A spate of recent ransomware attacks illustrates the increasingly difficult calculations that businesses face following the theft or encryption of their data....more
On December 18, 2023, prior to the trading session, VF Corp. (NYSE:VFC) issued a press release disclosing that the company was investigating unauthorized activity on its computer systems – and that the intrusion had encrypted...more
Last month, as the New York State Department of Financial Services (“DFS”) began phasing in amended cybersecurity regulations and continued enforcement actions against noncompliant entities, a wave of ransomware attacks...more
State regulators across the country continue to increase their focus on cyber security and data privacy compliance and enforcement. For years, cloud company Blackbaud, a service provider to thousands of nonprofit enterprises,...more
12/8/2023
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Incident Response Plans ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Settlement
On November 1, 2023, the New York State Department of Financial Services (“DFS”) amended its cybersecurity regulations to institute additional standards and controls aimed at securing sensitive data among the financial...more
11/14/2023
/ Chief Information Security Officer (CISO) ,
Compliance ,
Corporate Governance ,
Cybersecurity ,
Data Security ,
Financial Institutions ,
Financial Services Industry ,
NYDFS ,
Popular ,
Risk Management ,
Sensitive Personal Information
On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed a new rule concerning cybersecurity risk management as well as updates to Regulations S-P and SCI (Systems Compliance Integrity).[1] With these...more
A cryptocurrency entrepreneur recently paid $69.3 million for Beeple’s Everydays: The First 5,000 Days at a Christie’s auction. That record-breaking price purchased a work of art that can be seen only on a computer and the...more
As the national landscape of data privacy laws evolves, New York may be poised to follow California in passing legislation that creates new data rights for New York consumers. New York is no stranger to this field. The New...more
A federal court recently added additional wrinkles to one of the most important aspects of responding to a data breach: a forensic investigative report. The court ordered a law firm to turn over a report produced by a...more
As remote learning continues to play a critical role in the world’s pandemic response, cybercriminals see another opportunity for exploitation. The Federal Bureau of Investigation, the Cybersecurity and Infrastructure...more
As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic. Just last month, a major U.S. healthcare provider, United Health Services (“UHS”),...more
As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers. ...more
8/14/2020
/ Capital One ,
Cyber Attacks ,
Data Breach ,
Data Protection ,
Data Security ,
Financial Services Industry ,
Fines ,
Hackers ,
OCC ,
Personally Identifiable Information ,
Popular ,
Settlement Agreements
Over the past month, many have discovered video chat and conferencing apps such as Zoom and Houseparty, using them for both business and to keep connected to friends and family during this period of global social distancing....more
In response to the COVID-19 pandemic, on March 17, 2020, the Office for Civil Rights (“OCR”) at the Department of Health and Human Services (“HHS”) issued a notification of enforcement discretion, announcing that it would not...more
4/2/2020
/ Coronavirus/COVID-19 ,
Department of Health and Human Services (HHS) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
HIPAA Privacy Rule ,
OCR ,
PHI ,
Popular ,
Relief Measures ,
Telehealth ,
Telemedicine ,
Waivers
The California Consumer Privacy Act (CCPA) has significantly altered the potential consequences of a data breach under California law by permitting California consumers to bring civil suits for statutory damages, Cal. Civ....more
8/24/2019
/ Cal Code of Civil Procedure ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Data Security ,
Declaratory Relief ,
Injunctive Relief ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Statutory Damages
Last Thursday, Governor Cuomo signed New York’s latest data security bill – the Stop Hacks and Improve Electronic Data Security, or “SHIELD” Act. The Act, which we have followed on this blog since November 2017, imposes new...more
The U.S. Office of Personnel Management (“OPM”) made headlines when several hacks of confidential data came to light in 2015, intrusions that compromised the personal data of over 20 million individuals. On July 21, 2019, in...more
7/16/2019
/ Article III ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Identity Theft ,
Office of Personnel Management (OPM) ,
Personally Identifiable Information ,
Popular ,
Standing
As we’ve written about in the past, the SAFETY Act has the potential to help companies mitigate their risk from cyber-terrorism. As previously noted, the statute has never been fully tested in courts, so the full contours of...more
The incoming chief of New York’s top financial services regulator called cybersecurity “the number one threat facing all industries and governments globally” during a speech on Friday, April 12, 2019 at the Association of the...more
An obscure federal law called the SAFETY Act recently captured national headlines when MGM Resorts International invoked it in a series of pre-emptive, declaratory judgment law suits against the victims of the 2017 Route 91...more
For thousands of financial institutions and insurance companies covered by New York DFS’s sweeping data security regulation, the countdown to yet another deadline has begun. Those companies will remember last August, when...more
New York’s Department of Financial Services issued its final Cybersecurity Regulation last night with an effective date of March 1, 2017. ...more
Employees use their smartphones as a key tool for accessing information during a work day – especially when outside the office and traveling on business. While smartphones, tablets, laptops and other devices may increase...more
7/22/2016
/ Business Travel ,
Cyber Attacks ,
Cyber Crimes ,
Data Theft ,
Malware ,
Mobile Devices ,
Popular ,
Public Wireless Networks ,
Ransomware ,
Risk Mitigation ,
Traveling Employee