Tag Archives: Data Breach

New Jersey Shopper Privacy Bill Signed into Law

By Hunton & Williams LLP on July 24, 2017

On July 21, 2017, New Jersey Governor Chris Christie signed a bill that places new restrictions on the collection and use of personal information by retail establishments for certain purposes. The statute, which is called the Personal Information and Privacy Protection Act, permits retail establishments in New Jersey to scan a person’s driver’s license or other state-issued identification card only for eight purposes. … Continue Reading

Putative Data Breach Class Action Dismissed for the Third Time

By Hunton & Williams LLP on June 23, 2017

On June 13, 2017, Judge Andrea R. Wood of the Northern District of Illinois dismissed with prejudice a putative consumer class action filed against Barnes and Noble. The case was first filed after Barnes and Noble’s September 2012 announcement that skimmers had tampered with PIN pad terminals in 63 of its stores and exposed payment card information.… Continue Reading

Chipotle Payment Card Data Breach: Financial Institutions File Leapfrog Suit

By Hunton & Williams LLP on June 5, 2017

Recently, Alcoa Community Federal Credit Union, on behalf of itself, credit unions, banks and other financial institutions, filed a nationwide class action against Chipotle Mexican Grill, Inc. arising from a breach of customer payment card data.… Continue Reading

State Attorneys General and Target Resolve Investigation of 2013 Data Breach

By Hunton & Williams LLP on May 24, 2017

On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.… Continue Reading

Consumer Protection in Retail: Weekly Roundup

By Phyllis H. Marcus and Emma Lewis on May 23, 2017

This past week, several consumer actions made headlines that affect the retail industry. Continue reading for our weekly roundup. … Continue Reading

If You Don’t “WannaCry” After a Cyber Attack, Review Your Cyber Insurance Coverage

By Hunton & Williams LLP on May 19, 2017

As we previously reported, beginning last Friday, and still occurring today, one of the worst and most widespread malware attacks has impacted more than 200,000 victims in at least 150 countries. The attack is a reminder of the importance of cyber insurance coverage. Businesses affected by these types of attacks can incur significant loss, including for the ransom amount, any resulting business interruption, the cost of any lost data, damage to customers and other third parties, along with associated public relation expenses.… Continue Reading

Global Ransomware Attacks Raise Key Legal Considerations

By Hunton & Williams LLP on May 17, 2017

On May 12, 2017, a massive ransomware attack, known as “WannaCry,” began affecting tens of thousands of computer systems in over 100 countries. These types of incidents can have significant legal implications for affected entities and industries for whom data access and continuity is critical. As affected entities work to understand and respond to the threat of ransomware, we address some of the key legal considerations.… Continue Reading

Second Circuit Affirms Dismissal of Putative Data Breach Class Action for Lack of Article III Standing

By Hunton & Williams LLP on May 10, 2017

On May 2, 2017, the United States Court of Appeals for the Second Circuit issued a summary order affirming dismissal of a putative consumer class action against Michaels Stores, Inc. for lack of Article III standing.… Continue Reading

Virginia Adds State Income Tax Provision to Data Breach Notification Law

By Hunton & Williams LLP on April 4, 2017

Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading

Neiman Marcus Agrees to Settlement in Data Breach Class Action

By Hunton & Williams LLP on March 22, 2017

On March 17, 2017, retailer Neiman Marcus agreed to pay $1.6 million as part of a proposed settlement (the “Settlement”) to a consumer class action lawsuit stemming from a 2013 data breach that allegedly compromised the credit card data of approximately 350,000 customers.… Continue Reading

Home Depot Settles Data Breach Claims

By Hunton & Williams LLP on March 13, 2017

On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.… Continue Reading

Hunton & Williams Launches M&A Privacy and Security Initiative

By Hunton & Williams LLP on March 8, 2017

Hunton & Williams LLP announces the formation of a cross-disciplinary legal team dedicated to guiding companies through the minefield of regulatory and cyber-related risks associated with high-stakes corporate mergers and acquisitions. … Continue Reading

Navigating Cybersecurity Insurance in Technology Transactions

By Michael S. Levine, Randy S. Parks and Keith Voorheis on February 15, 2017

Providers of technology products and services are consistently innovating to grow their offerings to retailers. These new products and services present significant opportunity for retailers to more effectively reach customers, generate sales and grow revenue, but also can present significant cybersecurity risks.… Continue Reading

