Skip to main content

Home/ CIPP Information Privacy & Security News/ Group items tagged law enforcement

Rss Feed Group items tagged

1More

Data-theft victims in Monster, Heartland cases may not be notified - Technology Live - ... - 0 views

  •  
    Don't expect a letter from Monster or Heartland Payment Systems letting you know they've lost your data. The breaches at Monster.com and Heartland Payment Systems are raising questions about the efficacy of data-loss disclosure laws enacted in at least 45 states. Back in 2007 we wrote about how the financial services industry lobbied hard to block proposed federal rules requiring organizations to notify individuals whose data they lose, and to permit consumers to freeze their credit histories. States such as California and Massachusetts have passed laws giving consumers these rights. But the Monster and Heartland capers have brought weaknesses in the legislation to center stage. I asked Lisa Sotto, head of privacy and information management at law firm Hunton & Williams, about this: Q: Heartland and Monster told me they intend to comply with all state laws. That said, they have not announced plans to notify individual victims. Is that OK? A: In the state breach notification laws, it is permissible to delay notification if a law enforcement agency determines that notification would impede a criminal investigation. If such a delay is requested by law enforcement, notification must be made after the law enforcement agency determines that notice would not compromise the investigation. I do not know if these companies received a delay request from a law enforcement agency. Q: Monster says it chose not to email individual victims because the bad guys could then replicate that message and use it as a phishing template. That makes sense. But is that allowed by state consumer protection laws? A: There are now 45-plus state laws and they are not uniform. Typically, notice is provided via first class mail, but there are provisions in the state laws allowing for electronic notice as well. Q: The only official notices from Heartland and Monster so far has been one-page disclosures posted on a web site. Does that cover them? A: There are provisions in the state laws al
1More

Avoiding gotchas of security tools and global data privacy laws - 0 views

  •  
    IT practices such as identity management, email and URL filtering, virus scanning and electronic monitoring of employees can get companies that do business globally into a heap of trouble if deployed without an understanding of global data privacy laws. The warning was one of several alarms raised in a presentation on global privacy best practices by Gartner Inc. analysts Arabella Hallawell and Carsten Casper at the recent Gartner Risk Management and Compliance Summit in Chicago. Always a thorny issue, the protection of personally identifiable information (PII) is made more complicated in a world where there is limited agreement on how best to do that. According to the Gartner analysts, the world is divided into three parts when it comes to data privacy laws: countries with strong, moderate or inadequate legislation. The European Union, under the European Union Directive on Data Protection, possesses the strongest privacy regulations, followed by Canada and Argentina; Australia, Japan and South Africa have moderate to strong, recent legislation; laws in China, India and the Philippines are the least effective or laxly enforced. The United States has the dubious distinction of occupying two categories -- the strong column, due to the 45 state breach notification laws on the books, and the weak column, because of the lack of a federal law. Even among the three categories, nuances abound. Under the European Union Directive, member countries enact their own principles into legislation, and some laws (like Italy's) are more stringent than the directive's standards. Russia's very recent law is modeled after the strong EU laws, but how it will be enforced remains questionable. And in the U.S., state breach notification laws vary, with Nevada and Massachusetts proposing the most prescriptive data privacy legislation to date.
1More

FTC Takes Additional Safe Harbor-Related Enforcement Actions : Privacy & Information Se... - 0 views

