News & Analysis as of

Cybersecurity Disclosure Requirements Data Breach

Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk... more +
Follow this channel for advisories on one of the biggest threats to businesses today. Read a morning brief of fresh guidance and commentary by leading lawyers on security, privacy, risk management, global regulations, data protection, leaks, hacking, cyber insurance, compliance, HIPAA, and every other aspect of cybersecurity of import to corporate readers right now.   less -
Holland & Knight LLP

Settlement Alert: The Dust Settles in SEC's Cybersecurity Lawsuit Against SolarWinds

Holland & Knight LLP on

In a significant turn of events on July 2, 2025, the SEC, SolarWinds Corp. and its Chief Information Security Officer (CISO), Timothy Brown, announced through a joint letter to the U.S. District Court for the Southern...more

Alston & Bird

Inside the SK Telecom Data Breach: What Happened and What Companies Can Learn

Alston & Bird on

In April 2025, SK Telecom—South Korea’s largest mobile carrier—formally notified regulators of a significant data breach that compromised sensitive SIM card data belonging to nearly 27 million users. Following an...more

Alston & Bird

Data Breach Data Reviews: Challenges and What You Need to Know

Alston & Bird on

Our Privacy, Cyber & Data Strategy Team discusses how to overcome five challenges companies face in the wake of a data security incident when reviewing impacted data to comply with legal obligations....more

McCarter & English, LLP

Don’t Get Caught in Scattered Spider’s Web

McCarter & English, LLP on

The cybercrime group known as Scattered Spider is at it again, according to Google’s Threat Intelligence Group. This criminal group is known to focus its cyber attacks on one sector at a time. Last spring, it was the retail...more

K&L Gates LLP

Pay the Price, Now ‘Fess Up’: Reporting Obligations for Ransomware Payments Are Live

K&L Gates LLP on

As of 29 May 2025, the requirement on businesses to report ransomware payments they make has come into effect. What is the Requirement? If a reporting business entity becomes impacted by a cyber security incident and ends up...more

Jackson Lewis P.C.

Oklahoma Expands its Security Breach Notification Law

Jackson Lewis P.C. on

The Oklahoma State Legislature recently enacted Senate Bill 626, amending its Security Breach Notification Act, effective January 1, 2026, to address gaps in the state’s current cybersecurity framework (the “Amendment”). The...more

Davis Wright Tremaine LLP

Regulatory Reset? U.S. Cyber Incident Reporting Rules Face Congressional Scrutiny

Davis Wright Tremaine LLP on

Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more

Wilson Sonsini Goodrich & Rosati

Snapshot: The First Year of Cybersecurity Incident Filings on Form 8-K Since Adoption of New Rules

Wilson Sonsini Goodrich & Rosati on

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted final rules requiring public companies to report material cybersecurity incidents under new Item 1.05 of Form 8-K beginning on December 18, 2023. Our...more

Carlton Fields

SEC Commissioners on the Hunt for Materiality: Disagree on Cybersecurity Enforcement Actions

Carlton Fields on

On October 22, 2024, Republican SEC Commissioners Hester Peirce and Mark Uyeda issued a joint dissent sharply criticizing charges brought against four companies for allegedly making materially misleading disclosures regarding...more

Vinson & Elkins LLP

Watch What You Say: SEC Enforcement Scrutinizes Cybersecurity Incident Disclosures

Vinson & Elkins LLP on

On January 13, 2025, the Securities and Exchange Commission (“SEC”) filed a settled enforcement action against Ashford Inc. (“Ashford” or “the Company”), a company that provides products and services to the real estate and...more

Constangy, Brooks, Smith & Prophete, LLP

Data Privacy Day Checklist: Top 10 ways to protect your organization's data

Constangy, Brooks, Smith & Prophete, LLP on

Tomorrow is International Data Privacy Day, so a happy day to all! More seriously, data privacy concerns and legislation continue to rapidly increase. It has been estimated that by the end of 2024 more than 75 percent of...more

Spilman Thomas & Battle, PLLC

Decoded Technology Law Insights, V 6, Issue 1, January 2025

Spilman Thomas & Battle, PLLC on

Welcome to our sixth volume and first issue of 2025 of Decoded - our technology law insights e-newsletter. We have been publishing for six years and could not continue without our committed readers and your insights....more

