and effort were not to be counted as cognizable offences. Hence previously the court had ruled in Hannaford’s favor dismissing all claims.

The circuit court’s appeal

The First Circuit was trying to assess whether the mitigation damages alleged by plaintiffs for negligence and breach of implied contract could be considered as a cognizable injury under Maine law.

The court’s ruling

First Circuit held that mitigation damages that arise from negligence and breach of implied contract claims can be cognizable under Maine law. But they have to be “reasonably foreseeable” and “reasonable,” and are for actual financial losses rather than just time or effort expended.

The Hannaford decision is a classic example of what a common man can do against a faulty legal system. The legal system is harsh but if you are armed with information and know your rights, you can appeal in the court of law and get your voice heard. Data breach victims can now heave a sigh of relief.

Alertsec helps keep Data Safe

The above case is a clear indication that in the absence of full disk encryption, privacy of people can get affected. To keep your sensitive data safe from thefts and hacking, it is very important to use Data encryption software. Everyday we are reading incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Comments Off »

Posted in Computer security, Data Protection, data breach, data encryption

Tags: Class action data breach Debit card Grocery store Hannaford Hannaford Bros. Co. identity theft Law Maine Maine Law United States Court of Appeals for the First Circuit

Coppers Cove: Police trying to track down laptop thief

October 21st, 2011

A great opportunity to make $1,000 ! Help the police track down Raheem Amaud Townsend, 21, and you are in for a reward!

Laptop thief from Copperas Cove on the run

Why is Raheem Amaud Townsend wanted by the police?

He is wanted in connection with the theft of the computers from 913 Davie Lee Street. Charges on him: misdemeanor and felony warrants. There is a strong possibility that he may have moved to another state.

How can you help?

Copperas Cove Police are reaching out to the community for locating a criminal in connection with two separate theft cases. Raheem Amaud Townsend is a resident og Copperas Cove and is alleged to have done away with two laptop computers from 913 Davie Lee Street in Copperas Cove on September 20th, 2011

Coppers Cove Police dept has offered tips related to the above case

The police would like to inform you that tips can be made anonymously through the Copperas Cove Crime Stoppers tip number (254)547-1111 .

Copperas Cove Crime Stoppers request you to help in locating the offender. Any information related to this case is valuable. Do not hesitate to get in touch with Crime Stoppers. They need your call today. Crime Stoppers are ready to pay up to $1,000.00 in cash if your information leads to the suspect. We will keep your name in the wraps. . Call Crime Stoppers today at (254)547-1111 or post a tip on-line at www.tipsubmit.com

What detectives have to say about laptop thefts in general?

Many people are under the impression that because laptops have serial numbers they can be traced as stolen property. This is a false sense of security. In real life very few stolen laptops are returned or traced.

Alertsec can save your laptops

Save your company from countless problems related to laptop thefts and data security down the road. Imagine one of your laptops containing all of your company’s current pricing structure, sales leads, and customer orders, were lost and there was no backup data! Or worse: what if your competitor got his hands on your data?

The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

The following preventive measures can be done to increase laptop security and reduce damage if your laptop is lost or stolen:

a. Always have a fresh back-up on a server or back-up device

b. Use Laptop encryption

No comments »

Posted in Identity and Information loss, Lawsuits and settlements, Uncategorized, identity theft, laptop encryption, laptop theft

Tags: Copperas Cove Copperas Cove Texas Crimestoppers Fort Hood Harker Heights Texas IPhone laptop Law Law Enforcement Manchester Nolanville Texas Police Theft United States YouTube

DigiNotar forced into bankruptcy after a hack attack

September 21st, 2011

DigiNotar winds up its operations. Hackers intercept google docs

Internet security company DigiNotar, whose servers were hacked into by an Iranian hacker in July, had filed for bankruptcy. A Dutch judge has granted the bankruptcy filing Tuesday.

About DigiNotar

DigiNotar is an Internet security solutions company offering services in the field of identity management, electronic signatures, reliable document exchange and electronic archiving. DigiNotar has gained popularity and trust in the field of Internet security over the years in The Netherlands.

The hacking incident at DigiNotar

The DigiNotar site was hacked into by ‘Comodohacker’, which exposed around 300,000 Iranians to GMail and Google Docs interception. False DigiNotar certificates known as SSLs, were issued to customers and used in an apparent attempt to snoop on Google users in Iran.

Using the login cookie the hacker logged in directly to the Gmail mailbox of the victims and read the stored emails. In addition he was able to log in all other services Google offers like stored location information from Latitude or documents in Google Docs.

The hacker also succeeded in creating a fraudulent certificate for *.google.com on 10 July.

How was the hack found out?

Google’s Chrome team landed on a DigiNotar-issued certificate for google.com that didn’t match its internal certificate list for google.com. According to Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab, vendors add a similar feature to their software so they could automatically confirm the legitimacy of a certificate. “You need to disincentivize actors to hack CAs. In the current system, we need to live with the fact that CAs can be hacked,” he said

Voluntary bankruptcy

According to DigiNotar’s parent company Vasco Data Security, the firm has filed for voluntary bankruptcy. The company is winding up its affairs and is being supervised by one of its trustees.

Statement by T. Kendall Hunt, VASCO’s Chairman and CEO

“Although we are saddened by this action and the circumstances that necessitated it,”. “We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business. In addition, we plan to cooperate with the Trustee and the Judge to the fullest extent reasonably practicable to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers. We also plan to cooperate with the Dutch government in its investigation of the person or persons responsible for the attack on DigiNotar.”

Can digital certificate disasters be prevented?

The downfall of DigiNotar has sparked debate in the digital world about preventing digital certificate disasters in the future.

