On October 30, 2023, the White House issued an Executive Order to address the growing innovations—and attendant concerns—regarding artificial intelligence (“AI”). The Executive Order is the first federal attempt to broadly...more
11/9/2023
/ Artificial Intelligence ,
Biden Administration ,
Competition ,
Cybersecurity ,
Data Privacy ,
Executive Orders ,
Innovative Technology ,
National Security ,
NIST ,
Popular ,
Risk Management ,
Technology Sector
In late September, two subcommittees of the U.S. House of Representatives held a joint hearing on responding to ransomware attacks. The hearing—held by the Subcommittee on Cybersecurity, Information Technology, and Government...more
On July 26, 2023, the Securities and Exchange Commission (the “SEC”) adopted rules requiring public companies to promptly disclose material cybersecurity breaches on Form 8-K and detailed information regarding their...more
By press release on May 25, 2023, The New York Department of Financial Services (“DFS”) announced a Consent Order with OneMain Financial Group LLC (“OneMain”) for failing to comply with the DFS’s Cybersecurity Regulation (23...more
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
Last month, the Federal Trade Commission (“FTC”) announced its first-ever enforcement action under the Health Breach Notification Rule (“HBNR” or “the Rule”). In a complaint filed in February, the agency alleged that GoodRx...more
On January 26, 2023, the Department of Justice announced its successful “months-long disruption campaign” against a ransomware group known as Hive, signaling the United States’ increased efforts to combat ransomware attacks...more
Medibank, one of Australia’s largest private health insurers, detected a ransomware attack in October 2022. The attackers, believed to be part of a criminal organization based in Russia, exfiltrated approximately 9.7 million...more
On Wednesday, November 9, 2022, the New York Department of Financial Services (“DFS”) announced proposed revisions to New York State’s landmark Cybersecurity Regulation, 23 NYCRR Part 500. The proposed amended regulation...more
On June 24, 2022, the New York Department of Financial Services (“DFS”) announced a cybersecurity settlement with Carnival Corporation d/b/a Carnival Cruise Line, Princess Cruise Lines, Holland America Line, Seabourn Cruise...more
Nothing is certain in life except death, taxes, and now, data breaches. Data breaches are almost an unavoidable cost of doing business in a globally connected world. As if being victimized by cybercriminals wasn’t enough,...more
In a significant development in anti-hacking criminal enforcement, the Department of Justice last week released new guidance for charging violations of the Computer Fraud and Abuse Act (“CFAA”), the nation’s premier computer...more
Ransomware attacks have become headline news in the mainstream media, and a hot topic not only on this blog but in government circles. And with good reason as the United States suffered a staggering 421.5 million ransomware...more
4/5/2022
/ Corporate Counsel ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Security ,
Information Reports ,
Popular ,
Ransomware ,
Risk Management
Throughout the COVID-19 crisis, we have focused on the significant uptick in ransomware attacks. Government agencies such as OFAC, CISA, and New York’s DFS have updated their guidance on how to prepare for and respond to...more
On October 22, 2021, the New York State Department of Financial Services (“DFS”) issued new Guidance regarding a Covered Entity’s compliance with New York’s Cybersecurity Regulation where the Covered Entity relies on the...more
The Biden Administration is zeroing in on cybersecurity. In the wake of a high-profile wave of cyberattacks, including the SolarWinds supply chain attack and the more recent Colonial Pipeline ransomware attack, President...more
In a win for data privacy defendants, Walmart secured a ruling that favors a narrow interpretation of the California Consumer Privacy Act (CCPA). In Gardiner v. Walmart Inc. et al, 4:20-cv-04618-JSW, a Walmart customer,...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to...more
9/4/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Medical Records ,
Medical Research ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware
The New York Department of Financial Services (“DFS”) recently initiated its first enforcement action against a company for violating DFS’s first-in-the-nation cybersecurity regulation. As our readers know, we have written...more
The Zoom videoconferencing platform has been a constant fixture in recent news as the coronavirus pandemic has caused businesses around the world to flock to it, exposing significant cybersecurity and privacy concerns. These...more
In response to the COVID-19 pandemic, the New York Department of Financial Services (DFS) recently extended by 45 days the deadline for companies to certify compliance with the DFS cybersecurity regulation. ...more
The aftermath from one of the largest data breaches in U.S. history is nearing the end, as the presiding judge approved a proposed class action settlement resolving claims arising from Equifax’s September 2017 data breach. ...more
The California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020. See Cal Civ. Code § 1798.100 et al. To date, the CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit...more
10/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Private Right of Action
On August 28, 2019, almost a month after Paige A. Thompson was arrested based on allegations that she hacked into servers rented by Capital One Financial Corporation, a criminal indictment was returned charging her with one...more