Morrison & Foerster LLP

SEC Caps 2024 with Another Cyber Enforcement Action

Morrison & Foerster LLP on

The SEC continues to leave its mark as a federal cybersecurity enforcer and closed out the year by charging another company with making misleading statements about a cybersecurity attack and failing to maintain cyber-related...more

Osano

Privacy by Design: Understanding and Implementing the Framework

Osano on

As of this writing, the CAM4 security incident remains the largest data breach in history. The attack on the website exposed nearly 11 billion records, including users' names, email addresses, sexual orientations, chat...more

Mayer Brown

Trends in US Cybersecurity Regulation

Mayer Brown on

As cybersecurity rules proliferate, companies must navigate a maze of new, and often overlapping, proactive and reactive cybersecurity requirements and guidance. This Legal Update surveys new cybersecurity rules and...more

Ropes & Gray LLP

SEC Announces Settlements with Four Issuers regarding Cybersecurity Disclosures

Ropes & Gray LLP on

On October 22, 2024, the Securities and Exchange Commission (“SEC”) filed settled enforcement orders involving four current and former public companies – Unisys Corp., Avaya Holdings Corp., Check Point Software Ltd, and...more

Fenwick & West LLP

The SEC is Cracking Down on Misleading Cybersecurity Disclosure

Fenwick & West LLP on

On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more

A&O Shearman

Undeterred By Recent Court Loss, SEC Charges Four Companies With Inadequate Cyber Disclosures In The Aftermath Of SolarWinds...

A&O Shearman on

On October 22, 2024, the SEC announced that it had entered into settlements with four separate companies for making allegedly misleading disclosures about how they were impacted by the SolarWinds data breach in 2019. The...more

Troutman Pepper Locke

Cyber Incident Response Checklist for SEC Compliance

Troutman Pepper Locke on

By now, public companies are generally aware of the cybersecurity rules adopted by the U.S. Securities and Exchange Commission a year ago, requiring public companies to disclose material cybersecurity incidents under Item...more

Woodruff Sawyer

Violent Delights, Violent Ends? Two Possible Futures of SEC Cyber Regulation

Woodruff Sawyer on

What do the SolarWinds ruling and other recent developments mean for the future of the SEC’s cyber regulatory program? Will the SEC’s “lack of moderation” result in “violent ends” for its cyber agenda? Or will the current...more

Holland & Knight LLP

SEC Cyber Enforcement Update: Which Way Are the SolarWinds Blowing? (Update)

Holland & Knight LLP on

This Holland & Knight blog post is the second installment in a two-part series that examines the challenges to the U.S. Securities and Exchange Commission's (SEC) charges in its landmark case against SolarWinds Corp....more

BCLP

SDNY Dismisses Majority of SEC Landmark Charges Against SolarWinds and CISO

BCLP on

On July 18, 2024, District Court Judge Engelmayer of the Southern District of New York issued his 107-page opinion and order dismissing most – but not all – of the landmark allegations of the SEC against SolarWinds Corp. and...more

Parker Poe Adams & Bernstein LLP

Key Lessons for Cybersecurity and IT Leaders From Judge's Recent Fraud Decision in SEC Case Against SolarWinds

Parker Poe Adams & Bernstein LLP on

On July 18, a New York federal judge threw out most of the SEC’s claims brought against both SolarWinds Corp. and the company’s chief information security officer (CISO), Timothy Brown....more

Troutman Pepper Locke

SEC Issues Additional Guidance Regarding Cybersecurity Incident Disclosure

Troutman Pepper Locke on

On June 24, the staff of the U.S. Securities and Exchange Commission's (SEC) Division of Corporation Finance (Division of Corporation Finance) released five new Compliance & Disclosure Interpretations (C&DIs) relating to the...more

The Volkov Law Group

SEC Expands Internal Controls Provision to Cover Cybersecurity Incidents and Reaches $2.1 Million Settlement with R.R. Donnelley &...

The Volkov Law Group on

In a significant expansion of internal controls enforcement, the SEC announced a $2.1 million settlement with R.R. Donnelley & Sons Co. (“RRD”) for its handling of a 2021 ransomware attack and resulting disclosure failures. ...more

241 Results
 / 
View per page
Page: of 10
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide