What Happens To Your Personal Information After a Data Breach?

What happens to your personal information that is compromised in a data breach? That is the question a lot of us are asking right now after the massive data breach that occurred at Target. Of course, Target is not the only retailer to have been hit by one of the most prevalent crimes of the new economy. Just this year, Mapco customers were also the victims of a data breach.

We know that our banks have to reissue our cards, reimburse us for cash that was illegally debited out of our bank accounts, and that we have to monitor our credit files for unauthorized credit-line openings in our names.

But what are the thieves doing with our personal information? The answer to that question is astonishing. There is a criminal underground economy with websites and chat rooms dedicated to data breaches. Data breach thieves have websites devoted solely to the trafficking of our personal information. These auction sites mirror legitimate consumer websites like ebay or amazon. For a thorough and articulate expose on this underground culture, click on the link below.

http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/

Merck Proposes Settlement Over Fosamax Osteonecrosis Claims

Merck has proposed a $27.7 million to settle with Plaintiffs who sued the company over allegations that its osteoporosis drug Fosamax caused osteonecrosis of the jaw. The condition is a disease that causes bones in the jaw to deteriorate or die.

The proposed settlement was announced earlier this month at a court hearing in New York to resolve 1,140 lawsuits pending in federal and state courts. Of course, any settlement would need to be approved by a judge. The case is In Re Fosamax Products Liability Litigation, U.S. District Court, Southern District of New York, No. 06-md-01789.

According to sources, the settlement would require a 100% participation rate and evidence that the claimants satisfy eligibility requirements. A high participation rate is common in global settlements for mass tort litigation, but this rate is above and beyond the normal participation threshold for such settlements.

At the December 9th hearing, it was announced that plaintiffs' law firms had until January 13, 2014 to inform the Defendants of their intent to participate in the settlement process. Plaintiffs have until March 31, 2014 to opt-out of the settlement. Merck would then have until May 15, 2014 to decide whether or not it will go forward with the deal.

The settlement would resolve a large portion of the 5,255 product liability cases facing Merck over Fosamax, a one-time blockbuster drug with $3 billion in sales in 2007. Sales have declined since Fosamax lost patent protection in 2008. Through September, Merck had reported $421 million in Fosamax sales in 2013, a sharp drop from years past.

Of the lawsuits over Fosamax, about 860 of the cases were before Judge Keenan in New York. Since the cases were consolidated in 2006, Keenan has presided over all of the federal cases. Judge Keenan had held a series of "bellwether" trials, allowing Merck and plaintiffs' lawyers to assess trends and outcomes in similar cases. This is also common in consolidated mass tort cases.

The last Fosamax trial before Judge Keenan was held in February 2013 and resulted in a $285,000 verdict for the plaintiff. Merck lost just one other of the five bellwether trials when a jury awarded Florida resident Shirley Boles $8 million. The judge later cut that sum to $1.5 million. Merck won two other trials in a New Jersey state court over jaw injury claims.

Merck still faces over 4,115 lawsuits over claims that Fosamax causes a completely different type of injury-femur fractures. Those injuries have been more publicized by the media Those lawsuits are consolidated separately in an MDL in front of Judge Brown in the U.S. District Court for New Jersey. What does this proposed settlement mean for those cases? That is unknown, but it may indicate that Merck wants to settle those claims and get all of these Fosamax lawsuits behind them.

TARGET CONFIRMS MASSIVE DATA BREACH

Target, one of the nation’s largest retailers, acknowledged Thursday that data connected to about 40 million credit and debit card accounts was stolen as part of a breach that began over the Thanksgiving weekend.

The theft is the second-largest credit card breach in U.S. history. The largest on record was at Heartland Payment Systems, which revealed in 2009 that roughly 130 million credit and debit cards had been exposed. The second-biggest attack struck TJX Companies, the parent company of TJMaxx and Marshall’s, which said in 2007 that about 45 million credit cards and debit cards had been compromised. The retail giant later negotiated a $40.9 million settlement with Visa over the incident. The TJX data was reportedly stolen by criminals who gained access to payment systems through the wireless networks of individual stores.

