Search the Community
Showing results for tags 'data breach settlement'.
mood posted a topic in Security & Privacy NewsSettlement Reached Over Data Breach Impacting 24 Million Americans A multi-state settlement has been reached over a 2019 data breach that may have exposed the personal information of up to 25 million Americans. The breach took place from August 1, 2018, through March 30, 2019, when an unauthorized user gained access to the internal computer system of the American Medical Collection Agency (AMCA) by hacking into a web payment portal. Once inside the system, the user was able to access a variety of sensitive data that included Social Security numbers, payment card information, and the results of medical tests. On June 3, 2019, AMCA issued a security notice regarding the breach. The company contacted impacted customers, offering them two years of complimentary credit monitoring. It later transpired that at least 23 different healthcare organizations had been impacted by the AMCA breach. After paying costs associated with the breach notification and remediation, AMCA filed for bankruptcy on June 17, 2019. The company later received permission from the bankruptcy court to settle with the multi-state coalition and on December 9, 2020, filed for dismissal of the bankruptcy. Under the terms of the settlement, Retrieval-Masters Creditors Bureau, doing business as AMCA, may be liable for a $21m total payment to the states. However, the payment has been suspended in light of AMCA's financial struggles and will only be activated if the company violates certain terms of the settlement agreement. As part of the settlement AMCA must implement various data security practices to protect consumers from future cyber-attacks. These include employing a chief information security officer, hiring a third-party assessor to perform an information security assessment, and creating and implementing an information security program with detailed requirements, including an incident response plan. The settlement was reached between AMCA and the attorneys general of Arizona, Arkansas, Colorado, the District of Columbia, Connecticut, Florida, Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nebraska, Nevada, New Hampshire, New Jersey, New Mexico, New York, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Tennessee, Texas, Utah, Vermont, Virginia, Washington, and West Virginia. Source: Settlement Reached Over Data Breach Impacting 24 Million Americans
mood posted a topic in Security & Privacy NewsWawa would pay customers $9M in cash, gift cards in proposed settlement PHILADELPHIA (WPVI) -- Millions of Wawa customers could be getting gift cards or even cash back from the company. It is part of a class action lawsuit connected to the chain's massive data breach in 2019. Under the proposed settlement, Wawa would have to hand out up to $8 million in gift cards and up to $1 million in cash reimbursements. Anyone who used their debit or credit cards at a Wawa store or fuel pump between March 4, 2019 and Dec. 12, 2019 would be eligible to file a claim and enter into the class action lawsuit. Wawa estimates that there are approximately 22 million affected customers, the settlement agreement reads. According to Wawa, malware affected customer payment card information used at potentially all Wawa locations beginning at different points in time after March 4, 2019 and until it was contained by December 12, 2019. This malware affected payment card information, including credit and debit card numbers, expiration dates, and cardholder names on payment cards used at potentially all Wawa in-store payment terminals and fuel dispensers. The settlement breaks down the compensation into three tiers. According to a statement by Chimicles Schwartz Kriner & Donaldson-Smith LLP, the Haverford law firm representing customers: 1. Class members who did not suffer attempted or actual fraud on their payment card are eligible to receive a $5 Wawa gift card; 2. Class members who can provide reasonable proof of an actual or attempted fraudulent charge on their card after a Wawa transaction are eligible to receive a $15 Wawa gift card; and 3. Class members who can provide reasonable documentary proof of money they lost or spent out-of-pocket in connection with an actual or attempted fraudulent transaction on their payment card are eligible to reimbursement of those costs up to $500. Affected customers must submit a claim form to be eligible to receive a gift card or monetary relief. Source: Wawa would pay customers $9M in cash, gift cards in proposed settlement
Hy-Vee Moves to Settle Data Breach Class Action In Aug. 2019, Hy-Vee revealed the existence of a data breach affecting customers who used debit and credit cards at its fuel pumps, drive-thru coffee shops and restaurants. Hy-Vee has reached a preliminary settlement agreement in a class action brought by customers whose credit and debit card information was exposed as a result of a huge data breach at some of the company’s stores, according to a published report. Papers filed in an Illinois federal court on Jan. 12 noted that the grocer began negotiating the proposed settlement with the plaintiffs’ attorneys after a judge declined to dismiss the lawsuit last April, Little Village magazine reported. In Aug. 2019, Hy-Vee revealed the existence of a data breach affecting customers who used debit and credit cards at its fuel pumps, drive-thru coffee shops and restaurants. Locations across the grocer’s