  •  
    "On October 6, 2009, the Federal Trade Commission ("FTC") announced proposed settlement agreements with six companies over charges that they falsely claimed membership in the U.S. Department of Commerce Safe Harbor program. In six separate complaints, the FTC alleged that ExpatEdge Partners LLC, Onyx Graphics, Inc., Directors Desk LLC, Collectify LLC, and Progressive Gaitways LLC deceived consumers by representing that they maintained current certifications to the Safe Harbor program when such certifications had previously lapsed. The terms of the proposed settlement agreements prohibit the companies from misrepresenting their membership in any privacy, security or other compliance program. The six enforcement actions are significant as they mark a considerable uptick in the FTC's enforcement related to the Safe Harbor program. The FTC recently brought its first enforcement action relevant to the program, which is detailed in our post titled FTC's First Safe Harbor Enforcement Action. The European Union Data Protection Directive requires EU Member States to implement legislation that prohibits the transfer of personal data outside the EU unless the EU has made a determination that the laws of the recipient jurisdiction are substantially equivalent to those of the EU, and thus provide "adequate" protection for personal data. Because the EU has determined that laws of the United States do not meet its adequacy standard, the U.S. Department of Commerce and the EU developed the Safe Harbor Framework, which went into effect in November 2000. The Safe Harbor Program allows participating U.S. companies under the jurisdiction of the FTC or the U.S. Department of Transportation to transfer personal data lawfully from the EU. To join the Safe Harbor, a company must self-certify to the U.S. Department of Commerce that it complies with seven principles that have been deemed to meet the EU's adequacy standard. To maintain its certification to the Safe Harbor
1More

Anonymity is becoming a thing of the past, study says - 0 views

  •  
    Laws in Canada and other countries are increasingly helping technology force people to identify themselves where they never had to before, threatening privacy that allows people to function effectively in society, a new study has found. "What we're starting to see is a move toward making people more and more identifiable," University of Ottawa law professor Ian Kerr said Wednesday. His comments followed the launch of Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society, a book summing up the study's findings, at a public reading in downtown Ottawa hosted jointly with the Privacy Commissioner of Canada. Kerr led the study with University of Ottawa criminology professor Valerie Steeves. They collaborated with 35 other researchers in Canada, the U.S., the U.K., the Netherlands and Italy. The researchers reported that governments are choosing laws that require people to identify themselves and are lowering judicial thresholds defining when identity information must be disclosed to law enforcement officials. That is allowing the wider use of new technologies capable of making people identifiable, including smartcards, security cameras, GPS, tracking cookies and DNA sequencing. Consequently, governments and corporations are able to do things like: * Embrace technologies such as radio frequency identification tags that can be used to track people and merchandise to analyze behaviour. * Boost video surveillance in public places. * Pressure companies such as internet service providers to collect and maintain records of identification information about their customers. While Canada, the U.K., the Netherlands and Italy all have national laws protecting privacy - that is, laws that allow citizens to control access to their personal data - such legal protection does not exist for anonymity, Kerr said. "Canada is quite similar [to other countries] with respect to anonymity. Namely, it's shrinking here just as it is there.
1More

Basis of data protection law is out of date, says privacy regulator - 0 views

  •  
    The Data Protection Directive is old-fashioned and out of date, a report published by the UK's privacy regulator the Information Commissioner's Office (ICO) has said. Commissioner Richard Thomas said that the European Union must change its legislation. The ICO commissioned RAND Europe to investigate whether or not 1995's EU Data Protection Directive was a good basis for Europe-wide data protection law. The research concluded that the law was flawed and needed to be updated. It found that the law must be clearer about what it seeks to achieve, that it should be better at forcing organisations to protect personal data in their charge, that it should encourage a more strategic approach to enforcement and that it does not deal well enough with the export of personal data outside the EU. Thomas said that the Directive, on which the UK's Data Protection Act is based, is outmoded. "The Directive is showing its age. Modern approaches to regulation mean that laws must concentrate on the real risks that people face in the modern world, must avoid unnecessary burdens, and must work well in practice," he said. "Organisations must embed privacy by design and data protection must become a top level corporate governance issue." RAND said that the Directive would be improved by its fundamental approach to ensuring data privacy being changed. It said that the law should focus on the protection of individuals and the security of their data, and not on the processes that lead to that. "The stronger, results oriented approach described in this report aims to protect data subjects against personal harm resulting from the unlawful processing of any data, rather than making personal data the building block of data protection regulations," said the report. "It would move away from a regulatory framework that measures the adequacy of data processing by measuring compliance with certain formalities, towards a framework that instead requires certain fundamental principles to be respected
1More

