No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
Overview of Cybersecurity in Government Contracts
Cybersecurity: What Healthcare Providers Need to Know
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
2022 DSIR Deeper Dive: NFTs
No Password Required: The Sailing CTO of Sylint Group Who Routinely Defends Against Nation-State Attacks on Critical Infrastructure
Webinar Recording - Crypto Breaches: Legal & Regulatory Update
No Password Required: A Cybersecurity Education Specialist, Whose Passions Include the Forest, DIY, and Deviled Eggs
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
Defense In-Depth: Cybersecurity For Energy
Greetings and Felicitations - Aly McDevitt on Ransomware Case Study, Part 2
Not If, but When: A Data Protection Roadmap for Legal Teams in a Post-Pandemic World
How to Protect your Organization From a Cybersecurity Attack
Phishing: Cybersecurity’s Biggest Threat
No Password Required: An Infowar Expert Paved the Path From Rock-And-Roll to Cybersecurity
Cybersecurity & Data Privacy Webinar Series: Password Protected: Essential Cybersecurity & Data Privacy Planning for Your Small Business
CF on Cyber: The Anatomy of a Ransomware Attack - Part 2
CF on Cyber: The Anatomy of a Ransomware Attack - Part 1
Fighting Cyber Crime: The $1 Trillion Invisible Threat
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
More than a decade ago, I expressed concern about the Securities and Exchange Commission's predilection for targeting victims of crimes. That concern related to an enforcement action against a company that had been...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
Cyberhackers—potentially frustrated by their limited ability to extort ransom from health care entities in attacks—have started extorting the patients themselves, threatening them with the release of information or...more
In Short - The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more
CYBERSECURITY - Clop Claims Zero-Day Attacks Against 130 Organizations - Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
Businesses can breathe a little easier now that one of the world’s top five ransomware networks, the Hive, has been infiltrated and disbanded by the FBI....more
CYBERSECURITY - World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak - Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of...more
US Federal Appellate Court Issues Opinion on Proof of Injury in Data Breach Cases - On September 2, 2022, the U.S. Court of Appeals for the Third Circuit reinstated a class action lawsuit that had previously been dismissed...more
CYBERSECURITY - Password Manager LastPass Admits to Hack - Password manager LastPass, reportedly used by more than 33 million users, recently announced that it was hacked, and although it reports that no passwords of...more
California Privacy Protection Agency previews draft regulations - On June 8, 2022, less than two months since the California Privacy Protection Agency (“CPPA”) formally took over rulemaking for the California Consumer...more
On May 19, 2022, the Department of Justice (“DOJ”) announced significant clarifications to its policy on charging Computer Fraud and Abuse Act (“CFAA”) violations that give some comfort to cyber security consultants who...more
CYBERSECURITY - Verizon’s 2022 Data Breach Investigations Report: A Must Read - I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just...more
An Article addressing key privacy and data security developments in 2021 and likely trends for 2022, including federal and state regulation and enforcement. This Article also discusses private litigation related to data...more
We continue our year-end review of SEC enforcement activity and turn our attention to a topic grabbing seemingly daily headlines across multiple industries: cybersecurity. As the risks – and realities – of cyberattacks...more
Two major U.S. financial institutions, Morgan Stanley and Capital One, recently agreed to resolve separate class action lawsuits by paying, in the aggregate, hundreds of millions of dollars in compensation for massive data...more
The Justice Department continues to attack and dismantle global ransomware extortion organizations. Business surveys often confirm that executives are hyper-focused on the risk of ransomware attacks against businesses....more
As companies collect growing amounts of data about their customers and other consumers, sophisticated adversaries, recognizing the value of this information, have increased their efforts to pilfer it. For publicly traded...more
On the heels of the First American enforcement action and settlement, this week, the SEC announced a settlement with Pearson plc in connection with a 2018 cyber breach. The SEC disclosed that Pearson, a London-based...more