Tesco Bank Hack Illustrates Need for Robust Cyber Insurance

By Michael S. Levine on November 10, 2016

Earlier this week, retailer Tesco Plc’s banking branch reported that £2.5 million (approximately $3 million) had been stolen from 9,000 customer bank accounts over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank. … Continue Reading

Gaps in Retailer’s Insurance Program Jeopardize Coverage for Cyber Breach

By Hunton & Williams LLP on October 27, 2016

A federal judge in Alabama ruled Tuesday that a grocer could not rely on its legacy business insurance policies – including an “electronic data” coverage extension – to protect against third-party claims after customer data was compromised by a point-of-sale cyber attack. … Continue Reading

New Jersey Moves Forward with Shopper Privacy Bill

By Justin Keslowitz on September 19, 2016

On September 15, 2016, the New Jersey Senate unanimously approved a bill that seeks limit retailers’ ability to collect and use personal data contained on consumers’ driver and non-driver identification cards. The bill, known as the Personal Information and Privacy Protection Act, must now be approved by the New Jersey Assembly.… Continue Reading

FTC Reverses ALJ Decision, Finds LabMD Liable for Unfair Data Security Practices

By Hunton & Williams LLP on August 3, 2016

The Federal Trade Commission issued an opinion and final order reversing the administrative law judge’s decision by finding that LabMD failed to maintain reasonable security practices to protect consumers’ sensitive personal information in violation of Section 5 of the FTC Act.… Continue Reading

“As Seen on TV” — Insurer Must Defend Well Known Television Marketer in Data Privacy Suit

By Michael S. Levine and Jennifer E. White on June 15, 2016

In a June 1, 2016 decision, the Second Circuit Court of Appeals reminded retailers and product manufacturers to look to their insurance coverages when defending against consumer class actions. The Second Circuit required CNA Financial Corporation to defend E. Mishan & Sons, Inc. – best known for its “As Seen on TV” products – in two class actions alleging a conspiracy to trap customers into recurring credit card charges and that Emson sold private consumer information that it obtained through its product sales.… Continue Reading

If a Data Breach Occurs and Nobody Accesses Customer Data, Does it Constitute “Publication”?

By Syed S. Ahmad and Michael S. Levine on April 19, 2016

A panel of the Fourth Circuit confirmed that general liability insurance policies can afford coverage for cyber-related liabilities, and ruled that an insurer had to pay attorneys’ fees to defend the policyholder in class action litigation in Travelers Indemnity Company v. Portal Healthcare Solutions, No. 14-1944.… Continue Reading

Hunton & Williams Launches Cyber and Physical Security Task Force

By Hunton & Williams LLP on April 12, 2016

Hunton & Williams LLP announces the formation of a Cyber and Physical Security Task Force to assist companies in minimizing the risks and consequences of a serious security incident. The task force is being led by global privacy and cybersecurity head Lisa Sotto, cybersecurity partner Paul Tiao, and energy partner Kevin Jones, and includes lawyers from a wide range of practice groups within the firm. … Continue Reading

Consumer Protection in Retail: Weekly Roundup

By Phyllis H. Marcus and Emma Lewis on March 14, 2016

This past week, several regulatory and consumer actions made headlines that affect the retail industry. Continue reading for our weekly roundup.… Continue Reading

FCC Reaches Settlement with Cable Operator over Customer Data Breach

By Hunton & Williams LLP on November 17, 2015

As reported on the Privacy & Information Security Law blog, the Enforcement Bureau of the Federal Communications Commission (“FCC”) entered into a Consent Decree with cable operator Cox Communications to settle allegations that the company failed to properly protect customer information when the company’s electronic data systems were breached in August 2014 by a hacker. … Continue Reading

Federal Court: Attorney-Client Privilege and Work-Product Doctrine Upheld for Materials Associated with Internal Data Breach Investigation

By Hunton & Williams LLP on October 27, 2015

As reported in the Privacy & Information Security Law blog, the United States District Court for the District of Minnesota, in large part, upheld Target’s assertion of the attorney-client privilege and work-product protections for information associated with a privileged, internal investigation of Target’s 2013 data breach.… Continue Reading

Seventh Circuit Denies En Banc Review for Data Breach Class Action

By Hunton & Williams LLP on September 29, 2015

As reported in the Privacy & Information Security Law blog, the Seventh Circuit rejected Neiman Marcus’ petition for a rehearing en banc of Remijas v. Neiman Marcus Group, LLC, No. 14-3122. In Remijas, a Seventh Circuit panel found that members of a putative class alleged sufficient facts to establish standing to sue Neiman Marcus following … Continue Reading