Virtual Dress-up Website Settles With The FTC Following Data Breach
Jun. 20. Comparitech, a UK-based research company, reports damages from data breaches in the United States since 2008 amount to $1.6 trillion. It notes there were nearly 9,700 breaches during that period exposing 10.7 billion records with an average loss of $148 per record.
Virtual dress-up website settles with the FTC following data breach
May 12. Multiple security researchers reveal that the servers of at least seven online service providers have been infected with malicious code that logs all form field information from a website, including data on checkout and payment pages, and sends it to a server in Panama. Services found infected with scripts are Alpaca Forms, Picreel, AppLixir, RYVIU, OmniKick, eGain, and AdMaxim.
Apr. 29. Motherboard reports intruders exploited a data breach at Microsoft to rob some of its email users of their cryptocurrency. Microsoft originally claimed only email metadata and customer information, such as subject lines and the names of other email addresses users communicated with, was compromised.
Apr. 24. i-Dressup, a fashion website, agrees to pay $35,000 to settle FTC action stemming from data breach at site that compromised information on 2.1 million users, including 245,000 under the age of 13.
In March 2017, a spam email operator exposed 1.37 billion records by accident, making it one of the most major data breaches ever. This breach happened when River City Media accidentally published a snapshot of a backup from January 2017 without password protection.
Summary: In August 2022, student loan servicer Nelnet suffered a data breach when an unknown hacker accessed the data of 2.5 million individuals who secured loans with EdFinancial or the Oklahoma Student Loan Authority. The breach included full names, addresses, phone numbers, and Social Security numbers.
Summary: In January 2022, an investigation determined that an outage experienced by the school management platform Illuminate Education was actually a data breach. The NYC school system uses the platform for teachers to communicate with parents and check grades.
Summary: A misconfigured spambot leaked emails and passwords, leading to one of the biggest data breaches in recent years. Almost one email address for every person in Europe was leaked. The information became visible to the public because the spammers forgot to secure one of their servers. As a result, anyone could download the data without credentials.
Summary: Around 46.2 million mobile phone numbers from Malaysian mobile virtual network operators and telephone companies were posted online. The leak included prepaid and postpaid numbers, addresses, customer details, and SIM card information, including IMSI and IMEI numbers. Timestamps indicated that the leaked data was from May and July 2014. As with the other data leaks, the hackers tried to sell this information by posting it on a forum.
Summary: In December 2010, Ohio State University suffered a data breach that jeopardized over 760,000 people. The university notified former and current applicants, students, faculty, and others with connections to the universities that hackers had accessed the server that stored their Social Security numbers, names, addresses, and dates of birth.
The regulatory arena surrounding data security is becoming systematically more complicated. Companies that interact with PII should maintain a high-level understanding of breach notification obligations and know when to seek guidance. Vinson & Elkins tracks developments related to data privacy laws in the United States and internationally.