Customers who made purchases by swiping their cards at Target’s U.S. stores between November 27 and December 15 may have had their accounts exposed. Target confirmed that the stolen data included customer names, credit and debit card numbers, card expiration dates and the embedded code on the magnetic strip found on the backs of cards. As of yet, there was no indication the three- or four-digit security numbers visible on the back of the card were affected. The information stolen could allow criminals to make fraudulent purchases almost anywhere in the world either on the internet or by making phony cards. The massive data breach did not affect online purchases.

Target has not disclosed exactly how the breach occurred. In any event, the hackers gained access to as many as 40 million credit and debit cards used by customers of Target during the height of the holiday shopping season.

The breach highlighted vulnerabilities in the massive, interconnected shopping systems used for billions of dollars of retail transactions every day. Customers at Target’s nearly 1,800 stores in the United States were potentially affected.

Everyday consumers have had to scramble to cancel compromised cards and have new cards issued. This obviously threatens to cause disruptions as shoppers move into the final days of the busiest time of year for retailers.

The Secret Service has even gotten into the investigation. Major breaches in the past have drawn scrutiny, and in some cases, fines from federal and state officials when they determined that companies did not adequately protect private customer information.

It is estimated that Target will have to spend at least $100 million to cover legal costs and to fix whatever went wrong. Target will owe money to card brands, like Visa and American Express, to reimburse customers for fraudulent transactions.

Target said it notified law enforcement authorities and financial institutions after discovering the breach. The company said it also has hired an outside forensics firm to investigate the incident and strengthen its systems.

The payment systems used in modern retailing are sprawling, with countless card readers in individual stores gathering data, transmitting them on internal corporate networks and communicating with banks before approving purchases. Hackers could potentially find weaknesses at any point in the system. Often, hackers insert a “worm” into the system, which continually accumulates data in hidden folders. The hackers then retrieve the worm, which is full of card holder data.

The massive extent of the breach probably means that hackers reached deeply into Target’s corporate networks rather than accessing systems at individual stores. Criminals also obtained pin codes for debit cards, which conceivably could be used to withdraw cash directly from user bank accounts.

Although not on the same scale, the Mapco breach is extremely similar. The threat of data breaches is a constant threat in the new economy and must be taken seriously. See my previous blog posts in regards to the Mapco breach.

Pittman, Dutton & Hellums, P.C. is currently investigating claims against Target as it relates to their data breach. The breach affects individuals and banking institutions alike. If you were affected by the Target data breach, please contact Booth Samuels at booths@pittmandutton.com or 1-866-515-8880.

News In the Sports-Law World

A few news stories are popping up in the sports-law world. The two main lawsuits making news, of which I have blogged about previously and you can read those posts on this blog, are the NFL concussion case and O'Bannon case.

In the O'Bannon case, the NCAA has moved for summary judgment on the injunction-class plaintiffs. Whether or not they will prevail on their motion will not be determined for some time. The NCAA did file as exhibits some new statements made on the behalf of several athletic directors. Click on the link to the story here:

http://www.usatoday.com/story/sports/college/2013/12/13/ncaa-obannon-name-and-likeness-suit-deposition-filing/4007373/

The other story making news concerns the plaintiffs' attorneys in the NFL concussion case. A proposed settlement was announced in August of this year. That settlement has yet to be approved by the Judge overseeing those lawsuits. Among the accusations levied is that attorneys on the leadership committee are 'double-dipping' on fees. For more on that story, click on the link below:

http://espn.go.com/espn/otl/story/_/id/10146287/nfl-settlement-awaits-preliminary-approval-concern-arises-attorneys-double-billing-plaintiffs

Judge Levies Nearly $1M On Pradaxa Manufacturer

Boehringer Ingelheim GmbH (Boehringer) was hit with almost $1 Million in sanctions for withholding documents requested by Plaintiffs’ attorneys in the Pradaxa MDL.  Boehringer, the German family-owned drugmaker, is the manufacturer of the blood thinner Pradaxa. The allegations against Boehringer over the drug are that Pradaxa® causes excessive internal bleedings which can cause serious complications, including death.

U.S. District Judge David Herndon in East St. Louis, Illinois, who’s overseeing more than 1,700 consolidated lawsuits in the MDL concluded that Boehringer executives acted “in bad faith” by failing to ensure that documents and files about the drug’s development and marketing were preserved. In his 51 page ruling, Judge Herndon stated, “The wrongs here are egregious,” and that he was, “stunned” by their discovery violations. He went on to add that the company’s efforts to safeguard the documents amounted to, “…gross inadequacy”.

