Account Data Compromise Recovery Process, ADCR, GCAR, Global Compromised Account Recovery Program, payment card, PCI DSS, security breach, visa
VISA Phases Out the Account Data Compromise Recovery (ADCR) Process and Implements the Global Compromised Account Recovery (GCAR) Program
By InfoLawGroup LLP on January 09, 2013
damages, data breach, Hannaford, motion to dismiss Hannaford data breach payment card PCI DSS, payment card, PCI DSS
Federal Appeals Court Holds Identity Theft Insurance/Credit Monitoring Costs Constitute "Damages" in Hannaford Breach Case
By InfoLawGroup LLP on October 24, 2011
In a significant development that could materially increase the liability risk associated with payment card security breaches (and personal data security breaches, in general), the U.S. Court of Appeals 1st Circuit (the "Court of Appeals") held that payment card replacement fees and identity theft insurance/credit monitoring costs are adequately alleged as mitigation damages for purposes of negligence and an implied breach of contract claim. The decision in Hannaford could be a game changer in terms of the legal risk environment related to personal data breaches, and especially payment card breaches where fraud has been perpetrated. In this post, we summarize the key issues and holdings of the Court of Appeals.
damages, Hannaford, litigation, payment card, PCI DSS, security breach
"Damages" Last Stand - Maine Supreme Court Puts an End to the Hannaford Bros. Breach Suit
By InfoLawGroup LLP on September 22, 2010
The Maine Supreme Court has rendered its opinion on the "damages" issue in the Hannaford Bros. consumer security breach lawsuit. Again, the plaintiffs have been unable to establish that they suffered any harm as a result of the Hannaford security breach. Specifically, the Court ruled that "time and effort" alone spent to avoid or remediate reasonably foreseeable harm do not constitute "a cognizable injury for which damages may be recovered." In this blogpost we take a closer look at the Court's rationale.
Breach, fiduciary duty, Heartland, litigation, negligence, payment card, PCI DSS, third party beneficiary
Heartland Bank and Keybank's Motion to Dismiss
By InfoLawGroup LLP on July 13, 2010
ADCR, BJ, BJ Wholesale Club, Breach, card, Club, damages, doctrine, economic, economic loss doctrine, fraud, Hannaford, litigation, loss, Massachusetts, mastercard, negligence, payment, payment card, PCI DSS, PCI DSS litigation, retailers, TJX, unfair practices, unfair practices Massachusetts visa mastercard ADCR, visa, Wholesale
Massachusetts's Highest Court Delivers BJ Wholesalers (and other Retailers) a Data Breach Liability Gift
By InfoLawGroup LLP on December 23, 2009
payment card, payment card security breach litigation, PCI DSS, PCI DSS heartland, security breach litigation
Quickhits: AMEX settles with Heartland Payment Systems for $3.6 Million
By InfoLawGroup LLP on December 22, 2009
litigation, payment, payment card, PCI DSS, PCI DSS Radiant Systems, Radiant, Savvis, security breach litigation, security breach litigation service provider, service provider, Systems
The Merchants Strike Back?
By InfoLawGroup LLP on December 03, 2009
210 CMR 17-00, breach notification, creditors, driver's license, FACTA, Fair Credit Reporting Act, FCRA, financial account, FIPS, FTC, generally accepted, health information, HIPAA, HITECH, key management, laptops, Massachusetts, medical data, Nevada, payment card, Payment Card Industry Digital Security Standard, PCI DSS, portable devices, public networks, Red Flags, Red Flags Rule, Security, social security number, SSN, wireless
Code or Clear? Encryption Requirements (Part 2)
By W. Scott Blackmer on October 01, 2009
In the last post, I talked about the role of encryption in fashioning a "reasonable" security plan for sensitive personal information and other protected data routinely collected, stored, and used by an enterprise. But lawmakers and regulators are getting more specific about using encryption and managing data that is risky from an ID-theft perspective. Here are some leading examples of this trend.
