The past week saw a plethora of headlines announcing new data breach incidents, outcomes of breach cases and new lawsuits being filed in the wake of breaches. From a suit seeking more than $100 million in damages following a January breach of credit card data in South Korea to DNA test results allegedly being posted publicly without donors’ knowledge or consent in the U.S., we round up some of the latest breach headlines here and sum up reports offering advice on how organizations can avoid becoming tomorrow’s breach story.

In the U.S.

The names and Social Security numbers of Lake Erie College of Osteopathic Medicine (LECOM) students “were inadvertently posted on the Internet in April and accessed by Google's search engine” in an incident that “originated from Hubbard-Bert Inc., an Erie business that provides health insurance to LECOM students,” Erie Times-News reports. The company is offering students one year of credit monitoring, the report states.

Washington Examiner reports on a case in Alaska involving Family Tree, which “sold DNA testing kits to consumers, who, after using the kits, returned them to Family Tree for the company to perform an analysis” and allegations that “unbeknownst to and without the consent of its customers, Family Tree also published the results of the genetic tests on its publicly available websites.” The lawsuit alleges “serious and irreversible privacy risks and violates Alaska’s Genetic Privacy Act,” the report states, noting the plaintiff is “seeking compensatory damages in the amount of $5,000, or, if the court finds that Family Tree’s violation of the Genetic Privacy Act resulted in profit or monetary gain, $100,000.”

In New Jersey, U.S. Attorney Paul Fishman has said “he’s considering a U.S. Supreme Court appeal following a Third Circuit ruling vacating the conviction of a hacker who allegedly accessed AT&T servers and stole more than 114,000 Apple iPad users’ e-mail addresses,” Law360 reports.

The Times-Tribune reports on hackers breaching Paytime, Inc., payroll processor for Wayne County, PA, “potentially gaining access to hundreds of government employees’ Social Security numbers, home addresses and bank account information.”

In South Carolina, respondents to a survey in GSA Daily are calling for the details of a 2012 breach involving taxpayers' data to be released. The breach involved the state’s tax agency and affected 3.6 million individuals’ Social Security numbers.

And iHealthBeat reports on multiple breaches involving medical facilities during the first months of 2014.

In a lawsuit stemming from a breach, Claims Journal reports a “University of Pittsburgh Medical Center employee has dropped a Florida payroll firm from her lawsuit on behalf of workers affected by a data breach” as the firm was “misidentified.” The case, which stemmed from a breach that “may have compromised the personal information of 27,000 of its 62,000 employees—including nearly 800 who’ve had bogus tax returns filed using their personal information,” will now move from federal court to Allegheny County Court.

Across the Globe

Yonhap News Agency reports on lawsuits filed against three credit card companies in South Korea over "a recent massive data leak" seeking compensation of up to U.S. $117 million. South Korea’s Financial Supervisory Service “revealed that some 14 million clients' personal data, including bank account numbers, addresses and credit ratings, had been leaked from the three card issuers, KB Kookmin Card Co., NH Nonghyup Card Co. and Lotte Card Co.,” back in January.

Daily Post reports on incidents involving the UK’s Denbighshire Council. “A list of addresses were lost in a street and an iPad was left on a plane in a catalogue of Data Protection Act breaches. Minutes of a Protection of Vulnerable Adults meeting also went astray at Glan Clwyd Hospital after being sent by recorded delivery,” the report states, highlighting issues detailed in a report set to go before Denbighshire County Council’s Corporate Governance Committee.

In New Zealand, reports indicate "the personal information of approximately 3,500 members of the New Zealand Dental Association appears to have been accessible online for more than a year.”

The Implications and What To Do

The Wall Street Journal rounds up several recent survey reports including one from Experian Data Breach Resolution and the Ponemon Institute that lists data breach “among the top three occurrences that affect a company’s reputation,” while Dark Reading looks at that report, entitled “The Aftermath of a Mega Data Breach: Consumer Sentiment,” in more detail.

Fierce CIO reports on a new study, "Avoidable Collateral Damage from Corporate Data Breaches," that found 33 percent of retail customers would “shop elsewhere if their retailer of choice suffers a data breach” while 30 percent of patients would seek new doctors and 24 percent of financial services customers would leave their banks or change credit cards if a breach occurred.

TechDay reports on Symantec’s Internet Security Threat Report, noting it “shows a significant shift in cyber-criminal behavior, revealing the bad guys are plotting for months before pulling off huge heists … In 2013, there was a 62-percent increase in the number of data breaches from the previous year, resulting in more than 552 million identities exposed—proving cybercrime remains a real and damaging threat to consumers and businesses alike.”

A Computerworld report features tips for cybersecurity professionals from Telstra’s Scott McIntyre. Speaking at a recent event in Australia, he said noted data breaches “could be the beginning of a much more complicated process. You need to have a plan to move forward. When you’re trying to explain to people what led to a data breach and what controls were in place and the people on the other side of the table don’t understand these factors, you’re going to have a really tough time.”

Among his recommendations, the report quotes McIntyre as suggesting organizations with Big Data systems “start thinking about what it will cost you to deal with a Big Data breach. If it happened, what would it cost you to reset credentials and potentially change something important about your customers or enterprise?”

In a feature for Inside Counsel Magazine, meanwhile, Ernst & Young’s Adam Cohen writes, "Given the unrelenting onslaught of cyber-attacks peppering the news, it is a good time for inside counsel to brush up on the laws designed to address data breaches … Here, we take a bird’s eye view of state laws mandating notification in the event of unauthorized access to personal information.”

Aaron Weiss writes for eSecurity Planet on how to make sure you're protecting personally identifiable information (PII), referencing a security brief by NSS Labs executives. They suggest, he writes, that “each security breach which leaks PII data has a cumulative weakening effect on users’ personal security in aggregate,” and provide tips on preparing for data breach incidents not as “exceptions” but as “expectations.”

And a Mondaq article notes, "Well-drafted security breach response plans provide a playbook for an organization to follow when it learns of an actual or suspected security incident or data breach" and offers suggestions on the key questions to ask when preparing such a plan.