We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the...more
On July 2, 2021, Kaseya Ltd., a Florida-based firm that provides software tools to thousands of primarily small and mid-sized businesses, became the latest victim of a high-profile ransomware attack. The attack is believed to...more
The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the...more
Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential...more
On April 15, 2021, the New York Department of Financial Services (NYDFS) issued a report on the recent SolarWinds cyberattack. A copy of the report is available... NYDFS called the attack a “wake-up call” to regulated...more
Earlier this month, the New York State Department of Financial Services (NYDFS) announced a settlement and consent order with National Securities Corporation (National Securities) for $3 million in connection with National...more
4/27/2021
/ Compliance ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
National Security ,
National Security Review Proceedings ,
New York ,
NYDFS ,
Popular ,
Settlement
On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity...more
3/8/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Services Industry ,
Government Agencies ,
Notification Requirements ,
Personal Data ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Settlement ,
State and Local Government
On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.
The case,...more
3/2/2021
/ Appeals ,
Article III ,
Class Action ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Injury-in-Fact ,
Personal Information ,
Popular ,
Standing
With President Biden’s nomination of D.C. Circuit Judge Merrick Garland for U.S. attorney general proceeding toward confirmation in the Senate, the leader of the nation’s legal department is poised to change enforcement...more
On January 8, 2021, Judge Richard Seeborg of the United States District Court for the Northern District of California issued an Order denying a motion to dismiss in S.E.C. v. NAC Foundation, LLC, et al. The U.S. Securities &...more
As the COVID era drags on, it is clear that work life “post-COVID” may be very different from life “pre-COVID.” This is especially true as it relates to IT security. More and more employees have shifted to a telecommuting...more
1/15/2021
/ Coronavirus/COVID-19 ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Employees ,
Employer Liability Issues ,
Multi-Factor Authentication ,
Network Security ,
Remote Working ,
Telecommuting ,
Virtual Private Networks
Earlier this year, the U.S. Department of Justice (“DOJ”) released its highly anticipated Cryptocurrency Enforcement Framework (the “Framework”). The Framework was developed as part of the Attorney General’s Cyber-Digital...more
12/29/2020
/ Biden Administration ,
Bitcoin ,
BSA/AML ,
Commodity Futures Contracts ,
Criminal Investigations ,
Cross-Border Transactions ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Popular ,
Securities and Exchange Commission (SEC) ,
Trump Administration ,
U.S. Treasury
Earlier this week, Texas-based IT software vendor SolarWinds issued a critical security advisory, acknowledging that a “highly sophisticated” hacker had inserted a vulnerability in an updated version of SolarWinds’ Orion...more
On December 1, 2020, the U.S. Commodity Futures Trading Commission (“CFTC”) Division of Enforcement released its Annual Report, which details a “record-breaking” fiscal year 2020 (“FY 2020”), despite the challenges presented...more
As COVID-19 vaccine approvals and eventual distribution kicks into high gear, there has been a corresponding – and not particularly surprising – increase in cyber threat activity targeting both vaccine producers and other...more
On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a...more
10/30/2020
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Department of Health and Human Services (HHS) ,
FBI ,
Federal Agency Taskforce ,
Healthcare ,
Healthcare Facilities ,
Malware ,
Public Health ,
Ransomware
The outcome of the 2020 general election in the United States will determine which of two visions of the investigative and prosecutorial arms of the federal executive branch will prevail for 2021 and beyond. The campaigns and...more
On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community...more
On September 17, 2020, the SEC announced the imposition of a cease-and-desist order against private equity firm Welsh, Carson, Anderson & Stowe (Welsh Carson), an SEC-registered investment manager, in connection with alleged...more
On October 1, 2020, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an advisory to companies that pay a ransom in the wake of a cyberattack. Specifically, the advisory warned that...more
On September 15, 2020, the New York Attorney General’s Office (NYAG) announced a settlement with Dunkin’ Brands, Inc. (Dunkin) in connection with a September 2019 lawsuit brought by the NYAG against Dunkin for alleged...more
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors...more
9/18/2020
/ Broker-Dealer ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Identity Theft ,
Investment Adviser ,
Popular ,
Risk Alert ,
Securities and Exchange Commission (SEC)
In July 2020, the New York State Department of Financial Services (NYDFS) filed the first enforcement action under the new NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), against First American Title Insurance...more
Business Email Compromise (BEC) scams have become increasingly commonplace and financially destructive. According to the Federal Bureau of Investigation (FBI), 2019 was the worst year on record for BEC scams — both in terms...more
On May 26, 2020, a United States Magistrate Judge in the Eastern District of Virginia ordered Capital One to disclose to class action plaintiffs a report prepared by Mandiant, a cyber forensics firm, for Capital One’s outside...more