In a reminder that open source products can carry significant risks beyond intellectual property, a vulnerability in a compression tool commonly used by developers has triggered widespread concerns....more
On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations. The Amendments, if adopted, would further regulatory trends and impose important new...more
On March 15, 2022, President Joe Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), which increased funding for the federal Cybersecurity and Critical Infrastructure Agency (CISA) and...more
2021 proved to be a momentous year for privacy and data security law. The scourge of ransomware continued last year, leading to record-setting ransomware payments, a muscular response from the federal government, a hardening...more
On August 12, 2021, the United States District Court for the District of South Carolina issued an opinion denying in part and granting in part a motion by Blackbaud to dismiss seven statutory claims brought by plaintiffs in a...more
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System...more
1. Overview of the regulatory issues facing companies—and cyber insurers—that may need to respond to ransomware emanating from a threat actor or group with potential ties to entities on federal lists.-
The U.S. Treasury...more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
8/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Information Technology ,
Insurance Industry ,
NAIC ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
On July 26, 2019, Connecticut Governor Ned Lamont signed into the law the state’s new Insurance Data Security Law, which imposes new information security, risk management, and reporting requirements for carriers, producers,...more
The Arizona Legislature has significantly expanded and strengthened the state's data breach notification law. The legislation was signed by Arizona Governor Doug Ducey on April 11, 2018....more
4/18/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Notice Requirements ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Given the nearly daily reports of data breaches, ransomware attacks and phishing exploits affecting entities of all sizes, Arizona entities should be aware that Arizona law may require them to provide notice to employees,...more
3/22/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Any entity that does business in these states or maintains confidential information of their residents should monitor the proposed data breach legislation discussed below: Oregon, New York, Alabama, and Rhode Island....more
3/5/2018
/ Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Equifax ,
Hackers ,
Legislative Agendas ,
Personally Identifiable Information ,
Popular ,
Preemption ,
Proposed Legislation ,
State and Local Government ,
State Data Breach Notification Statutes
The Arizona State Legislature is considering proposed legislation that, if enacted, would significantly change the requirements for how Arizona entities respond to data breaches....more
The State of Washington's Attorney General filed a complaint against Uber Technologies, Inc., (Uber) this week related to the 2016 hack that exposed the personal data of 57 million riders and drivers. The suit is the first...more
In the span of just nine days, the U.S. Court of Appeals for the Eighth Circuit issued two rulings in class actions involving data breaches—one breach in 2013 at brokerage firm Scottrade and another in 2014 at grocery stores...more
9/5/2017
/ Article III ,
Breach of Contract ,
Brokerage Accounts ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Federal Rule 12(b)(6) ,
Grocery Stores ,
Hackers ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Scottrade ,
Standing
The U.S. District Court for the District of Colorado recently dismissed a proposed class action lawsuit filed by financial institutions relating to a 2016 data breach that involved hundreds of Noodles & Company (Noodles)...more
7/27/2017
/ Banking Sector ,
Choice-of-Law ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Data Breach ,
Economic Loss Doctrine ,
Financial Institutions ,
PCI-DSS Standard ,
Personally Identifiable Information ,
Popular ,
Restaurant Industry
The U.S. Securities and Exchange Commission's Office of Compliance Inspections and Examinations (OCIE) has issued a Risk Alert in the wake of the widespread WannaCry ransomware attack that has inflicted hundreds of thousands...more
5/19/2017
/ Broker-Dealer ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Investment Management ,
Malware ,
OCIE ,
Phishing Scams ,
Ransomware ,
Risk Alert ,
Risk Management ,
Securities and Exchange Commission (SEC)
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more
2/3/2017
/ Appeals ,
Class Action ,
Class Certification ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Settlement ,
Target
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing