Category Archives: Data Breach

Please check out: “Will Insurance Cover Target’s $19 Million MasterCard Settlement?”

Posted on by 2 comments

Phishing -Credit card data theftI wrote a post that discusses card brand liabilities – the demands from payment card brands and payment card processors after a data breach of credit card and debit card numbers – and getting cyberinsurance to cover those liabilities.  The post discusses Target’s disclosure of a $19 million settlement with MasterCard for card brand liabilities and whether Target’s cyberinsurance might cover the losses.

You can find the post on my firm‘s insurance recovery and insurance coverage blog, the BT Policyholder Protection Blog. My future insurance-related posts will be found there.

Please check out: “If Your System Was Attacked By ‘Backoff’ Malware, Would Your Insurance Cover A Data Breach Involving Credit Card Numbers?”

Posted on by Leave a comment

binary code and computer monitorsI wrote a post that discusses the disclosure of so-called “Backoff” malware by the Department of Homeland Security. I also discuss and how insurance might apply to retailers and card processors facing a data privacy incident (or a data breach) with allegedly exposed credit cards, debit cards, and payment cards in general as a result of a Backoff malware attack.

You can find the post on my firm‘s insurance recovery and insurance coverage blog, the BT Policyholder Protection Blog. My future insurance-related posts will be found there.

Please check out: “Scott Godes Interview Featured in, ‘If Attorney Needed to Explain Cyber Coverage, the Policy Is Not Clear.'”

Posted on by Leave a comment

binary code and computer monitorsI wrote a post that discusses an interview I recently gave for an Advisen article regarding cyber risk and cyberinsurance.

You can find the post on my firm’s new blog, the BT Policyholder Protection Blog.  My future insurance-related posts will be found there.

Please check out: “Increasing data breach costs should lead to a review of insurance policies and vendor contracts.”

Posted on by Leave a comment

binary code and computer monitorsI wrote a post that discusses increasing data breach costs, as discussed in the latest Ponemon Institute report, and gives some tips regarding risk management, insurance coverage, and vendor contracts, in light of this expanding and changing risk.

You can find the post on my firm’s new blog, the BT Policyholder Protection Blog.  My future insurance-related posts will be found there.

Join me at the AFP® Annual Conference in Washington, DC from November 2-5, 2014.

Posted on by Leave a comment

cyberinsuranceAre you a treasurer, CFO, or a treasury or finance professional?  Do you want to join a group of over 6,500 treasury and finance professionals in Washington, DC for a great annual conference?  AFP® (the Association for Financial Professionals®) will hold its Annual Conference at the DC convention center (the Walter E. Washington Convention Center) from November 2-5, 2014.  I’m excited to be part of the conference as a speaker.  I’ll be a speaker on a panel discussing insurance for cyber risks. 

Looking for reasons to attend the event?  In the words of AFP®, come to the conference to: 

Validate best practices, hear new ideas and be inspired to innovate at the most important event for treasury and finance.

My panel will be:

Cyber Insurance: What Is It? Am I Covered?
Network security and privacy risk – it’s ubiquitous. But do you really know what it is? The financial burden of a security breach event can be overwhelming and can often be mitigated with the purchase of an insurance policy. In this session, industry experts who have experienced breach events and understand the costs incurred as a result provide tips on breach preparedness, incident response, legal obligations and risk transfer mechanisms to provide balance sheet protection.

Our panelists will be:

There also will be some big name featured speakers, including Ben Bernanke, Chairman, Federal Reserve System (2006–2014) and Tom Friedman, Foreign Affairs Columnist, New York Times

You can register online by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Note:  as a speaker at the conference, I will not be charged a fee to attend the conference.
myspace profile views counter

Join me at the NetDiligence Cyber Risk & Privacy Liability Forum June 11-13, 2014.

Posted on by Leave a comment

 

Looking to attend a great conference where you can learn about cyber risks, cyberinsurance, data breaches, data privacy, cyberattacks, and more? HB Litigation ConferencesThen you should join me for the NetDiligence® Cyber Risk & Privacy Liability Forum.  Hosted by HB Litigation Conferences, it will take place June 11-13, 2014 at the Hyatt at the Bellevue, Philadelphia, PA.

The event will be chaired by:

  • Robert Jones, AIG
  • Paul Miskovich, Axis Pro
  • Jennifer Rothstein, Kroll
  • Jim Giszczak, McDonald Hopkins
  • Tim Stapleton, Zurich
  • Risk Manager Liaison:  Darin Bielby, Navigant

You can find a PDF of the entire agenda by clicking here.

