Privacy Advisor

ICYMI: Target Fallout Continues; More Breaches Reported

January 2, 2014

By Angelique Carson, CIPP/US

Following the breach at Target affecting approximately 40 million consumers, Sens. Robert Menendez (D-NJ), Mark Warner (D-VA) and Charles Schumer (D-NY) have called for a Senate Banking Committee hearing to examine whether stronger industry-wide standards are needed and if all necessary actions are being taken to safeguard consumer data against fraud and identity theft.

Meanwhile, the Missouri Attorney General’s Office is “aggressively” seeking information from Target on how the breach occurred in the first place. If it’s determined the brand was negligent, it’s possible Consumer Protection Division Chief Counsel Joe Bindbeutel says he may take action.

And New York State Assemblyman Anthony Brindisi says he has contacted Target’s corporate headquarters to push the company to invest in better data security systems and inviting the company to his New York, which he called a “hub of cybersecurity innovation” where there are “countless professionals, academic anchors and hardworking students who devote all of their time to protecting companies like Target from becoming a victim.”

In the meantime, Target is already facing nearly two dozen lawsuits by consumers seeking class-action status, most of them accusing Target of “failing to protect their private information,” The Dallas Morning News reports.

In a segment for CNBC, McAfee Chief Privacy Officer Michelle Dennedy, CIPP/US, said the Target breach should serve as a warning to companies and individuals not to keep all their data in one cloud service.

And a piece in eWEEK says had Target used EMV chip technology, its massive data breach would never have happened. Outside the U.S., the technology is widely used, the report states.

In other breach-related reports:

  • A segment on Bloomberg TV discusses the value of personal data on the black market;
  • A small dermatology practice in Massachusetts has agreed to settle potential HIPAA violations, agreeing to a $150,000 fine and an action plan;
  • A report says a British man’s alleged hack into the U.S. Department of Energy could have exposed data on 104,000 people and its fallout cost $3.7 million;
  • New criticism has arisen over Snapchat after hackers posted online a database of some 4.6 million Snapchat usernames and partial phone numbers. The hackers said they released the data “to raise the public awareness around the issue and also put public pressure on Snapchat to get this exploit fixed”;
  • In Ireland, a private database including the borrowing amounts and loan durations of nearly 5,000 members of Tullamore Credit Union was made public for at least two days;
  • A Las Vegas company with casinos in four U.S. states was the victim of a cyberattack earlier this year. Officials say the system is secure now, but advises visitors to the casinos between March 14 and October 16, 2013, to check their accounts for suspicious activity, and
  • New Jersey’s Barnabas Health has sent notifications to 1,100 pediatric specialty center patients alerting them that their data may have been compromised after an unencrypted laptop was stolen in September.

Read More by Angelique Carson:
Ten Years and Two Terms Later, A Look at Peter Hustinx’s Legacy
O’Connor Named CDT President and CEO

Commission Gives U.S. 13 Ways To Save Safe Harbor
Looking for Love? Try a Privacy Conference