In his December 9^th ruling, Herndon wrote that he was forced to deal with claims that Boehringer was improperly withholding documents from the inception of the case consolidation in 2012. He characterized Boehringer as acting in, “bad faith”.

The Plaintiffs argued that Boehringer should have forced employees to preserve documents about the drug’s development and the company’s marketing plan. They also argued that Boehringer failed to order employees to save phone messages, including texts, about their work on Pradaxa® which allowed countless records to be destroyed. Such protocol is often referred to as a “litigation hold”; a routine and regulated aspect of the discovery process in federal and state litigation.

Among other malfeasance, Boehringer could not produce files of a high-level scientist involved in developing Pradaxa® or documents by consultants who worked on the marketing plan. The Court’s Order indicates that the files of Professor Thorsten Lehr may be among the evidence that allegedly was destroyed by Boehringer. Court documents describe Professor Lehr as a prominent scientist who played a key role in developing Pradaxa® and who authored a study that initially concluded that Pradaxa®’s safety was related to the therapeutic range of the drug. The Court’s Order explains that Professor Lehr’s desire to publicly disclose the existence of a therapeutic range for Pradaxa® was highly controversial within the company. The order quotes Boehringer employee, Dr. Andreas Clemens, who stated, “The world is crying for this information – but the tricky part is that we have to tailor the messages smart.” The Order further states that, ultimately, Boehringer required that the study be revised to exclude information about therapeutic range.

Judge Herndon ruled that all of these actions justified sanctions amounting to $931,000.

Along with the fine, Boehringer executives must turn over files that are in their possession or officially inform the court that they cannot. Judge Herndon did not leave out the opportunity to levy additional sanctions against the corporation over the missing files.

Plaintiffs allege that Boehringer executives knew Pradaxa® posed a deadly risk when they brought the drug to the U.S. market in October 2010. Unlike older blood thinners, Pradaxa® has no antidote to reverse its effects, which can lead to so-called bleed-out deaths. FDA officials said they received reports of 542 deaths and 3,781 side-effect incidents tied to the drug in 2011.

This is not the first time in this litigation Boehringer has been sanctioned. In a September 18, 2013 Order, the Court sanctioned Boehringer in the amount of $29,540. The Order stated that the Court was a firm believer in progressive discipline, and that Boehringer was required to abide by the discovery rules.

Pittman, Dutton & Hellums, P.C. is currently investigating claims for patients injured by Pradaxa®. Contact Booth Samuels at 1-866-515-8880 or at booths@pittmandutton.com for a free consultation.

5th Circuit Throws More Confusion Into BP Claim Process

The Deepwater Horizon BP settlement claims process has taken a life of its own. Upset about how the claims process has turned out, lawyers for BP have appealed their own settlement agreement twice  to the 5th Circuit. Both times, the 5th Circuit has appeared to side with BP. Outlandish as it may seem, BP is trying to have a settlement that they vetted and agreed to, that District Judge Barbier approved, and a settlement that they stuck to for over a year, thrown out.

 

BP's main argument is that there has to be causation in a settlement agreement. I think that this is ludicrous-how could any party settle any lawsuit for any conceivable controversy if  the plaintiff has to prove causation. For more on the latest in this legal odyssey, see The Times Picayune/nola.com article below:

http://www.nola.com/news/gulf-oil-spill/index.ssf/2013/12/5th_circuit_orders_temporary_h.html#incart_m-rpt-2

It's "Drive Safer Sunday"

Today is one of the busiest travel days our country experiences- not only for air travel, but our roads as well. In fact, the Sunday after Thanksgiving is the busiest traffic day of the year.

Road Safe America, a non-profit organization, was formed out of tragedy to attempt one single goal-make our highways safer. RSA pushes for not only safer roads for regular travelers, but for the truckers themselves. It's a great organization with a great mission.

Below is a link to an interview with Steve Owings, co-founder of RSA.

http://kplr11.com/2013/11/25/drive-safer-sunday-after-thanksgiving/

Please remember to drive safer this Sunday.