Information security forecast: Security management in 2009 - 0 views

  •  
    This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.
1More

EU sues UK over Internet privacy > Data Warehousing > Information Architecture - 0 views

  •  
    European Union's move indicates growing government concern over how Internet companies are using individuals' private data The European Commission began legal action against the U.K. Tuesday over its failure to protect Internet users from Phorm -- a covert behavioral advertising technology tested by the U.K.'s biggest fixed line operator, BT, in 2006 and 2007. The move signals growing concern in Brussels over the way new Internet-based technologies are using people's personal data. In addition to taking legal action against the U.K., the Commission also issued a general warning to all 27 E.U. countries to uphold privacy laws, especially regarding social-networking Web sites and users of RFID (radio frequency identification) technologies. In Canada, the federal government has even proposed a legislation that will provide law enforcement agents sweeping powers to obtain user information from ISPs. The Commission, the executive body of the European Union responsible for upholding laws, said the U.K. had failed to enforce E.U. data protection and privacy rules, because broadband Internet subscribers were not informed that their browsing was being tracked.
1More

Federal Trade Commission - Privacy Initiatives - 0 views

  •  
    Privacy is a central element of the FTC's consumer protection mission. In recent years, advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever. That has produced many benefits for society as a whole and individual consumers. For example, it is easier for law enforcement to track down criminals, for banks to prevent fraud, and for consumers to learn about new products and services, allowing them to make better-informed purchasing decisions. At the same time, as personal information becomes more accessible, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of our information. The Federal Trade Commission is educating consumers and businesses about the importance of personal information privacy, including the security of personal information. Under the FTC Act, the Commission guards against unfairness and deception by enforcing companies' privacy promises about how they collect, use and secure consumers' personal information. Under the Gramm-Leach-Bliley Act, the Commission has implemented rules concerning financial privacy notices and the administrative, technical and physical safeguarding of personal information, and it aggressively enforces against pretexting. The Commission also protects consumer privacy under the Fair Credit Reporting Act and the Children's Online Privacy Protection Act.
1More

Two Women - 300 Identity Theft cases! - 0 views

  •  
    On Monday two women from Fort Pierce were arrested for committing 300 different cases of Identity theft on the Treasure Coast and South Florida. The two women go by the names of Tychell Letrein Robinson, 33 and Patrice V. Johnson, 26. According to the Federal Trade Commission, in 2007 Florida took fifth place in nation with regards to the number of ID theft victims per 100,000 residents. The FTC also estimated that about 9 million Americans have their identities stolen every year. The Fort Pierce Police Department, the Port St. Lucie Police Department, the Sheriff's Office as well as the U.S. Postal Service worked together in a two year investigation in order to track down these two criminals. Law enforcement agencies discovered that the arrested had somehow managed to steal the personal information of several victims and open new accounts in their names. Authorities believe that the women bought a lot of their identifying information from accomplices. In a news conference on Monday afternoon, Sheriff Ken Mascara mentioned that criminal circles were well aware that the arrested would pay accomplices $50 in exchange for peoples sensitive information. Authorities discovered that the two women met while they were both under the employment of Liberty Medical. Apparently Robinson headed the criminal operation and taught Johnson all she needed to know with regards to making thousands of dollars every week through identity theft. The arrested managed to target victims in Florida from Orlando to Clearwater and even Palm Beach. The majority of victims were from St. Lucie County and the Treasure Coast. Unfortunately it is still not clear to law enforcements exactly how the women obtained all the stolen information. police.jpg It was in the early hours of Monday morning that the police arrived at the homes of the arrested with search warrants. Two vehicles, six computers and ledgers filled with victims sensitive information were confiscated by authorities, and the women w
1More

