Articles Posted in Cybersecurity

Last week on the official LinkedIn blog, the company’s chief information security officer, Cory Scott, reported the company had become aware of an additional set of data that has just been released consisting of e-mail and hashed password combinations of more than 100 million LinkedIn members. This recent release is related to a 2012 unauthorized access and disclosure of LinkedIn members’ passwords:

Yesterday, we became aware of an additional set of data that had just been released that claims to be email and hashed password combinations of more than 100 million LinkedIn members from that same theft in 2012. We are taking immediate steps to invalidate the passwords of the accounts impacted, and we will contact those members to reset their passwords. We have no indication that this is as a result of a new security breach. –Linkedin Official Blog, May 18, 2016

Posted May 3, 2016

Ashley Madison Update: Hacked Data Is Off-Limits

On April 29, 2016, Judge Ross issued his ruling on Ashley Madison’s motion for a protective order, prohibiting Plaintiffs from using the leaked documents, reports quoting the leaked documents, and information “stolen from Avid” in drafting their consolidated class action complaint. The result was largely policy driven, with Judge Ross stating broadly, “the Court cannot and will not allow Plaintiffs to take advantage of the work of hackers to access documents outside the context of formal discovery. To do so would taint these proceedings and, if left unremedied, potentially undermine the integrity of the judicial process.” The Court also ruled that it had inherent authority to issue a protective order with respect to documents obtained outside the course of normal discovery, and distinguished cases cited by the Plaintiffs in opposition. Rejecting Plaintiffs’ First Amendment argument, Judge Ross notes, “[j]ournalists … are in a completely different position than parties involved in private litigation. No doubt exists that the news media enjoy the freedom of ‘the press;’ however, the conduct of attorneys is informed by their ethical responsibilities as officers of the Court.” The amici briefs submitted by other Ashley Madison users made an impact on the Court as the Court found that the leaked information could not truly be considered “readily available to the public” due to the efforts of the other users to protect their privacy following the leak, as asserted in their briefs. Ultimately, Judge Ross emphasized the need to “protect the integrity of the internet and make it a safer place for business, research and casual use.”

Earlier posts on the topic:
Ashley Madison and Coming to “Terms” with Data Protection
From Ashley Madison to the Panama Papers: Is Hacked Data Fair Game?

Posted April 22, 2016

From Ashley Madison to the Panama Papers: Is Hacked Data Fair Game?

by Carolyn S. Toto and Pillsbury's Internet & Social Media Team

Carolyn S. Toto

We’ve previously written about the distinctions between hacking credit and other financial data in comparison to hacking private information. (See Ashley Madison and Coming to “Terms” with Data Protection.) The issue of how much protection the latter receives when it relates to attorney-client communications is currently before the District Court of the Eastern District of Missouri in the multi-district litigation arising from the July 2015 Ashley Madison leaks. Plaintiffs—former users of the site who claim that Ashley Madison defrauded the public by creating fake female profiles to lure male users—hope to use leaked information in their consolidated complaint against the site, due to be filed June 3 of this year. The leaked information sought to be used includes references and citations to emails between Ashley Madison’s parent company, Avid Dating Life, and its outside counsel.

Posted April 15, 2016

Cyber Loss May Yet Fall Under General Liability

Recently, the Fourth Circuit handed down one of the first appellate-level decisions involving insurance coverage for a cyber-related event. The ruling is likely to create ripples among both carriers and company insureds, as it establishes the possibility that, under a general liability policy, a carrier may still be on the hook to cover cyberattacks or data breaches that are the result of a company’s negligence (as opposed to those stemming from a criminal attack, in which the company is the victim). In their Client Alert on the Fourth Circuit’s ruling, colleagues James Bobotek, Peri Mahaley and Benjamin Tievsky break down the ruling and its takeaways.

Posted February 25, 2016

The Case of the Hacked Hospital: When a Cyber Breach Becomes a Health Crisis

by Carolyn S. Toto

Carolyn S. Toto

Recently, we noted vulnerability issues from use of the Internet of Things and how that has come to impact the health industry. Recent events continue to highlight this development. Since the start of the year, there have been cyber attacks targeting hospitals. Perhaps recognizing the extensive disruption and potential privacy concerns to patients, the hackers have targeted these institutions to either make a point or seek large sums in exchange for returning access to the hospital data. In January, Hurley Medical Center, based in Flint, Mich., was attacked, although a spokesperson stated that policies and protocols were followed and patient care was not compromised. The hacktivist group Anonymous released a video with the hashtag #OpFlint prior to the cyber attack and suggests responsibility for the breach to make a point regarding the city’s water crisis, although no confirmation has been made.

Posted February 11, 2016

Managing the Cybersecurity Risks of the Medical Internet of Things

The cybersecurity ramifications of the Internet of Things (IoT) are perhaps nowhere more crucial—potentially a matter of life and death, in fact—than in the realm of medical devices. Until recent times, a potential hack of the data-sharing that is a hallmark of the IoT raised far more privacy concerns than actual health risks. However, as medical devices begin to evolve and make use of the connectivity of the IoT, this balance may change. For one example, think pacemakers, where a malicious glitch in a networked piece of equipment could have fatal consequences.
Continue Reading →

Posted December 17, 2015

News of Note for the Internet-Minded – 12/17/15

Stories of interest this week include a developers showcase for the HoloLens, robots able to feel textures like humans, a cool billion invested in AI, and more.

Posted November 12, 2015

Cybersecurity Information Sharing Gains Senate Approval

In their recent Alert on the Senate’s passage of the Cybersecurity Information Sharing bill, colleagues Brian E. Finch, Elizabeth Vella Moeller and Craig J. Saperstein explore and evaluate the U.S. Senate’s approval of legislation (long sought by industry) that would facilitate information sharing (including threat indicators) across government and industry lines in real time, and provide liability protection to companies that participate.

Posted October 7, 2015

Safe Harbor Dead: What U.S. Businesses Need to Know/Do Next

The decision of Europe’s top court yesterday to confirm that the ruling that the Europe Union(EU)/U.S. Safe Harbor scheme, Commission Decision 2000/520, was invalid has major implications for any businesses transferring data from the EU to the United States.

Posted September 30, 2015

FTC Fines Can Add Salt to a Cybersecurity Wound

by Carolyn S. Toto

Carolyn S. Toto

Cyberattacks are on the rise—so much that we seem to hear about a high-profile hack more often than it probably rains in most parts of California. Although reputational damage from a cyberattack can be scarring, a recent U.S. Third Circuit Court decision provides a reminder that the pain can come in many forms. In Federal Trade Commission v. Wyndham Worldwide Corp, the Court confirmed that the FTC can levy expensive fines on a business for failing to adequately protect consumer information. If there wasn’t sufficient reason before, the Third Circuit opinion should convince many who ignored cybersecurity to take a more proactive approach.