On August 24, 2015, the Third Circuit affirmed U.S. District Court Judge Esther Salas’ April 2014 ruling in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) that the FTC has the authority to regulate private companies’ cybersecurity practices under Section 5 of the FTC Act. (Prior blog posts on this case can be found here […]
Litigation
Target, MasterCard Settlement Allowed to Proceed
The court in In re: Target Corporation Customer Data Security Breach Litigation (D. Minn. MDL No. 14-2522) today entered an order denying the plaintiffs’ motion to enjoin a settlement between MasterCard and Target stemming from the 2013 security breach of Target’s systems. The parties had agreed that Target would pay MasterCard $19 million for damages […]
Third Circuit Questions FTC’s Data Security Authority
On March 3, 2015, the Third Circuit heard oral argument in FTC v. Wyndham Worldwide Corp., et al. (“Wyndham”) on the issue of whether the FTC has the authority to regulate private companies’ data security under Section 5 of the FTC Act. This appeal arises out of the District Court’s holding that the unfairness prong […]
TD Bank NA Settles Data Breach Lawsuit with Mass. AG
TD Bank North America (“TD Bank”) and the Massachusetts Attorney General announced an agreement on December 8 to end a data breach lawsuit brought against TD Bank by the Massachusetts Attorney General. The lawsuit alleged that TD Bank failed to properly protect and encrypt personal customer information contained on two server backup tapes that it […]
District Judge Upholds Decision Requiring Microsoft to Provide Irish Data to U.S. Investigators
On July 31, Federal District Judge Loretta A. Preska (Southern District of New York) upheld the decision of a magistrate judge requiring Microsoft to turn over the contents of customer email stored in Ireland to U.S. investigators. The magistrate’s April decision was previously discussed on this blog. Federal investigators had obtained a warrant for the email […]