Privacy Office Approves Laptop Searches Without Suspicion - CSO Online - Security and Risk - 0 views

  •  
    Travelers arriving at U.S. borders may soon be confronted with their laptops, PDAs, and other digital devices being searched , copied and even held by customs agents -- all without need to show suspicion for cause. Notices are being proposed by the Privacy Office at the U.S. Department of Homeland Security (DHS), which last week released a report approving the suspicionless searches of electronic devices at U.S. borders. The 51-page Privacy Impact Assessment also supported the right of U.S. Immigration and Customs Enforcement agents to copy, download, retain or seize any content from these devices, or the devices themselves, without assigning any specific reason for doing so. Also, while in many cases searches would be done with the knowledge of the traveler in some situations, the report says, "it is not practicable for law enforcement reasons to inform the traveler that his electronic device has been searched." In arriving at the assessment, the Privacy Office argued that such searches of electronic devices were really no different from searches of briefcases and backpacks. They are needed to interdict and investigate violations of federal law at U.S. borders and have been supported by courts in the past, the assessment said.
1More

FTC Staff Proposes Online Behavioral Advertising Privacy Principles : Internet Business... - 0 views

  •  
    To address important consumer privacy concerns associated with online behavioral advertising, the staff of the Federal Trade Commission today released a set of proposed principles to guide the development of self-regulation in this evolving area. Behavioral advertising is the tracking of a consumer's activities online - including the searches the consumer has conducted, the Web pages visited, and the content viewed - in order to deliver advertising targeted to the individual consumer"s interests. For more than a decade, the FTC has engaged in investigation, law enforcement, studies, and other privacy developments to protect consumers' privacy online. Concepts used to develop the principles emerged from the agency's longstanding privacy program and, more recently, from two conferences hosted by the FTC. In the fall of 2006, a three-day public hearing, "Protecting Consumers in the Next Tech-ade," examined technology developments that could raise consumer protection policy issues, including privacy, over the next decade. This past November, building on the Tech-ade hearings, the FTC hosted a Town Hall entitled "Ehavioral Advertising: Tracking, Targeting, and Technology," to focus in on privacy issues raised by behavioral advertising. "The purpose of this proposal is to encourage more meaningful and enforceable self-regulation to address the privacy concerns raised with respect to behavioral advertising. In developing the principles, FTC staff was mindful of the need to maintain vigorous competition in online advertising as well as the importance of accommodating the wide variety of business models that exist in this area," according to its proposal "Behavioral Advertising: Moving the Discussion Forward to Possible Self-Regulatory Principles." The proposal states that behavioral advertising provides benefits to consumers in the form of free content and personalized advertising but notes that this practice is largely invisible and unknown to consumers. To address the
1More

Two Data Security Breaches Give State Attorneys General a Chance to Exercise Their New ... - 0 views

  •  
    "In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. Typically, state attorneys general prosecute only violations of state laws, but they now have authority to investigate and levy fines for violations of HIPAA and the HITECH Act, which requires mandatory notifications within two months of knowledge of a breach. Connecticut Attorney General Richard Blumenthal (D) has emerged as possibly the first AG to take on a HIPAA investigation, and Arizona's AG may also be pursuing a similar course. The larger of the two breaches that have come to the AGs' attention was experienced by Health Net, Inc., which lost a portable external hard drive containing seven years of data for 446,000 Connecticut residents. The lost data came from 1.5 million individuals in total, who also hailed from New Jersey and New York. Health Net reported the loss to the Connecticut AG on Nov. 19, and on the same day Blumenthal issued a scathing statement demanding answers and promising action. He specifically said he was investigating whether Health Net may have violated "federal laws," as well as his state's own data protection laws."
1More

Bill proposes ISPs, Wi-Fi keep logs for police | Politics and Law - CNET News - 0 views

