On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint...more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
With cyberattacks continuing to plague the financial services industry, the New York Department of Financial Services (NYDFS) recently released new guidance for regulated entities related to the use of Multi-Factor...more
In October, the United States Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) published new guidance for the virtual currency industry focusing on compliance with the financial industry’s obligations...more
On October 28, 2021, in a speech before the American Bar Association’s 36th Annual National Institute on White Collar Crime, Deputy Attorney General Lisa Monaco formally announced that the Department of Justice is taking...more
We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the...more
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to...more
The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the...more
Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential...more
On April 15, 2021, the New York Department of Financial Services (NYDFS) issued a report on the recent SolarWinds cyberattack. A copy of the report is available... NYDFS called the attack a “wake-up call” to regulated...more
Earlier this month, the New York State Department of Financial Services (NYDFS) announced a settlement and consent order with National Securities Corporation (National Securities) for $3 million in connection with National...more
4/27/2021
/ Compliance ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
National Security ,
National Security Review Proceedings ,
New York ,
NYDFS ,
Popular ,
Settlement
On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity...more
3/8/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Services Industry ,
Government Agencies ,
Notification Requirements ,
Personal Data ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Settlement ,
State and Local Government
On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.
The case,...more
3/2/2021
/ Appeals ,
Article III ,
Class Action ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Injury-in-Fact ,
Personal Information ,
Popular ,
Standing
With President Biden’s nomination of D.C. Circuit Judge Merrick Garland for U.S. attorney general proceeding toward confirmation in the Senate, the leader of the nation’s legal department is poised to change enforcement...more
On January 8, 2021, Judge Richard Seeborg of the United States District Court for the Northern District of California issued an Order denying a motion to dismiss in S.E.C. v. NAC Foundation, LLC, et al. The U.S. Securities &...more
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting...more
1/15/2021
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Employees ,
Employer Liability Issues ,
Multi-Factor Authentication ,
Network Security ,
Remote Working ,
Telecommuting ,
Virtual Private Networks
Earlier this year, the U.S. Department of Justice (“DOJ”) released its highly anticipated Cryptocurrency Enforcement Framework (the “Framework”). The Framework was developed as part of the Attorney General’s Cyber-Digital...more
12/29/2020
/ Biden Administration ,
Bitcoin ,
BSA/AML ,
Commodity Futures Contracts ,
Criminal Investigations ,
Cross-Border Transactions ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Popular ,
Securities and Exchange Commission (SEC) ,
Trump Administration ,
U.S. Treasury
Earlier this week, Texas-based IT software vendor SolarWinds issued a critical security advisory, acknowledging that a “highly sophisticated” hacker had inserted a vulnerability in an updated version of SolarWinds’ Orion...more
On December 1, 2020, the U.S. Commodity Futures Trading Commission (“CFTC”) Division of Enforcement released its Annual Report, which details a “record-breaking” fiscal year 2020 (“FY 2020”), despite the challenges presented...more
As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other...more
On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
FBI ,
Federal Agency Taskforce ,
Healthcare ,
Healthcare Facilities ,
Malware ,
Public Health ,
Ransomware
The outcome of the 2020 general election in the United States will determine which of two visions of the investigative and prosecutorial arms of the federal executive branch will prevail for 2021 and beyond. The campaigns and...more
On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community...more
On September 17, 2020, the SEC announced the imposition of a cease-and-desist order against private equity firm Welsh, Carson, Anderson & Stowe (Welsh Carson), an SEC-registered investment manager, in connection with alleged...more
On October 1, 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to companies that pay a ransom in the wake of a cyberattack. Specifically, the advisory warned that...more