On March 2, 2023, the White House released its National Cybersecurity Strategy (the Strategy). The Strategy sets out ambitious goals for the federal government to hold countries accountable for irresponsible behavior in...more
On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020...more
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity...more
On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach...more
In a security advisory this past weekend, SolarWinds disclosed that its systems experienced a highly sophisticated supply chain attack on versions of its Orion network monitoring products released between March and June...more
12/15/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
SolarWinds
In an October 16, 2018 investigation report, the Securities and Exchange Commission found that nine companies that suffered Business Email Compromise, or BEC, had insufficient internal controls to prevent such attacks....more
11/1/2018
/ Cyber Attacks ,
Cybersecurity ,
Email ,
Hackers ,
Information Governance ,
Internal Controls ,
Publicly-Traded Companies ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Security and Privacy Controls ,
Wire Fraud
On February 21, 2018, the U.S. Securities and Exchange Commission (SEC) released its latest Interpretive Guidance on Public Company Cybersecurity Disclosures. Although cybersecurity has been a focus of the SEC for many years,...more
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and...more
1/30/2018
/ Article 29 Working Party (WP29) ,
Carpenter v US ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NHTSA ,
Pending Legislation ,
Uber ,
US v Microsoft
Nearly a year ago, in February 2017, the IRS issued a warning regarding phishing attacks targeting a broad range of companies. The scam involves a hacker impersonating an employee of a company, usually the CEO, and sending an...more
In early January 2018, security researchers released their findings about vulnerabilities affecting almost all computer chips that could allow a hacker to access data stored in the memory of the chips. Dubbed "Spectre" and...more
On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo regarding the company's practice of pre-loading software on its laptops that...more