The Law Offices of Mary N. Chaney, P.L.L.C.
The Cyber Security Law Firm of Texas

Mary's Blog

The Breach Whisperer

About Mary....

Mary N. Chaney, Esq., CISSP® is a former Special Agent for the FBI where she investigated cybercrime, a seasoned corporate executive that built and operated information security teams and now a cybersecurity attorney.

As a self-described “Breach Whisperer” our firm can train your company to properly prepare for your eventual breach!

The overall goal of our firm is to use our wealth of knowledge and expertise to help support, translate and advise, Boards of Directors, CIO's, CISO's and General Counsel's on how to legally protect their company from cyber related risk.

Blog Entries


 

State AG's Had Neiman Marcus In A Head Lock And They Tapped Out!

See Article Here

“Neiman Marcus has agreed to pay $1.5 million to 43 states and the District of Columbia, as well as set up new security procedures, to end an investigation into the 2013 breach of customer payment card data at 77 U.S. stores, attorneys general across the country announced Tuesday.”

As I read the article, I got the image of someone in a head lock and tapping out, saying ok, I give! No company that has a breach can survive an investigation into why they had that breach. There will always be something they did not do because security is not perfect. However, one glaring reason they had to settle, once it was determined that “9,200 of the total payment cards compromised in the breach were used fraudulently.” That’s called damages. Typically, with a credit card breach it is hard for the average consumer to prove damages because they are not really the entity paying for the fraudulent charges, it’s the credit card company. However, state AG’s sue for consumer protection, the protection of the collective of its individual citizens, and Neiman’s had no choice.

All companies need to take into consideration the type of data they have, and if it is data on individual citizens, there is a good chance, if you have a break, you will have to deal with the state AG’s office. Sobering is the comment by Texas AG Ken Paxon “I urge companies to evaluate whether they have in place a thorough and ongoing written information security program that serves to safeguard their customers’ information.”

See people actually still say “information security program.” I am vindicated!