I’ll be a speaker on a panel discussing the “Crime Coverage & Cyber Insurance,” presenting at 9:00 am, Friday morning, June 13.  Our panel will discuss:

  • Coverage in common loss scenarios
  • Discussion of recent claims
  • Court decisions impacting coverage
  • Standard Crime & Cyber policy forms

Our panel and moderator will include:

Take a look at the full agenda by clicking here.  And you can register online by clicking here.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Note:  as a speaker at the conference, I will not be charged a fee to attend the conference.
myspace profile views counter

David Gura interviewed and quoted me in his story, “Lucky for Target, the company had insurance.”

Posted on by Leave a comment

3d laptop with combination wheelDavid Gura put together a news story for Marketplace discussing cyberinsurance and insurance coverage for risks, liabilities, and losses related to data breaches, hacks, and exposures of credit card numbers and information.

The lede is:

Target reported quarterly earnings for the first time since a major data breach that has affected more than 100 million customers. Target says it cost the company $61 million.

David was kind enough to interview me for the news story that was broadcast on the radio; he also quoted me in the written version of the story.  I discuss potential sources of costs and loss that retailers likely would face after a hack and breach of credit card information.  The story provides an overview of cyber insurance.  It’s nice to see that it concludes with a point that insurance companies will have to pay in the event of a claim resulting from a data breach and cyber event.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Please check out: “5 Tips For Reviewing And Buying Cyberinsurance.”

Posted on by 3 comments

Highway Signpost "Cyber Attack"Law360 published an article that I wrote with tips for buying and reviewing cyberinsurance, with special tips for retailers who are considering buying or reviewing cyberinsurance policies.

The article is “5 Tips for Reviewing and Buying Cyberinsurance.”  With the recent rash of cyberattacks, data breaches, and other incidents affecting retailers around the country, it is a good time to turn a careful eye to insurance for cyber and privacy risks.  After a privacy, cybersecurity, or data breach incident, retailers may face a host of issues as a result of those incidents.  The issues may include individual consumer claims, putative class actions, federal and state investigations and regulatory inquiries, and demands from banks, credit card brands, and/or credit card processors.

The introduction to the article reads:

It seems that the cybersecurity was all over the news in 2013, and in 2014, retailers cannot escape the potential of a data breach. In fact, it’s been reported that six further retailers may be suffering data breaches and cyberattacks, beyond the two big retailers that were in the news over the holiday season. If you already have forgotten about your personal New Year’s resolution, consider one for your business: understanding your insurance policies with a view toward coverage for cyber risks.

If you are interested in some take aways regarding your cyberinsurance program, including considerations relating to Payment Card Industry Council compliance (“PCI compliance”), account data compromise events (“ADC events”), case management fees, operational fraud demands, operational reimbursement demands, and more, please take a look at the entire article.  Please check out “5 Tips for Reviewing and Buying Cyberinsurance.”

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.

Rodd Zolkos and Bill Kenealy quote me in their article, “Target tested by holiday credit card data breach.”

Posted on by One comment

Credit card readerRodd Zolkos And Bill Kenealy wrote an article for Business Insurance discussing the alleged data breach that Target Corporation suffered in late 2013, titled, “Target tested by holiday credit card data breach.”

The lede is:

The Target Corp. data breach that exposed 40 million shoppers’ debit and credit card account information has caused lawsuits, state and federal investigations and potential company reputation damage, while raising fresh concerns among other businesses about the worsening risk of cyber attacks.

Rodd and Bill were kind enough to quote me in the piece.  I discuss risk management, cyber security, and insurance coverage for cyber risks.  You may have to register with Business Insurance to see that part of the article.  Other people who work on cyber security and cyber risk questions were cited in the piece as well, and contain comments as to whether PCI-DSS certification, and certification as being PCI compliant, can prevent all cyber attacks and data breaches.

The article has interesting points for risk managers, in house counsel, compliance, and IT personnel.  Please click on over and read the entire piece.

Disclaimer:

This blog is for informational purposes only. This may be considered attorney advertising in some states. The opinions on this blog do not necessarily reflect those of the author’s law firm and/or the author’s past and/or present clients. By reading it, no attorney-client relationship is formed. If you want legal advice, please retain an attorney licensed in your jurisdiction. The opinions expressed here belong only the individual contributor(s). © All rights reserved. 2014.