On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations. The Amendments, if adopted, would further regulatory trends and impose important new...more
In a report released June 21, 2022, the U.S. Government Accountability Office (GAO) urged the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Department of the...more
The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to...more
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening...more
As anticipated, the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Federal Reserve”), and the Federal Deposit Insurance Corporation...more
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a...more
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System...more
1. Overview of the regulatory issues facing companies—and cyber insurers—that may need to respond to ransomware emanating from a threat actor or group with potential ties to entities on federal lists.-
The U.S. Treasury...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
8/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Information Technology ,
Insurance Industry ,
NAIC ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers,...more
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
7/23/2019
/ Consumer Financial Protection Bureau (CFPB) ,
Credit Monitoring ,
Credit Reporting Agencies ,
Cyber Attacks ,
Data Breach ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Qualified Settlement Funds ,
Settlement Agreements ,
Vulnerability Assessments
Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. ...more
6/3/2019
/ Article III ,
Cause of Action Accrual ,
Class Action ,
Consumer Fraud ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Damages ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Retail Market ,
Standing
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more
2/3/2017
/ Appeals ,
Class Action ,
Class Certification ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Settlement ,
Target
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing
The Bank for International Settlement (BIS) Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) last week issued the first internationally agreed-upon...more
7/7/2016
/ Bureau of Industry and Security (BIS) ,
Committee on Payments and Market Infrastructure (CPMI) ,
Corporate Governance ,
Cyber Attacks ,
Cybersecurity ,
Financial Institutions ,
Financial Markets ,
Gramm-Leach-Blilely Act ,
IOSCO ,
New Guidance ,
Risk Management
Powered in part by the growing use of Internet of Things (IoT) technologies, cybersecurity has surged to become one of the leading concerns for global manufacturers, according to a recently released study....more
Nearly three in five Californians were victims of a data breach in 2015, according to a report released by state Attorney General Kamala D. Harris. The report adopts minimum standards of ''reasonable security'' for personal...more