It’s been an interesting few weeks for those who have followed the Cord Blood Registry (CBR) data breach.

As background: back in February 2011, CBR disclosed that backup tapes with 300,000 people’s information had been stolen from an employee’s unattended vehicle in December 2010. CBR offered those affected one year of free credit monitoring and indicated that they had improved their security. That didn’t satisfy everyone, it seems, as a potential class action lawsuit was filed (Johansson-Dohrmann v. CBR Systems, Inc.).

Then on January 28, the FTC announced that it had settled charges against CBR, which was the first anyone knew that the FTC had opened a case against CBR. The FTC had charged that CBR had not lived up to its privacy policy:

Cbr did not have reasonable policies and procedures to protect the security of information it collected and maintained. In addition, Cbr allegedly created unnecessary risks to personal information by, among other things, transporting backup tapes, a thumb drive, and other portable data storage devices containing personal information in a way that made the information vulnerable to theft.

The settlement included putting CBR under monitoring for 20 years and barred any misrepresentation of their privacy and security protections.

Now today, a judge gave preliminary approval to the class-action lawsuit. Thomson Reuters reports:

Under terms of the proposed settlement, reached last November, CBR will have to provide credit monitoring and identity theft insurance to each affected class member [for up to two years], as well as cash reimbursements for any losses resulting from identity theft.

Plaintiff’s lawyer Patrick Keegan estimated that the credit monitoring package was worth up to $112 million to the class members, according to court documents. The settlement also provides up to $600,000 in payment to the plaintiff’s lawyers.
Source: .Databreaches.net


Currently unrated


There are currently no comments

Add New Comment


required (not published)