Archives: Identity Theft

Subscribe to Identity Theft RSS Feed

Virginia Becomes 2nd State to Enact a Comprehensive Consumer Privacy Law

On Tuesday, March 2nd, Virginia Governor Ralph Northam signed into law the Consumer Data Protection Act (CDPA), officially joining California as the second state with a comprehensive consumer privacy law, intended to enhance privacy rights and consumer protection for state residents.  We provide an in-depth analysis of the CDPA here, along with legislative activity in … Continue Reading

A Reminder for Employers About W-2 Phishing Scams

For the past several years, thousands of businesses have been hit with phishing scams during tax season. Through these social engineering scams, hackers obtain employee Forms W-2 for filing fraudulent tax returns seeking large refunds. These phishing emails are typically sent as clients begin the process of issuing W-2s to employees.  Often employers do not … Continue Reading

Court Denies Motion for Class Certification in Employee W-2 Data Breach Litigation

In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation.   Just last week, a federal court in Illinois rejected a motion for class certification in a data breach case alleging disclosure of employees’ sensitive tax information … Continue Reading

Federal Contractors: Have You Done Your Privacy Training?

Federal contractors know all too well the list of annual requirements and obligations can seem overwhelming at times.  One that may get overlooked by some is annual training requirements. A fairly new such training went into effect in 2017 – it requires certain federal contractors to do annual data privacy training. According to the U.S. … Continue Reading

Top 10 for 2021 – Happy Data Privacy Day!

In honor of Data Privacy Day, we provide the following “Top 10 for 2021.”  While the list is by no means exhaustive, it does provide some hot topics for organizations to consider in 2021. COVID-19 privacy and security considerations. During 2020, COVID-19 presented organizations large and small with new and unique data privacy and security … Continue Reading

Personal Data from Thousands of Pension Plan Accounts Breached…Third-Party Service Provider Blamed

One of the last things pension plan participants would want to learn as they get ready to celebrate the Christmas holiday is that personal data from their pension accounts may have been compromised. This is the case, unfortunately, for approximately 30,000 Now:Pensions customers whose names, postal and email addresses, birth dates and the equivalent of … Continue Reading

New York and New Jersey Release COVID-19 Exposure Apps

New York and New Jersey release “COVID Alert NY” and “COVID Alert NJ,” apps designed to alert their users when they have been exposed to someone who tested positive for COVID-19. These apps follow those released in Pennsylvania and Delaware and are soon to be joined by Connecticut. The states hope to enhance their contact … Continue Reading

DHS IG Report Raises Questions About Department’s and its Subcontractors’ Ability to Protect Biometric Information Following Breach

Earlier this month, our Immigration Group colleagues reported the Department of Homeland Security (DHS) would release a new regulation to expand the collection of biometric data in the enforcement and administration of immigration laws. However, as reported by Roll Call, a DHS Inspector General report raised significant concerns about whether Department is able to adequately … Continue Reading

Michigan Considers Enhanced Data Breach Notification Law

Privacy and security continue to be at the forefront for legislatures across the nation, despite (or perhaps because of) the COVID-19 pandemic.  In late May, with back-to-back amendments, Washington D.C. and Vermont significantly overhauled their data breach notification laws, including expansion of the definition of personal information, and heightened notice requirements.  Now, Michigan may follow … Continue Reading

Is Personal Information of Retirement Plan Participants an ERISA Plan Asset?

A little more than one year ago, we reported on a settlement (Cassell et al. v. Vanderbilt University, et al.) involving the alleged wrongful use of personal information belonging to retirement plan participants, claimed to be “plan assets.” This year, similar claims have been made against Shell Oil Company in connection with its 401(k) plan. Retirement … Continue Reading

New Ransomware Tactics and Strains Emerge, Including Public Auctions of Stolen Data

As many have learned over the last several years, ransomware is a type of malware that denies affected users access to critical data by encrypting it. Attackers profit handsomely by requiring victims to pay substantial sums, typically tendered in a cryptocurrency such as Bitcoin. A look at some of the numbers over the past two … Continue Reading

UK and US Issue Joint Cybersecurity Alert Concerning Explosion of COVID-19 Phishing Attacks

In the US, many organizations anxiously awaiting assistance under the CARES Act are becoming the targets of cyberattackers looking to feed off of the massive relief being provided by the US treasury. Yesterday, the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre … Continue Reading

Beware, Persons Posing as OCR Investigators Demand PHI, Says OCR Alert

On April 3, the Office for Civil Rights (OCR) issued an alert to covered entities and business associates. Evidently, one or more individuals are posing as OCR Investigators and contacting HIPAA covered entities and business associates in an attempt to obtain protected health information (PHI).  The individual identifies on the telephone as an OCR investigator, … Continue Reading

What Does Phishing Have to do with Coronavirus?

