DtSR Episode 135 - NewsCast for March 23rd, 2015

Target settled class-action lawsuit over its data breach - for $10M USD

Who wins? Lawyers, clearly the lawyers
Burden of proof on the victims to show they've suffered a loss to get up to $10,000.00.
If you can't prove loss, you can still try to get part of settlement of what's left-over
http://www.usatoday.com/story/money/2015/03/19/target-breach-settlement-details/25012949/

Federal judge dismisses suit against Paytime -- "simply no compensable injury yet"

Leaves door open for future suits if someone were to suffer a compensable injury
"Once a hacker does misuse a person's information for personal gain...there is a clear injury and one that can be fully compensated with money damages." -- Judge John E. Jones III
Watch this case, read the story for yourself
http://www.securityinfowatch.com/news/11883806/federal-judge-dismisses-lawsuits-over-paytime-inc-data-breach

Sacred Heath Health System victim-by-proxy of a data breach

Happened at a 3rd party
So why is only Sacred Heart in the news?
~40 individuals SSN and patient information
"deceptive technique" known as phishing
http://pensacolatoday.com/2015/03/sacred-heart-informs-patients-of-billing-information-disclosure/

Premera Blue Cross "warned about security flaws before breach"

Lots to talk about here -- starting with is 3 weeks enough time?
OPM audit finds issues, is this a systemic failure or examplary of an enterprise doing its best in a difficult security climate?
Before you judge, measure up your own security posture against this article
http://www.seattletimes.com/business/local-business/feds-warned-premera-about-security-flaws-before-breach/

Advantage Dental notifies patients of breach