On February 21, 2025, Bybit, one of the world’s largest cryptocurrency exchanges, suffered a cyberattack resulting in the theft of approximately $1.5 billion in Ethereum tokens. This attack marked a new pinnacle in the...more
3/6/2025
/ Anti-Money Laundering ,
Compliance ,
Cryptocurrency ,
Cybersecurity ,
Data Security ,
Digital Assets ,
Economic Sanctions ,
FinCEN ,
National Security ,
North Korea ,
Office of Foreign Assets Control (OFAC) ,
Privacy Laws ,
Risk Mitigation
On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal...more
On 1 April 2024, the UK and US signed a memorandum of understanding on the science of AI safety. This partnership is the first of its kind and will see the two countries work together to assess risks and develop safety tests...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was...more
Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly...more
Recent activity by the New York Department of Financial Services (NYDFS) and the Securities and Exchange Commission (SEC) highlight the continued focus by government regulators on cybersecurity. As these and other regulators...more
11/17/2023
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Financial Regulatory Reform ,
Financial Services Industry ,
NYDFS ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Litigation
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC...more
8/8/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
New Rules ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
Recent enforcement actions and announcements show that state and federal regulators are continuing to focus intensely on cybersecurity and data protection. Notably, the New York Department of Financial Services (“NYDFS”)...more
7/18/2023
/ Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Settlement ,
State and Local Government ,
State Data Privacy Laws
A recent consent order between the New York State Department of Financial Services (“NYDFS”) and cryptocurrency trading platform, bitFlyer USA (“bitFlyer”), shows that the NYDFS continues to utilize an aggressive enforcement...more
6/21/2023
/ Civil Monetary Penalty ,
Consent Order ,
Cryptocurrency ,
Cyber Attacks ,
Cybersecurity ,
Enforcement Actions ,
Financial Services Industry ,
Information Technology ,
New York ,
NYDFS ,
Regulatory Requirements ,
Regulatory Violations ,
Technology
We have written on previous occasions about the rise in frequency and severity of Business Email Compromise (BEC) cyberattacks. As explained in other posts, BEC attacks are a type of phishing scam typically targeting...more
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
9/2/2022
/ Covered Entities ,
Cybersecurity ,
Enforcement ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Notice Requirements ,
NYDFS ,
Policies and Procedures ,
Popular ,
Second Amendment ,
Third-Party Service Provider
On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
4/26/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Security ,
Department of Energy (DOE) ,
FBI ,
Information Sharing ,
International Trade ,
Popular ,
Russia
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to...more
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the...more
The Federal Trade Commission (FTC) recently warned private entities to remediate any ongoing Log4j vulnerabilities present within their networks or face possible enforcement action....more
The televised “thud” of explosions in Ukraine has an ominous but deceptively distant tone. For many organizations the hostilities are closer at hand, in the form of cyberattacks that could spread beyond the Russian-Ukrainian...more
On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint...more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor...more
We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the...more
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to...more
The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the...more
Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential...more