  •  
    Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations. The legislation, which echoes a measure proposed by one of their Democratic colleagues three years ago, would impose unprecedented data retention requirements on a broad swath of Internet access providers and is certain to draw fire from businesses and privacy advocates. "While the Internet has generated many positive changes in the way we communicate and do business, its limitless nature offers anonymity that has opened the door to criminals looking to harm innocent children," U.S. Sen. John Cornyn, a Texas Republican, said at a press conference on Thursday. "Keeping our children safe requires cooperation on the local, state, federal, and family level." Joining Cornyn was Texas Rep. Lamar Smith, the senior Republican on the House Judiciary Committee, and Texas Attorney General Greg Abbott, who said such a measure would let "law enforcement stay ahead of the criminals."
1More

Facebook woes hit privacy officer - 0 views

  •  
    Facebook has been in the news a lot lately, and that's not good news for Chris Kelly, who is the chief privacy officer for Facebook, and - as we've reported - is quietly exploring a possible run for the Democratic nomination for state attorney general. Kelly was at the center of a firestorm this week regarding changes in Palo Alto-based Facebook's terms of service, which critics argued gave the social-networking site control over members' uploaded material, including photos, seemingly forever. On Wednesday, Kelly told CNN that the company will listen to complaints. The company's official blog now outlines how it has pulled back but Facebook has faced other problems that could hamper Kelly's efforts to run for a California political post. Last year, as Cnet reported, the firm reached an agreement with New York Attorney General Andrew Cuomo after an investigation of complaints that Facebook hadn't addressed consumers' complaints of "harassment and inappropriate conduct" regarding underage members. Facebook officials have said they are cooperating with law enforcement to protect their users from predators. But with the Democratic AG race already looking crowded - with San Francisco District Attorney Kamala Harris and Los Angeles City Attorney Rocky Delgadillo in the mix, among others - Democratic consultants are watching with great interest. Poke this, friends: Could this be the juicy stuff of television ads in a Democratic law-and-order race in California?
1More

Suit wants details about cops' online probes - 0 views

  •  
    "A federal prosecutor tracked down a Seattle fraud suspect in Mexico this year through his Facebook posts. A man's Twitter messages to fellow demonstrators at a recent protest in Pittsburgh led to an FBI search of his home and short-lived charges of interfering with police. The CIA and other U.S. intelligence agencies reportedly are investing in a software firm that monitors half a million social networking Web sites each day. There's nothing wrong with law enforcement agencies' using Internet technology to investigate crimes, Bay Area privacy advocates say. But they want the federal government to say how, when and why its agents look at Americans' social networking accounts."
1More

Yahoo, Verizon: Our Spy Capabilities Would 'Shock', 'Confuse' Consumers | Threat Level ... - 0 views

  •  
    "Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies? That's the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public. Yahoo writes in its 12-page objection letter (.pdf), that if its pricing information were disclosed to Soghoian, he would use it "to 'shame' Yahoo! and other companies - and to 'shock' their customers.""
2More

EU starts action against Britain over data privacy | Industries | Technology, Media & T... - 0 views

  •  
    The European Commission started legal action against Britain on Tuesday for what the EU executive called a failure to keep people's online details confidential. EU Telecoms Commissioner Viviane Reding said the action related to how Internet service providers used Phorm (PHOR.L) technology to send subscribers tailor-made advertisements based on websites visited. Reding said Internet users in Britain had complained about the way the UK applied EU rules on privacy and electronic communications that were meant to prohibit interception and surveillance without the user's consent. "Technologies like Internet behavioural advertising can be useful for businesses and consumers but they must be used in a way that complies with EU rules," Reding said in a statement. "We have been following the Phorm case for some time and have concluded that there are problems in the way the UK has implemented parts of the EU rules on the confidentiality of communications," Reding said. She called on Britain to change its national laws to ensure there were proper sanctions to enforce EU confidentiality rules. Unless Britain complies, Reding has the power to issue a final warning before taking the country to the 27-nation EU's top court, the European Court of Justice. If it rules in favour of the European Commission, the court can force Britain to change its laws. (Reporting by Huw Jones, editing by Dale Hudson)
  •  
    making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445
2More

