On Jan. 15, the Federal Trade Commission (FTC) announced a proposed settlement with web hosting giant GoDaddy over alleged violations of Section 5 of the FTC Act. Specifically, the FTC alleged that GoDaddy had violated the...more
2/10/2025
/ Application Programming Interface (APIs) ,
Cybersecurity ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
GoDaddy.com ,
Regulatory Requirements ,
Risk Management ,
Section 5 ,
Security and Privacy Controls ,
Statutory Violations
On December 21, 2024, New York Gov. Kathy Hochul signed into law S2659-B/A8872-A, which, effective immediately, changed timing requirements for notice under New York’s data breach notification law and expanded the list of...more
We’re back with a deeper dive into the 2024 Data Security Incident Response Report, which features insights and metrics from 1,150+ incidents in 2023.
This episode dives deeper into the data, including network intrusions...more
The Securities and Exchange Commission entered into a resolution agreement with R.R. Donnelley & Sons (RRD) on June 18, 2024 with RRD agreeing to pay $2.125 million to resolve disclosure and control violations alleged by the...more
Every spring, BakerHostetler collects, analyzes, and compares key metrics on the incident response matters we handled in the prior year. The output – our Data Security Incident Response (DSIR) Report – highlights key findings...more
5/31/2024
/ Cyber Attacks ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Incident Response Plans ,
Information Governance ,
Information Reports ,
Malware ,
Ransomware ,
Third-Party Risk ,
Third-Party Service Provider ,
Vendors
The New York State Department of Financial Services (NYDFS) amended its cybersecurity regulation, 23 NYCRR 500 (or Part 500), effective Nov. 1, 2023, which we wrote about here. Covered entities must still certify compliance...more
The New York State Department of Financial Services (NYDFS) adopted comprehensive amendments to its cybersecurity regulation on Nov. 1, 2023. The amended regulation, including the notification provisions of §500.17, goes into...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
9/11/2023
/ Chief Information Security Officer (CISO) ,
Cybersecurity ,
Duty of Oversight ,
Financial Institutions ,
Financial Services Industry ,
Internal Controls ,
NIST ,
NYDFS ,
Proposed Amendments ,
Risk Assessment ,
Security and Privacy Controls ,
Security Risk Assessments
We’re back with a deeper dive into the 2023 Data Security and Incident Response Report, which features insights and metrics from 1,160+ incidents in 2022.
This episode dives deeper into the data, including ransomware and...more
Every year, BakerHostetler collects and analyzes various metrics about the incident response matters we handle. In 2022, we handled over 1,160 incidents. The most striking trends we saw across those incidents were an overall...more
5/24/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Fraud ,
Fraudulent Transfers ,
Healthcare Facilities ,
Hospitality Industry ,
Incident Response Plans ,
Multi-Factor Authentication ,
Phishing Scams ,
Ransomware ,
Restaurant Industry ,
Retailers ,
Risk Management
On Nov. 9, 2022, the New York State Department of Financial Services (NYDFS) published a proposed second amendment to its cybersecurity regulation. This follows its pre-proposed amendment that was published on July 29. ...more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into the expanding...more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into the expanding...more
BakerHostetler’s Data Security Incident Response Report is a one-of-a-kind resource that leverages aggregated data from security incidents. Our Digital Risk Advisory and Cybersecurity team has shared insights from...more
On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that include a number of significant amendments to the rules, including notification...more
8/9/2022
/ Business Continuity Plans ,
Comment Period ,
Covered Entities ,
Cybersecurity ,
Disaster Preparedness ,
Extortion ,
Financial Institutions ,
Financial Services Industry ,
Incident Response Plans ,
Notice Requirements ,
NYDFS ,
Popular ,
Proposed Amendments ,
Ransomware ,
Reporting Requirements ,
Technology ,
Training Requirements
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021....more
The Data Security Incident Response Report features insights and metrics from 1,270+ incidents that members of the firm’s DADM Practice Group helped clients manage in 2021.
This episode takes us deeper into...more
We recently wrote about North Carolina’s new law prohibiting state agencies - including public schools and universities - from paying a ransom or even communicating with a threat actor following a ransomware incident. On June...more
There is no question that ransomware is here to stay. Thirty-seven percent of the matters we handled last year involved ransomware, compared to 27 percent of matters in 2020. ...more
On April 5th, North Carolina became the first state to prohibit state agencies and local governments from paying ransoms after becoming victims of a ransomware attack. Indeed, in addition to prohibiting said entities from...more
Kentucky became the latest state to adopt the NAIC insurance data security model law with Governor Andy Beshear’s signing of House Bill 474. The new law goes into effect Jan. 1, 2023, and gives covered licensees one or two...more
Our 2021 Data Security Incident Response Report (DSIR) described ransomware as a scourge. There are stories every day about new threat actor groups and their victims. There are task forces, law enforcement initiatives,...more