Articles Tagged with data breach attorneys

Accepting credit cards just became a riskier and more expensive proposition for small business owners. As a law firm specializing in data breach prevention and response, we know that the United States lags behind comparable markets globally in credit card security. As a result, the nation has experienced a marked increase in credit card fraud in recent years. To combat this rise, major U.S. credit card issuers have introduced chip-cards, also known as “E.M.V.” cards, which is the worldwide standard for cards equipped with computer chips and the technology used to authenticate chip-card transactions. (E.M.V. stands for Europay, MasterCard and Visa, the companies that created the standard). Chip-card technology frustrates counterfeiters accustomed to stealing and duplicating the static data on magnetic stripe credit cards. The transition to chip-card technology coincides with a shift in liability for fraud. On October 1, 2015, the liability for card-present fraud shifted to whichever party is the least E.M.V.-compliant. If your business fails to upgrade to E.M.V.-compliant technology, you could bear the cost of a fraudulent transaction at your point of sale.

Credit card fraud in the U.S. has doubled in the past seven years, largely due to increased protection in the rest of the world resulting from the widespread adoption of E.M.V. cards. Banks and merchants lost over $16 billion dollars in 2014 on fraudulent transactions. Nearly half of these targets were based in the U.S., which accounts for only 21 percent of the world’s card transactions. Thieves obtain card information through data breaches and card skimmers and produce duplicates of the cards using the stolen data. Chip-cards will not protect against fraud following physical theft and offer no added protection online. However, roughly fifty percent of credit card fraud occurs onsite and accounted for 13.7 million fraudulent transactions in 2012 totaling $2.3 billion in charges. Aligning credit card security in the U.S. with other major global markets should diminish the disproportionate targeting of American merchants.

Continue reading

The big baseball news relates to the St. Louis Cardinals hacking of the Astros scouting database and not the latest deal for a high priced middle reliever.  As a data breach attorney and baseball fan, it is rare that two of my main interests collide.  I must confess to feeling some schadenfreude since I am a long suffering Brewers fan.

The New York Times has been all over this, reporting that the Cardinals had an acrimonious breakup with former GM Jeff Luhnow.  The hack was initiated by current Cardinals employees with an apparent ax to grind with Luhnow.  The motivation appears to have been to embarrass Luhnow by exposing his private conversations about talent.

Continue reading

2014 was an interesting year in data breach litigation in California at both the federal and state level.  As always is the case in data breach cases, the requirement of a cognizable harm or “standing” took center stage.  At the state level, data breach defendants scored a huge victory in the case of Sutter Health v. Superior Court.  In contrast, at the federal level, data breach plaintiffs scored big in the case of In re Adobe.

Sutter Health involved the increasingly common situation of a stolen computer from a hospital.  The computer contained millions of patient health records.  Patients filed a class action alleging violations of the Confidentiality of Medical Information Act (“CMIA”).  The Act prohibits the disclosure of patient records and provides for statutory damages of $1,000 per breach.  Doing the math, Sutter’s liability added up to $4 billion of exposure.  The trial court denied Sutter’s demurrer resulting in an immediate appeal.

Continue reading