The Eleventh Circuit Finds that Potential Future Misuse of Personal Information Does Not Confer Article III Standing in Data Breach Suits

Share

On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.

The case, Tsao v Captiva MVP Restaurant Partners LLC, originated in the District Court for the Middle District of Florida where the plaintiff filed a class action complaint against the restaurant chain PDQ in connection with a May 2017 data breach. Following the breach, PDQ posted a notice to customers regarding the breach, explaining that customers’ names, credit card numbers, card expiration dates and CVVs may have been exposed.

Continue reading “The Eleventh Circuit Finds that Potential Future Misuse of Personal Information Does Not Confer Article III Standing in Data Breach Suits”

Non-Techies – Protect Your Digital Data by Securing Your Home and Business Wi-Fi

Share

I spent over 22 years in the FBI performing criminal cyber and forensics investigations. Many of these investigations led us to people who were innocent of the alleged crimes but who were guilty of unknowingly allowing criminals to hijack their home or business Wi-Fi networks. These cyber-criminals were committing crimes while leaving a digital fingerprint that pointed at people guilty only of poor Wi-Fi security.

If you do not encrypt your Wi-Fi settings, you may get an early morning visit from my former FBI colleagues investigating federal crimes such as child pornography or terrorist threats. Why? You might be the victim of a nefarious behavior known as “War Driving,” which occurs when cyber-criminals drive through your neighborhood, identify unencrypted Wi-Fi signals, and do their evil bidding using your Internet Protocol or IP address. When law enforcement checks the IP address associated with the criminal behavior, it is your name and address that surfaces. Often this connection can be the basis for a criminal search warrant with your name on it. Many a front door has knocked down as a result of this kind of search warrant.

Continue reading “Non-Techies – Protect Your Digital Data by Securing Your Home and Business Wi-Fi”

Faegre Drinker on Law and Technology Podcast: Cybersecurity and Incident Response — A Battle Plan

Share

You’ve been hacked! What happens next? In the latest episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss talks with guests Serge Jorgensen, founding partner and chief technology officer at Sylint Cybersecurity, and Faegre Drinker’s Jay Brudz about the legal and technical aspects of a cybersecurity incident, action items leaders should be prepared to take in the immediate aftermath of a breach, and other critical decisions that will make or break your incident response.

Continue reading “Faegre Drinker on Law and Technology Podcast: Cybersecurity and Incident Response — A Battle Plan”

Disruptionware V: Malicious Cyber Actors Attack a Florida Water Treatment Facility

Share

We have posted four previous articles discussing the foundation and structure of what a disruptionware attack is, how their attack matrix works, possible defenses to disruptionware attacks and industries that are very susceptible to these attacks. Disruptionware has proven over the last year that it is a growing and dangerous cyber threat to our data, our businesses and possibly our lives.

Disruptionware attacks typically involve ransomware and they aim to encrypt and hold the victim’s data hostage. Such attacks are usually financially motivated, and, to date, there have fortunately been only a few known examples where the disruptionware attack has resulted in threats to health and safety or caused loss of life. When such significant collateral damage has occurred, it typically appears to have been inadvertently caused.

Continue reading “Disruptionware V: Malicious Cyber Actors Attack a Florida Water Treatment Facility”

Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes

Share

The United States Court of Appeals for the Fifth Circuit (the “Court”) vacated a $4,348,000 civil monetary penalty (“CMP”) imposed by the U.S. Department of Health and Human Services’ Office for Civil Rights (“HHS-OCR”) in 2017 against the University of Texas M.D. Anderson Cancer Center (“MD Anderson”) for alleged violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule and HIPAA Security Rule. The Court held that OCR’s actions were “arbitrary, capricious, and otherwise unlawful” and remanded the case for further proceedings. While the case is not binding precedent outside the Fifth Circuit, MD Anderson is the first HIPAA Covered Entity to appeal its fine to a Circuit Court since the HIPAA Privacy Rule and the HIPAA Security Rule took effect. The ruling likely will motivate future HIPAA settlement negotiations with HHS-OCR and encourage HIPAA Covered Entities to appeal enforcement outcomes they consider unreasonable.

Continue reading “Fifth Circuit Decision Motivates Covered Entities to Appeal Unreasonable Enforcement Outcomes”

IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021

Share

As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting work model, and for many businesses that may be the case for an indefinite period of time. This raises important questions as to which security improvements or other changes IT departments need to make in 2021 to keep their businesses and client data safer from cyberattacks.

Continue reading “IT Security Trends in the Era of COVID: Our Top Five Tips for Making Your Network Safer in 2021”

©2024 Faegre Drinker Biddle & Reath LLP. All Rights Reserved. Attorney Advertising.
Privacy Policy