On October 22, 2021, the New York State Department of Financial Services (“DFS”) issued new Guidance regarding a Covered Entity’s compliance with New York’s Cybersecurity Regulation where the Covered Entity relies on the...more
A little over two weeks ago, T-Mobile became the latest victim of a cyberattack when more than 50 million of their customers’ data was stolen. In the ensuing weeks, three class action suits have been filed against the...more
Earlier this year, New York City passed a law restricting the collection and/or use of biometric technology by certain businesses. The new law goes into effect July 9, meaning applicable businesses have a couple more weeks...more
The Biden Administration is zeroing in on cybersecurity. In the wake of a high-profile wave of cyberattacks, including the SolarWinds supply chain attack and the more recent Colonial Pipeline ransomware attack, President...more
In the wake of a data breach, counsel will often require the assistance of a forensic firm in order to provide legal advice to their client. The forensic analysis—which is often memorialized in a report to counsel—is crucial...more
In a win for data privacy defendants, Walmart secured a ruling that favors a narrow interpretation of the California Consumer Privacy Act (CCPA). In Gardiner v. Walmart Inc. et al, 4:20-cv-04618-JSW, a Walmart customer,...more
On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as...more
The United States Supreme Court heard oral argument on Monday in Van Buren v. United States, No. 19-783, a landmark case involving a key provision of the Computer Fraud and Abuse Act (“CFAA”). At issue was whether a person...more
As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to...more
9/4/2020
/ Coronavirus/COVID-19 ,
Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Hackers ,
Medical Records ,
Medical Research ,
Personally Identifiable Information ,
Phishing Scams ,
Ransomware
The New York Department of Financial Services (“DFS”) recently initiated its first enforcement action against a company for violating DFS’s first-in-the-nation cybersecurity regulation. As our readers know, we have written...more
Well before the California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) commenced on July 1, 2020, as we have recently reported, private plaintiffs had already jumped into the fray, suing...more
Last week, a magistrate judge in the Eastern District of Virginia held that a breach report prepared by Mandiant (a digital forensics investigator, among other things) in response to the Capital One data breach was not...more
The Zoom videoconferencing platform has been a constant fixture in recent news as the coronavirus pandemic has caused businesses around the world to flock to it, exposing significant cybersecurity and privacy concerns. These...more
We have previously written about the thorny questions surrounding the Computer Fraud and Abuse Act (“CFAA”), including how its ambiguous language concerning what computer use is “authorized” has divided the Circuits and how...more
In response to the COVID-19 pandemic, the New York Department of Financial Services (DFS) recently extended by 45 days the deadline for companies to certify compliance with the DFS cybersecurity regulation. ...more
The aftermath from one of the largest data breaches in U.S. history is nearing the end, as the presiding judge approved a proposed class action settlement resolving claims arising from Equifax’s September 2017 data breach. ...more
The California Consumer Privacy Act (“CCPA”) becomes operative on January 1, 2020. See Cal Civ. Code § 1798.100 et al. To date, the CCPA is the most sweeping consumer privacy law in the United States, covering most for-profit...more
10/3/2019
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Personal Information ,
Privacy Laws ,
Private Right of Action
This past week, The Home Depot, Inc. became the latest business hit with a class action lawsuit for their use of facial recognition security cameras allegedly in violation of the Illinois Biometric Information Privacy Act. ...more
On August 28, 2019, almost a month after Paige A. Thompson was arrested based on allegations that she hacked into servers rented by Capital One Financial Corporation, a criminal indictment was returned charging her with one...more
On May 6, 2019, Magistrate Judge Gorenstein issued an order that should be a wake-up call for attorneys contemplating hiring and sharing privileged communications with an outside public relations firm. This decision also has...more
The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ....more
8/24/2019
/ Cal Code of Civil Procedure ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Declaratory Relief ,
Injunctive Relief ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Statutory Damages
Today, New York’s top financial regulator, the Department of Financial Services, announced the formation of a dedicated “Cybersecurity Division.” In a news release issued earlier today, the agency said the new division “will...more
The FBI’s Internet Crime Complaint Center, better known as IC3, released its 2018 Internet Crimes Report. For those unfamiliar with the IC3, it was established by the FBI in May 2000 as a central repository for public...more
The nation’s top law enforcement agency is rebooting its cybercrime capabilities.
In an effort to keep up with the evolving threats against property, critical infrastructure and human life posed by cyber-attacks –especially...more
Yesterday, the United States indicted two Iranian hackers for their roles in a series of major ransomware attacks that started in 2016 and lasted almost three years. The attacks crippled schools, hospitals, the private...more