On August 7, 2024, after three years of negotiation, the United Nation’s Ad Hoc Committee to Elaborate a Comprehensive International Convention on Countering the Use of Information and Communications Technologies for Criminal...more
Under the Securities and Exchange Commission’s (SEC) new Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule (cybersecurity rule), public companies subject to the cybersecurity rule must promptly...more
Recent activity by the New York Department of Financial Services (NYDFS) and the Securities and Exchange Commission (SEC) highlight the continued focus by government regulators on cybersecurity. As these and other regulators...more
11/17/2023
/ Corporate Governance ,
Cybersecurity ,
Data Breach ,
Data Security ,
Financial Regulatory Reform ,
Financial Services Industry ,
NYDFS ,
Popular ,
Regulatory Agenda ,
Regulatory Reform ,
Securities and Exchange Commission (SEC) ,
Securities Fraud ,
Securities Litigation
On July 26, the Securities and Exchange Commission (“SEC”) finalized a much anticipated rule addressing cybersecurity risk management, strategy, governance, and incident disclosure. Public companies registered with the SEC...more
8/8/2023
/ Compliance ,
Corporate Governance ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Security ,
Disclosure Requirements ,
New Rules ,
Popular ,
Publicly-Traded Companies ,
Reporting Requirements ,
Required Forms ,
Risk Management ,
Securities and Exchange Commission (SEC)
Recent enforcement actions and announcements show that state and federal regulators are continuing to focus intensely on cybersecurity and data protection. Notably, the New York Department of Financial Services (“NYDFS”)...more
7/18/2023
/ Consent Order ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
New York ,
NYDFS ,
Popular ,
Settlement ,
State and Local Government ,
State Data Privacy Laws
On July 29, 2022, the New York Department of Financial Services (NYDFS) published the pre-proposed second amendment to its Cybersecurity Regulations, 23 NYCRR 500 (Part 500), that if adopted, would likely require numerous...more
9/2/2022
/ Covered Entities ,
Cybersecurity ,
Enforcement ,
Exemptions ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Notice Requirements ,
NYDFS ,
Policies and Procedures ,
Popular ,
Second Amendment ,
Third-Party Service Provider
On June 23, 2022, the New York State Department of Financial Services (NYDFS) announced the entry of a Consent Order in connection with its most recent cybersecurity enforcement action, which included a $5 million monetary...more
On May 5, 2022, the U.S. Department of Health and Human Services (HHS) issued a report entitled “Ransomware Trends in the HPH Sector” (HHS Report) that reviewed key cybersecurity threats and trends affecting the U.S....more
Last month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Energy (DOE) issued a joint advisory providing “information on multiple...more
4/26/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Protection ,
Data Security ,
Department of Energy (DOE) ,
FBI ,
Information Sharing ,
International Trade ,
Popular ,
Russia
In the insurance industry, an “endorsement” is used to amend an insurance policy. Endorsements can be used to add items to a policy, amend policy provisions, or update an insured’s coverage. Endorsements also can be used to...more
Cryptocurrency has increasingly become an accepted form of financial exchange. However, it has also become a favored form of payment for cyber criminals. In an effort to deter the use of cryptocurrencies in furtherance of...more
On February 24, 2022, two of three founders of an off-shore cryptocurrency derivatives exchange, the Bitcoin Mercantile Exchange or “BitMEX,” pled guilty to violating the Bank Secrecy Act (BSA) by failing to maintain an...more
3/4/2022
/ Anti-Money Laundering ,
Bank Secrecy Act ,
Bitcoin ,
Broker-Dealer ,
Criminal Prosecution ,
Cryptocurrency ,
Department of Justice (DOJ) ,
FinCEN ,
Investment Adviser ,
Popular ,
Securities Litigation ,
Suspicious Activity Reports (SARs)
The televised “thud” of explosions in Ukraine has an ominous but deceptively distant tone. For many organizations the hostilities are closer at hand, in the form of cyberattacks that could spread beyond the Russian-Ukrainian...more
On January 11, 2022, the U.S. Department of Homeland Security’s Cyber Security and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint...more
According to numerous government and media sources, malicious cyber actors are targeting a new “zero day” vulnerability on a massive scale. This vulnerability, referred to as “Log4j” or “Log4Shell,” has resulted in widespread...more
12/22/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Popular ,
Risk Management ,
Software
We have written here previously about the dramatic increase in cyberattacks on companies of all types since the start of the COVID-19 pandemic. Indeed, by some estimates, ransomware attacks have increased over 90% during the...more
The Department of Homeland Security (DHS) recently announced a new Security Directive requiring companies in the pipeline sector “to better identify, protect against, and respond to” cyber threats. Among other things, the...more
Disruptionware is an emerging type of cyberattack calculated not only to disrupt the availability, integrity and confidentiality of victims’ data, systems and networks, but also to interrupt or shut down the essential...more
Earlier this month, the New York State Department of Financial Services (NYDFS) announced a settlement and consent order with National Securities Corporation (National Securities) for $3 million in connection with National...more
4/27/2021
/ Compliance ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Institutions ,
Financial Services Industry ,
National Security ,
National Security Review Proceedings ,
New York ,
NYDFS ,
Popular ,
Settlement
On March 3, 2021, the New York State Department of Financial Services (NYDFS) announced a settlement with Residential Mortgage Services, Inc. (RMS) for $1.5 million in connection with its violation of the NYDFS Cybersecurity...more
3/8/2021
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Enforcement Actions ,
Financial Services Industry ,
Government Agencies ,
Notification Requirements ,
Personal Data ,
Phishing Scams ,
Popular ,
Risk Assessment ,
Settlement ,
State and Local Government
On February 4, 2021, the Eleventh Circuit Court of Appeals issued a critical opinion addressing Article III standing in private data breach actions, which has been the subject of a closely watched circuit split.
The case,...more
3/2/2021
/ Appeals ,
Article III ,
Class Action ,
Consumer Information ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Injury-in-Fact ,
Personal Information ,
Popular ,
Standing
Earlier this year, the U.S. Department of Justice (“DOJ”) released its highly anticipated Cryptocurrency Enforcement Framework (the “Framework”). The Framework was developed as part of the Attorney General’s Cyber-Digital...more
12/29/2020
/ Biden Administration ,
Bitcoin ,
BSA/AML ,
Commodity Futures Contracts ,
Criminal Investigations ,
Cross-Border Transactions ,
Cryptocurrency ,
Department of Justice (DOJ) ,
Enforcement Actions ,
Popular ,
Securities and Exchange Commission (SEC) ,
Trump Administration ,
U.S. Treasury
On October 8, 2020, Community Health Systems, Inc. (Community Health) and its subsidiary CHSPSC, LLC entered into a settlement agreement with 28 states for $5 million to resolve claims related to a 2014 data breach. Community...more
On September 15, 2020, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert highlighting the recent uptick in “credential stuffing” cyber-attacks against SEC-registered investment advisors...more
9/18/2020
/ Broker-Dealer ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Protection ,
Identity Theft ,
Investment Adviser ,
Popular ,
Risk Alert ,
Securities and Exchange Commission (SEC)
In July 2020, the New York State Department of Financial Services (NYDFS) filed the first enforcement action under the new NYDFS Cybersecurity Regulation, 23 NYCRR Part 500 (Part 500), against First American Title Insurance...more