In the words of CBS News, “another day, another high-profile password hack.” LivingSocial posted a security notice on its website on April 27, 2013 alerting users to a cyberattack of its servers. For those readers who have not used the company’s services, LivingSocial is a discount site similar to Groupon that claims more than 70 million members worldwide. As of November 2012, LivingSocial advertised that it had sold over 123 million vouchers. As first reported by tech blog AllThingsD, customer data for more than 50 million users may have been accessed. Some of this data may include users’ names, email addresses, encrypted passwords and the dates of birth. Avid readers of this blog may recall that we discussed the rise in litigation following high-profile hacking in January. That post was recently expanded into a full-length article in Managing IP. In quick summary, plaintiffs’ counsel are finding new and novel ways… Continue Reading
This article in Lawyers.com exlores the Washington State privacy act after the Court of Appeals in Washington rejected an argument that the state’s use of his text messages violated the privacy act. Providing commentary in the piece is Haynes and Boone, LLP Partner David Siegal.
Apple should be celebrating. Its App Store recently exceeded 2 billion downloads. Over 600,000 apps are now available for the iPhone, iPad and iPod Touch. Yet, continuing claims of fraud surely dampen any celebration and threaten to sour the App Store’s reputation as a secure marketplace. The New York Times recently shared Ryan Matthew Pierson’s story. In about an hour, Mr. Pierson’s iTunes account was charged $437.71 for virtual currency that he could use to buy guns, nightclubs and cars in iMobsters, a popular iPhone game. The problem is, Mr. Pierson has never played the game. He was the victim of fraud. Unfortunately, Mr. Pierson is not alone. Hundreds of others have complained that the App Store is not secure. Consumers are not the sole victims of this fraud. Developers lose hundreds of thousands of dollars to App Store fraud. Compounding their problems is consumers’ perception that developers are to blame… Continue Reading
>If not done properly, gathering personal data from gamers can bring game developers into the legal crosshairs. For instance, an iPhone game player recently sued game developer Storm8 for allegedly collecting phone numbers without permission from players who downloaded Storm8’s games from the iTunes app store. The complaint alleges the game software automatically collects and transmits the iPhone telephone number of each player back to Storm8, in violation of the Computer Fraud and Abuse Act and California state laws. Back in August, reports surfaced that Storm8′s games transmitted players’ wireless numbers back to the company’s servers. Storm8 responded that previous versions of the game software had a bug – that has since been fixed. The lawsuit’s objective appears to be an injunction barring Storm8 from collecting phone numbers in the future. However, even if Storm8 engaged in some unauthorized data gathering, the player still may not have a legally recognizable… Continue Reading
>Massachusetts is on track to became the first state to mandate that game companies (and other companies) storing the personal information of state residents must comply with specific data security practices. Massachusetts enacted a data protection statute on October 31, 2007, authorizing the Massachusetts Office of Consumer Affairs and Business Regulation (“OCABR”) to develop regulations implementing the statute. OCABR has now issued regulations set to go into effect on January 1, 2010. These regulations require game companies (regardless of where a company is located) to comply with certain administrative and computer security requirements when storing or transferring personal information that has been gathered from gamers or company employees living in Massachusetts.Under the regulations, games companies must create and follow a security program that includes, among other things, assignment of personnel to oversee and update the security program, identification of all records containing personal information, identification of security risks to those… Continue Reading