FBI expands its DNA databases - UPI.com - 0 views

  •  
    U.S. law enforcement officials have expanded their DNA databases to include not only those convicted, but also those arrested but not yet tried. The New York Times reported Saturday the practice has drawn criticism from people who say offenders are presumed innocent. The newspaper said starting this month, the Federal Bureau of Investigation will join 15 states that collect DNA samples from those awaiting trial and will also collect DNA from detained immigrants. The FBI, which already has a DNA database of 6.7 million profiles, expects to add 1.2 million new entries by 2012. "DNA databases were built initially to deal with violent sexual crimes and homicides -- a very limited number of crimes," said Harry Levine, a professor of sociology at City University of New York. "Over time more and more crimes of decreasing severity have been added to the database. Cops and prosecutors like it because it gives everybody more information and creates a new suspect pool." Courts have generally upheld laws authorizing DNA collection from convicts and ex-convicts under supervised release, finding that criminal acts diminish privacy rights.
  •  
    Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best
1More

Federal departments fall short on civil liberties - USATODAY.com - 0 views

  •  
    The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records. All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows. An independent Privacy and Civil Liberties Oversight Board set up to monitor the departments hasn't met publicly since 2006; it no longer has members. Government missteps such as putting innocent people on terrorist watch lists and misusing administrative warrants, known as national security letters, "might have been dealt with much sooner if we had … cops on the beat to make sure there are standards that are being upheld," says Caroline Fredrickson, legislative director at the American Civil Liberties Union (ACLU). The lack of civil liberties officers at State and Health and Human Services is troubling because the departments hold passport and medical records, says James Dempsey, vice president of the Center for Democracy and Technology. "Security of that information is very important," he says, and these officers should monitor how it's used and shared. The Pentagon also has sparked concerns. Its Counterintelligence Field Activity office was criticized by the ACLU for wrongly tracking anti-war groups - a charge confirmed by the Pentagon in 2006. A 2007 law requires eight departments and agencies to have civil liberties officers and file reports. Justice, Homeland Security, Treasury, the CIA and the Office of the Director of National Intelligence have done so. Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, leaders of the Homeland Security committee, says departments not in compliance will b
1More

Heartland sued over data breach | Security - CNET News - 0 views

  •  
    Payment processor Heartland Payment Systems has been sued over a data breach it disclosed publicly on Inauguration Day last week. The lawsuit, filed on Tuesday in U.S. District Court in Trenton, N.J., alleges that Heartland failed to adequately safeguard the compromised consumer data, did not notify consumers about the breach in a timely manner as required by law, and has not offered to compensate consumers for costs they may incur in protecting themselves from identity fraud. In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion only in the previous week and immediately notified law enforcement and credit card companies. Heartland was alerted in late October to suspicious activity surrounding processed card transactions by Visa and MasterCard and hired forensic auditors who uncovered malicious software that compromised data in the company's network, said Robert H.B. Baldwin Jr., chief financial officer of Heartland, last week. The lawsuit seeks damages and relief for the "inexplicable delay, questionable timing, and inaccuracies concerning the disclosures" with regard to the data breach, which is believed to be the largest in U.S. history. Heartland executives have declined to specify how many consumers or accounts were affected. The company handles 100 million transactions per month for more than 250,000 merchants. The lawsuit, first reported by SearchSecurity news site, also accuses Heartland of negligence in taking more than two months to determine the existence and scope of the breach and criticizes the company for failing to identify which merchants were affected by the breach. The suit was filed on behalf of Woodbury, Minn., resident Alicia Cooper, who was notified last week by her credit union that a card associated with her account was included in the breach. It seeks class action status. A Heartland spokesman said the company could no
1 - 20 of 40 Next ›
Showing 20 items per page