The Rippleshot Data Breach Blog

Data Breach Ripples: Week of January 30

Written by Zach Walker | Jan 30, 2015 7:30:00 PM

In this week's issue: a U.S. District Court ruled in favor of breached merchant Schnucks, Samsung is set to debut their mobile payment platform, an exploit found in the Mariott hotel's app may have exposed the personal data of its customers, an Albany-based Health System is notifying over 5,000 patients of a data breach, and Rippleshot summarizes Tuesday's U.S. House Subcommittee hearing on data breach legislation.

 ICYMI: Courts Rule in Favor of Schnucks, Capping Data Breach Expenses at $500,000

On January 15, the U.S. District Court for the Eastern District of Missouri ruled in favor of Schnuck Markets Inc. against the grocery chain’s payment processor and merchant bank. The court ruled that the grocery chain's data breach-related expenses would be capped at $500,000.This ruling stems from the 2012 data breach that lasted nearly 4 months, affecting 2.4 million payment cards.

It should be noted that there is a consensus between security and legal experts that this ruling will not set a precedent for future cases regarding data breaches.

Samsung Set To Debut Its M-Pay Plan to Compete With Apple Pay

As experts analyze Apple Pay's impact on the payments industry in its first year, Samsung is preparing to debut its mobile payment platform, Samsung Pay. Touted as a competitor of ApplePay, Samsung Pay is compatible with nearly 90 percent of all magnetic stripe terminals as well as NFC terminals here in the U.S.

Samsung believes that Samsung Pay will have an edge over Apple Pay due to its compatibility with magnetic stripe terminals, unlike Apple Pay. When news first broke of Samsung’s new mobile payment platform, it appeared that Samsung was working with a mobile wallet company, LoopPay to develop the technology.

Marriott Fixes Android App Issue That May Have Exposed Personal Data

A security flaw affecting Android users of the Marriott International app may have been exploited, exposing payment and personal data of an unknown number of users. According to Randy Westergen, a software developer who discovered exploit, the app could allow a cybercriminal to gain access to a user’s information, including names, addresses and the last four digits of payment cards.

Albany Health Systems Notifies More Than 5,000 Patients of Data Breach

St. Peter’s Health Partners based in Albany, NY is in the process of notifying over 5,000 patients that their personal information may have been exposed in a data breach. According to the report, a cell phone belonging to a manager of the health system was stolen, exposing personal information including names, dates of birth and the times and locations of medical appointments.

St. Peter’s Health Partners issued a response, stating that the stolen cell phone was password protected but not encrypted. It is important to note that the manager’s cellphone was in accordance with the organization’s security procedures.

Rippleshot Content: U.S. House Subcommittee Hears First Testimony on Data Breach Legislation

On Tuesday, the House Subcommittee on Commerce, Manufacturing, and Trade held a hearing entitled “What are the Elements of Sound Data Breach Legislation?” In the latest Rippleshot blog post, we sat down and watched the testimony, summarizing the main topics that each of the witnesses covered. 

We'll continue to track this conversation as it makes it way through the subcommittee and into the legislative process.

 

Thanks for reading this week’s Data Breach Ripples. If you missed the last week's post or want to share these with friends or colleagues, click HERE!