Saks, Arby’s Data Breaches Spur State Legislation

A flurry of state legislation has been introduced this year over data breaches and whether consumers can recover their losses. Saks disclosed that up to 40 million credit card numbers were hacked in 2015, prompting lawmakers around the country to consider new laws governing these types of incidents. In response, Arby’s proposed a self-regulatory program for handling security breaches.

The “state data breach notification laws chart” is a visual representation of state data breach notification laws. The chart includes the date that each state passed its own law, the type of information that must be disclosed and what type of entity must comply with it.

Saks, Arby's Data Breaches Spur State Legislation

Data breaches aren’t going away anytime soon, and the recent epidemic of privacy intrusions has prompted state legislation as well as consumer worry.

Saks Fifth Avenue, Arby’s, and JobLink have all had serious data breaches this year.

In 2016, the number of data breaches in the United States reached an all-time high of approximately 1,100, a 40% rise over 2015. They may hit a new high in 2017, with many high-profile data breaches already putting Americans’ personal information at risk.

Saks Fifth Avenue, Arby’s, and JobLink have all had serious data breaches this year. Hundreds of thousands of people’s data may have been exposed as a result of these breaches.

These assaults also spurred the state of New Mexico, which had previously been one of the only states without a data breach reporting statute, to eventually pass one.

Free Case Evaluation

Tens of thousands of people are allegedly at risk as a result of the Saks breach.

Saks Fifth Avenue reportedly displayed consumers’ email addresses, phone numbers, IP addresses, and product codes (of the times they were interested in buying) on unencrypted pages on its website, as originally revealed by BuzzFeed News last week. If accurate, this flaw would have put the data of tens of thousands of consumers at risk.

“This is as terrible as it gets in terms of security.” “Everyone is at risk.”

“The security of our consumers is of highest concern,” a spokesman for Hudson’s Bay Company, which owns and operates the Saks website, told BuzzFeed News, “and we are acting swiftly and aggressively to remedy the matter, which is restricted to a low single-digit proportion of email addresses.”

“We have fixed any problem relating to customer phone numbers, which was an even lesser fraction,” the representative continued.

“This is as terrible as security gets,” cybersecurity expert Robert Graham told the site. “Everyone is at risk.”

As a consequence, numerous customers are considering filing a data breach lawsuit against Hudson’s Bay. Whether you or a loved one has suffered financial or reputational harm as a consequence of this claimed breach, please contact us immediately to see if you or a loved one may be eligible for compensation.

Neiman Marcus Pays $1.6 Million to Resolve Data Breach Lawsuit

Saks owner Hudson’s Bay Company is apparently in discussions to combine with Neiman Marcus, which just paid $1.6 million to resolve a data breach case brought by attorney John Yanchunis. (If the reported merger goes through, consumers may find it difficult to trust Hudson’s Bay with their credit cards.)

In December 2013, a data breach at Neiman Marcus purportedly compromised the credit card information of 350,000 customers. The number was substantially smaller, according to Neiman Marcus, with just 9,200 accounts.

According to the terms of the settlement, each class member might get up to $100, and class advocates could receive up to $2,500 for their efforts.

Mr. Yanchunis has established himself as one of the country’s top data breach lawyers. He was just designated lead plaintiffs’ counsel in the Yahoo data breach case, which is the world’s biggest class action lawsuit, with over a billion plaintiffs.


New Mexico is the first state to pass a data breach law.

Following these large-scale breaches, as well as those at Arby’s and JobLink, among others, New Mexico’s state legislature has finally passed cybersecurity legislation: the Data Breach Notification Act, or H.B. 15. The bill will now be sent to Governor Susana Martinez for signing.

The following is taken from H.B. 15:

  • When personal identifiable information is “no longer legitimately required for commercial reasons,” companies and organizations must dispose of it.
  • “Implement and maintain acceptable security measures and practices suitable to the nature of the information to safeguard personal identifying information against unauthorized access, destruction, use, alteration, or disclosure,” companies and organizations must state.
  • A data breach must be reported to the impacted parties within 45 days of discovering it. However, if the breach does not pose a “significant risk of identity theft or fraud,” no notification is necessary. (“A major danger” is probably something lawyers will debate in court.)
  • The attorney general and credit bureaus must also be informed if a data leak affects more than 1,000 New Mexicans.

If the steps listed above seem to be common sense, they are. Except for New Mexico, Alabama, and South Dakota, all states have comparable data breach regulations. Only Alabama and South Dakota’s customers are comparatively vulnerable now that New Mexico has joined the rest of the nation in the twenty-first century.

Contact an attorney immediately for a free, no-obligation legal consultation if you or a loved one has been the victim of fraudulent credit card transactions and/or identity theft as a consequence of a data breach.

The “data breach reporting requirements” are a new law that has been passed in states across the U.S. The law is meant to help protect consumers and companies from data breaches.

Related Tags

  • federal data breach notification law 2020
  • federal data breach laws
  • most states breach notification laws apply to
  • massachusetts data breach law
  • massachusetts data breach reporting