Hackers are going to continue their hacking games so there are no guarantees that such a digital disaster could be prevented altogether. What can be done is that vendors could store a whitelist of proper certificates for the top 10 or 20 targets of cyberespionage, such as Facebook, Gmail, Yahoo, and Tor, as well as any high-profile sites.

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

No comments »

Posted in Computer security, Data Protection, Hackers, Identity and Information loss, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption

Tags: Bankruptcy Certificate authority Chief executive officer Enter your zip code here GMail Google Google Docs Iran Law Netherlands Politics of the Netherlands Public key certificate Transport Layer Security

ACS: Law Fined over Data Breach

May 25th, 2011

DATA Breach

Data breaching is one the most dangerous criminal offense in the case of internet and computer law. According to ICO every organization should encrypt their data, so that an unknown person can not access their data. The law says that the data stored in the computers and mobile data storage devices of every organization must be encrypted, because these are the main targets of the hackers. As most of the data contains personal details, so if anybody hacks the data or it is lost due to the fault of some people the organization will suffer as the hacker can misuse it for his own benefits.

Though every organization is aware about the effect of data loss and the importance of data encryption but most of them neglect this part. According to modern research the negligence towards the data encryption mainly happens due to the lack of commitment of the ICO. In most of cases it has been found that ICO released the accused person or the organization by just imposing a minimum fine, whereas the actual amount of fine is very high.

Recently Andrew Crossley, the controversial solicitor has been accused of data breach. It has been found that he and his organization was sharing files illegally. However the information security world was shocked when they found that Andrew had been fined only £1,000 by the ICO for data breach.

The ICO gave some reasons in their defense. In a press conference they announced that the way Andrew and his organization were using the personal details of other organizations and their clients that were totally illegal and unlawful. That was against the law of data breaching. As soon as it came to the sight of ICO they took immediate action against Andrew. But as ACS law had seized all the properties of Andrew so he was unable to pay the full amount. Taking this into consideration, ICO decreased the amount of fine.

But the people are not happy with this decision, because according to the law of data breach the amount of fine must be £400 * the number of people’s data has been misused. So the amount should have been much higher than £1,000. They have even questioned the impact and power of ACS law and ICO. Because according to the law ICO has no power to investigate the property of the accused person. They have to depend on the documents of that person and it is very easy to manipulate those documents. Though the case of Andrew went to the court and the court also announced him guilty of data breach and misusing but still the ICO failed to fine him more.

This is not the first time where a person has been released by the ICO after charging a very low amount of money. As a result of this the people are losing their faith in ICO day by day. So the government has to take some immediate steps to increase the power of ICO.

About Alertsec:
Alertsec is the front runner in offering data encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. By using industry leading Check Point Full Disk Encryption (former Pointsec) software, Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption.

No comments »

Posted in Alertsec Express, Lawsuits and settlements, Security Flaw, data breach, data encryption

Tags: ACS:Law Cryptography data breach data breach incidents Data Breaches Data storage device disk encryption Encryption Law organization Personal computer

Laptop Theft at Oklahoma State Department of Health

April 17th, 2011

Laptop Theft - Yet Again

There is no denying the fact that the laptop theft is an extremely significant threat to businesses or individuals irrespective of the nature of the threat. The theft becomes all the more significant when government bodies or institutions become victims.

Being in the business of computer protection software we have been constantly voicing concerns about our practices and ways to secure data as well as protect laptop thefts. Today we are going to look at another case which is clear demonstrates what can happen if you are not using laptop encryption software.

OSDH i.e. the Oklahoma State Department of Health (OSDH) has sent notification letters to almost 133,000 individuals that they could be potentially at risk due to the loss of the agency’s laptop which contained their personal information. The laptop was stolen from the car of OSDH’s employee in broad daylight.

The computer contained a database related to the Oklahoma Birth Defects Registry. The Oklahoma Birth Defects Registry is the provider of statewide surveillance of birth defects which reduce the birth defects through prevention education, monitoring trends and analysis of data. The laptop was used to record data from hospital medical records. An additional 50 paper files containing abstracted medical information were also taken in the theft.

The State Health Commissioner Dr. Terry Cline has offered apologies over the incident, “We are mindful that Oklahoma’s citizens trust the OSDH to do all it can to protect the personal data we acquire as part of our disease prevention services,”. “We offer our apologies to those who may be affected.”

Dr. Cline added “We are reviewing our administrative policies to strengthen safeguards to better protect the confidentiality of the data we collect. We recognize our obligation to make any changes that will ensure a similar incident cannot happen again,”.

OSDH has taken immediate steps towards protection of personal information. They have filed a police report and have also launched an internal investigation apart from coordinating with the cops at Yukon police department for their own investigation process. In addition, the staff is also reviewing its administrative policies to safeguard and assure that future occurrence of such incidents can be avoided.

If you have questions or any specific concerns about the incident you can call the toll free number 1-866-278-7134 between 8 am to 5 pm from Monday through Friday. You can also email the OSDH at contactosdh@health.ok.gov or visit their website http://www.health.ok.gov for more information.

The address of OSDH is as follows:

Oklahoma State Department of Health
1000 NE 10th St.
Oklahoma City, Ok 73117
Attn: Privacy Officer

If you are interested, you can also register for a free fraud alert with the three credit bureaus listed here:

Experian (888)397-3742, www.experian.com, P.O. Box 9532, Allen, TX 75013

TransUnion: (800)680-7289, www.transunion.com, Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, CA 92834

Equifax: (800)685-1111, www.equifax.com, P.O. Box 740241, Atlanta, GA 30374

About Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide!

Related articles