eight-state Midwestern market area were affected by the breach, which lasted between seven to eight months, starting in Dec. 2018 at some locations. Information from more than 5.3 million debit and credit cards was compromised over that time. Little Village reported that the stolen debit and credit card information was purported to be on sale at Joker’s Stash, a site featuring stolen card data. In Oct. 2019, two Hy-Vee customers affected by the breach, one in Illinois, the other in Missouri, brought a class action against the company, with two Iowa residents added as plaintiffs the following month. In its filing on the settlement, plaintiffs’ attorneys admitted, “Prosecuting this litigation through trial and appeal would likely be lengthy, complex and impose significant costs on all parties.” If the court approves the settlement deal, the class, consisting of those “residing in the United States who used a payment card to make a purchase at an affected Hy-Vee point-of-sale device during the Security Incident,” will be eligible for a reimbursement of as much as $225 for various categories of potential expenses incurred as a result of the breach, including the replacement of cards; the reversal of fraudulent charges; unreimbursed bank fees, card reissuance fees, overdraft fees, late fees, charges related to unavailability of funds, and over-limit fees; unreimbursed charges from banks or credit card companies; interest on payday loans because of card cancelation or an over-limit situation; costs of credit report(s); and costs of credit-monitoring and identity theft protection. Some “who experienced extraordinary expenses” could get up to $5,000 per claim. The 11 plaintiffs will additionally receive “incentive awards” of $2,000 each. Further, the plaintiffs’ attorneys are seeking $727,000 in fees, and Hy-Vee is expected to pay $12,000 to cover the attorneys’ expenses. As well as agreeing to these payments under the settlement deal, Hy-Vee will take “certain measures to increase its data security and consumer information protection procedures for a period of two years.” Among these measures are the appointment of a group VP, IT security; maintenance of a written information security program; employee training on data security policies and detecting/handling suspicious emails; maintenance of a policy for addressing information security events; compliance with [current payment card industry data security] standards; and requiring third-party vendors to employ multifactor authentication to access Hy-Vee’s payment card environment. On its own, Hy-Vee has already bolstered data security practices in the wake of the breach, as the retailer noted in Oct. 2019. A Hy-Vee spokeswoman told Progressive Grocer that once the settlement is approved, “those involved in the lawsuit will receive notification as to how to file a claim, pending they meet certain criteria approved by the court.” With sales of $11 billion annually, the employee-owned Hy-Vee operates more than 275 retail stores in eight Midwestern states. The company is No. 33 on The PG 100, PG’s 2020 list of the top food and consumables retailers in North America. Source: Hy-Vee Moves to Settle Data Breach Class Action
steven36 posted a topic in Security & Privacy News(Reuters) - Yahoo has struck a revised $117.5 million settlement with millions of people whose email addresses and other personal information were stolen in the largest data breach in history. The proposed class-action settlement made public on Tuesday was designed to address criticisms of U.S. District Judge Lucy Koh in San Jose, California. She rejected an earlier version of the accord on Jan. 28, and her approval is still required. Koh said the original settlement was not "fundamentally fair, adequate and reasonable" because it had no overall dollar value and did not say how much victims might expect to recover. She also said the legal fees appeared to be too high. Yahoo, now part of New York-based Verizon Communications Inc, had been accused of being slow to disclose three data breaches affecting about 3 billion accounts from 2013 to 2016. The new settlement includes at least $55 million for victims' out-of-pocket expenses and other costs, $24 million for two years of credit monitoring, up to $30 million for legal fees, and up to $8.5 million for other expenses. It covers as many as 194 million people in the United States and Israel with roughly 896 million accounts. John Yanchunis, a lawyer for the plaintiffs, in a court filing called the $117.5 million the "biggest common fund ever obtained in a data breach case." He did not immediately respond to requests for additional comment. Separately, Verizon agreed to spend $306 million between 2019 and 2022 on information security, five times what Yahoo spent from 2013 to 2016. It also pledged to quadruple Yahoo's staffing in that area. "The settlement demonstrates our strong commitment to security," Verizon said in a statement. Yahoo agreed in July 2016 to sell its internet business to Verizon for $4.83 billion. Only later did it reveal the scope of the breaches, prompting a price cut to $4.48 billion. Verizon wrote off much of Yahoo's value in December. U.S. prosecutors charged two Russian intelligence agents and two hackers in connection with one of the breaches in 2017. One hacker later pleaded guilty. The case is In re: Yahoo Inc Customer Data Security Breach Litigation, U.S. District Court, Northern District of California, No. 16-md-02752. Source