Maine adopts what is considered the strictest privacy law in the US for internet service providers

  On June 6, 2019 Maine’s governor signed into law LD 946, “An Act To Protect the Privacy of Online Customer Information.” The Act applies to broadband internet service providers (ISPs) defined as any “mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all Internet endpoints.” ISPs are prohibited from using, disclosing, or selling their customers personal information, which includes the Read more [...]

NY A.G. settles with online retailer Bombas which failed to notify data breach involving credit cards details

On June 6, 2019 Attorney General Letitia James, announced settlement with online retailer Bombas LLC for failing to provide notice of payment cards consumers’ data breach occurred to 39,561 consumers. In 2014 unauthorized intruders inserted malicious software code to steal payment card information into the ecommerce platform supporting Bombas’ website. Intruders accessed customer information (such as names, addresses, and credit card information) of 39,561 payment card holders. Bombas started Read more [...]

North Carolina bill to amend Identity Theft Protection Act and to increase consumer protection post-breach

On April 16, 2019, North Carolina House of Representative introduced H.B. 904. The Bill amends the Identity Theft Protection Act. Among the many changes introduced, the Bill: amends the definition of security breach to include any incident of “unauthorized access to or acquisition of (was, access to and acquisition of) unencrypted and unreacted records or data containing personal information where illegal use of the personal information has occurred or is likely to occur or that creates Read more [...]

Washington state modifies its breach notification law

On April 22, 2019, the House of Representatives modified chapter 19.255 RCW to amend its data breach notification law. The definition of “data breach” does not change. The security of the system means “unauthorized acquisition of data that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.” But HB 1071 introduced an expanded definition of “Personal information”, which now includes individuals’ first name Read more [...]

Massive violations of US households data

On April 30, 2019, vpnMentor published an article revealing that hacktivists Noam Rotem and Ran Locar discovered an unprotected database impacting up to 80 million American households (65% of US households). The 24 GB database was hosted by a Microsoft cloud server and included the number of people living in each household with their full names, their marital status, income bracket, age, date of birth and more. It included data of people over the age of 40. VpnMentor doesn’t know to which Read more [...]