No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
Overview of Cybersecurity in Government Contracts
Cybersecurity: What Healthcare Providers Need to Know
No Password Required: The Teenage CEO of Girls Who Hack and Secure Open Vote, Who Is as Comfortable Behind a Mic as She Is Behind a Keyboard.
2022 DSIR Deeper Dive: NFTs
No Password Required: The Sailing CTO of Sylint Group Who Routinely Defends Against Nation-State Attacks on Critical Infrastructure
Webinar Recording - Crypto Breaches: Legal & Regulatory Update
No Password Required: A Cybersecurity Education Specialist, Whose Passions Include the Forest, DIY, and Deviled Eggs
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
Defense In-Depth: Cybersecurity For Energy
Greetings and Felicitations - Aly McDevitt on Ransomware Case Study, Part 2
Not If, but When: A Data Protection Roadmap for Legal Teams in a Post-Pandemic World
How to Protect your Organization From a Cybersecurity Attack
Phishing: Cybersecurity’s Biggest Threat
No Password Required: An Infowar Expert Paved the Path From Rock-And-Roll to Cybersecurity
Cybersecurity & Data Privacy Webinar Series: Password Protected: Essential Cybersecurity & Data Privacy Planning for Your Small Business
CF on Cyber: The Anatomy of a Ransomware Attack - Part 2
CF on Cyber: The Anatomy of a Ransomware Attack - Part 1
Fighting Cyber Crime: The $1 Trillion Invisible Threat
On January 23, 2025, PayPal settled an enforcement action brought by the New York State Department of Financial Services (NY DFS) for failing to comply with cybersecurity regulations required for financial services businesses...more
More than a decade ago, I expressed concern about the Securities and Exchange Commission's predilection for targeting victims of crimes. That concern related to an enforcement action against a company that had been...more
The SEC recently issued an order and settlement against a company from a pair of cyberattacks in which millions of dollars of client funds were stolen. While the company was able to recover a portion of the funds and...more
In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more
Intercontinental Exchange, Inc. (ICE), the owner of the New York Stock Exchange, has agreed to settle with the Securities and Exchange Commission (SEC) for $10 million over allegations that it failed to timely notify the SEC...more
Cyberhackers—potentially frustrated by their limited ability to extort ransom from health care entities in attacks—have started extorting the patients themselves, threatening them with the release of information or...more
In Short - The Situation: Following a cyberattack on a law firm's systems, the Securities and Exchange Commission ("SEC") subpoenaed the firm for information, including the identity of clients whose information may have...more
CYBERSECURITY - Clop Claims Zero-Day Attacks Against 130 Organizations - Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in...more
The U.S. Securities and Exchange Commission ("SEC" or the "Commission") has ordered Blackbaud, Inc. ("Blackbaud") to pay $3 million to resolve claims that it made materially misleading statements about a 2020 ransomware...more
Businesses can breathe a little easier now that one of the world’s top five ransomware networks, the Hive, has been infiltrated and disbanded by the FBI....more
CYBERSECURITY - World Economic Forum’s Global Cybersecurity Outlook for 2023 Is Bleak - Sorry to be the bearer of bad news but remember that I am only the messenger. According to the World Economic Forum’s Global...more
US Federal Appellate Court Issues Opinion on Proof of Injury in Data Breach Cases - On September 2, 2022, the U.S. Court of Appeals for the Third Circuit reinstated a class action lawsuit that had previously been dismissed...more
CYBERSECURITY - Password Manager LastPass Admits to Hack - Password manager LastPass, reportedly used by more than 33 million users, recently announced that it was hacked, and although it reports that no passwords of...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers. On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
CYBERSECURITY - Verizon’s 2022 Data Breach Investigations Report: A Must Read - I love Verizon’s annual Data Breach Investigations Report (DBIR). I have pored over its content every year since its inception in 2008. (Just...more
The Justice Department continues to prosecute Russian-related crimes. Since the Ukraine Crisis, DOJ has steadily been announcing criminal charges against defendants connected to Russia. ...more
We continue our year-end review of SEC enforcement activity and turn our attention to a topic grabbing seemingly daily headlines across multiple industries: cybersecurity. As the risks – and realities – of cyberattacks...more
Two major U.S. financial institutions, Morgan Stanley and Capital One, recently agreed to resolve separate class action lawsuits by paying, in the aggregate, hundreds of millions of dollars in compensation for massive data...more
The Justice Department continues to attack and dismantle global ransomware extortion organizations. Business surveys often confirm that executives are hyper-focused on the risk of ransomware attacks against businesses....more
As companies collect growing amounts of data about their customers and other consumers, sophisticated adversaries, recognizing the value of this information, have increased their efforts to pilfer it. For publicly traded...more
On the heels of the First American enforcement action and settlement, this week, the SEC announced a settlement with Pearson plc in connection with a 2018 cyber breach. The SEC disclosed that Pearson, a London-based...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - President Biden Issues Cybersecurity Executive Order - On May 12, 2021, President Biden issued an executive order that placed new standards on the...more
Reuters reported today that the SEC is investigating last year’s hack of SolarWinds, focusing on whether SEC registrants failed to disclose that they had been impacted by the cyber breach. According to the article, the SEC...more
CYBERSECURITY - Another Win for Justice Department: Slilpp Marketplace Takedown - People always ask me if law enforcement is having any luck in combatting cyber criminals. Let me be clear: it is a very tough job to take...more
People always ask me if law enforcement is having any luck in combatting cyber criminals. Let me be clear: it is a very tough job to take down cyber criminals located in other countries or sponsored by foreign nations. Our...more