As announcements relaying the spread of Coronavirus (COVID-19) continue daily, governmental agencies at all levels are offering information and guidance, and businesses are scrambling to prepare and protect their employees and customers. As part of a larger group in my firm helping to synthesize all this information, there is an aspect of responding to COVID-19 … Continue Reading

CCPA Data Breach Class Action Litigation Begins

As reported by Bloomberg Law, data breach class action litigation has begun under the California Consumer Privacy Act (CCPA). Filed in the Northern District of California, San Francisco Division, a putative class action lawsuit against Hanna Andersson, LLC and its ecommerce platform provider, Salesforce.com, alleges negligence and a failure to maintain reasonable safeguards, among other … Continue Reading

Privacy & Cybersecurity Issues to Watch in 2020

2020 may very well be the most impactful year for data privacy and cybersecurity in the United States. In honor of Data Privacy Day, we discuss some of the reasons why that may be the case. In short, as privacy and cybersecurity risks continue to emerge for organizations large and small, the law is beginning … Continue Reading

10 Steps for Tackling Data Privacy and Security Laws in 2020 for In-House Counsel and HR Pros

After years of data breaches, mass data collection, identity theft crimes, and failed attempts at broad-based federal legislation, 2020 may be the year that state privacy and data security legislation begins to take hold in the U.S. For example, the California Consumer Privacy Act (“CCPA”) and the New York Stop Hacks and Improve Electronic Data … Continue Reading

Professional Tax Preparers – You Need A Written Information Security Plan, Says the IRS and FTC

Tax season soon will soon be upon us and many not-so-eager taxpayers will share sensitive personal information about themselves, their dependents, their employees, and others with their trusted professional tax preparers for processing. What many of these preparers might not realize is that federal law and a growing number of state laws obligate them to … Continue Reading

Illinois Enhances Its Data Breach Notification Requirements

In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. Illinois Governor J.B. Pritzker recently signed into law an amendment to the Personal Information Protection Act (PIPA), SB 1624, effective January 1, 2020. PIPA will now require that most “data collectors,” which includes … Continue Reading

OCR Recognizes Insider Threats to HIPAA PHI, You Should Too

As we have observed here, news reports of security risks, hackings and breaches caused by individuals, terror groups or even countries around the world certainly are important and can be unsettling. But, for many organizations, including healthcare providers and business associates, a significant and perhaps more immediate area of data risk is malicious insiders. On … Continue Reading

Georgia Supreme Court May Weigh in on Standing in Data Breach Litigation

The Georgia Supreme Court may weigh in on the hot issue plaguing data breach class action litigation across the nation, must a data breach victim suffer actual financial loss to recover damages, or is the threat of future harm enough? On August 20, the Georgia Supreme Court heard arguments in a class action suit stemming … Continue Reading

Expansion of Technology at K-12 Schools Comes with Data Security Risks for Students and Parents

A new school year is upon us and some students are already back at school. Upon their return, many students may experience new technologies and equipment rolled out by their schools districts, such as online education resources, district-provided equipment, etc. to enhance the education they provide and improve district administration. However, a recent report, “The State … Continue Reading

New York Enacts the SHIELD Act

On Thursday, New York Governor Andrew Cuomo signed into law the Stop Hacks and Improve Electronic Data Security Act (SHIELD Act), sponsored by Senator Kevin Thomas and Assemblymember Michael DenDekker. The SHIELD Act, which amends the State’s current data breach notification law, imposes more expansive data security and data breach notification requirements on companies, in … Continue Reading

Illinois’ Attorney General Wants to Know About Data Breaches

Possibly adding to the list of states that have updated their privacy and breach notification laws this year, the Illinois legislature passed Senate Bill 1624 which would update the state’s current breach notification law to require most “data collectors,” which includes entities that, for any purpose, handle, collect, disseminate, or otherwise deal with nonpublic personal information, to notify … Continue Reading
LexBlog