The FTC recently reported that over $650 mm worth of cryptocurrency was stolen by hackers last year. Thus far, over $320 mm in cryptocurrency has been stolen by hackers this year. Not surprisingly, this surge in crypto...more
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System...more
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman...more
1. Overview of the regulatory issues facing companies—and cyber insurers—that may need to respond to ransomware emanating from a threat actor or group with potential ties to entities on federal lists.-
The U.S. Treasury...more
As people across the country and world try to figure out how to protect themselves against the spread of coronavirus, hackers are working hard to spread their own viruses....more
Delaware (July 31, 2019) and New Hampshire (August 2, 2019) have become the latest states to add to the insurance cybersecurity landscape by enacting information security laws. These laws come on the heels of Connecticut’s...more
8/9/2019
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Incident Response Plans ,
Information Security ,
Information Technology ,
Insurance Industry ,
NAIC ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
State and Local Government ,
State Data Breach Notification Statutes
Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date. ...more
7/23/2019
/ Consumer Financial Protection Bureau (CFPB) ,
Credit Monitoring ,
Credit Reporting Agencies ,
Cyber Attacks ,
Data Breach ,
Enforcement Actions ,
Equifax ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
Hackers ,
Identity Theft ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Qualified Settlement Funds ,
Settlement Agreements ,
Vulnerability Assessments
Last Friday we blogged on the Saks data breach class action, and in the process mentioned a trend among federal courts to reject fear of future identity theft claims in retail breach cases. ...more
6/3/2019
/ Article III ,
Cause of Action Accrual ,
Class Action ,
Consumer Fraud ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Damages ,
Data Breach ,
Hackers ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Retail Market ,
Standing
On April 18, 2018, the Government of Canada published the final regulations relating to mandatory reporting of privacy breaches under Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”). ...more
9/14/2018
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Notification Requirements ,
Personally Identifiable Information ,
PIPEDA ,
Popular ,
Recordkeeping Requirements ,
Regulatory Oversight ,
Regulatory Requirements
We’ve previously blogged about the creative efforts of plaintiffs’ counsel to expand the contours of data breach litigation. ...more
7/13/2018
/ Article III ,
Automotive Industry ,
Chrysler ,
Class Action ,
Class Certification ,
Connected Cars ,
Data Breach ,
Data Security ,
Design Defects ,
Fiat ,
Hackers ,
Internet of Things ,
Motor Vehicles ,
Network Security ,
Standing
Plaintiff lawyers’ continued search for damage theories to assert in claims arising from a data breach – or fear of a breach – received a potential setback this week when Chief Judge Michael Reagan of the United States...more
4/9/2018
/ Appeals ,
Article III ,
Automotive Industry ,
Class Action ,
Connected Cars ,
Cybersecurity ,
Damages ,
Data Breach ,
Design Defects ,
Diminution in Value ,
Fiat ,
Hackers ,
Interlocutory Appeals ,
Motor Vehicles ,
Popular ,
Standing
Alabama has officially joined the data breach notification party. Alabama Governor Kay Ivey signed Act No. 2018-396 into law on March 28, 2018.
...more
4/3/2018
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
New Legislation ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
State and Local Government ,
State Data Breach Notification Statutes
Earlier this week, the Supreme Court of the United States denied certiorari in CareFirst v. Attias, a closely watched case that some thought provided the Court with an opportunity to clarify the standing analysis under Spokeo...more
2/22/2018
/ Article III ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Petition for Writ of Certiorari ,
Popular ,
Standing
The U.S. Court of Appeals for the D.C. Circuit has reinstated a data breach class action filed against CareFirst BlueCross BlueShield (CareFirst). The lawsuit stems from a June 2014 data breach in which hackers infiltrated 22...more
8/3/2017
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Corporate Counsel ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Popular ,
Standing
The average cost of a data breach, on both an aggregate and a per-record basis, has decreased slightly according to the Ponemon Institute's 2017 Cost of Data Breach Study: Global Overview. In addition to presenting recent...more
6/29/2017
/ Corporate Counsel ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Breach Costs ,
Data Protection ,
Data Security ,
Hackers ,
Personally Identifiable Information ,
Popular ,
Young Lawyers
This month, Colorado joined a growing list of nearly half of U.S. states when it enacted a law approving the use of autonomous driving systems. The Colorado law governs systems capable of controlling highly and fully...more
Ransomware attacks just went big time. In a period of mere hours late last week, a global ransomware attack infected more than 200,000 computers and affected more than 100,000 organizations in over 150 countries. To put this...more
5/17/2017
/ Cyber Attacks ,
Cyber Crimes ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Malware ,
Personally Identifiable Information ,
Phishing Scams ,
Popular ,
Ransomware
The Eighth Circuit Court of Appeals has remanded a $10 million settlement in the Target data breach class action on the grounds that the district court had not rigorously analyzed the propriety of the class...more
2/3/2017
/ Appeals ,
Class Action ,
Class Certification ,
Credit Cards ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Debit Cards ,
Hackers ,
Identity Theft ,
Personally Identifiable Information ,
Point of Sale Terminals ,
Popular ,
Settlement ,
Target
The Federal Trade Commission (FTC) has entered into a multimillion dollar settlement with the owners and operators of AshleyMadison.com, a dating website for people interested in having discreet affairs, related to the...more
12/16/2016
/ Adultery ,
Ashley Madison ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Security ,
Dating Services ,
Federal Trade Commission (FTC) ,
Fines ,
Hackers ,
Internet ,
Marriage ,
Misrepresentation ,
Online Platforms ,
Personally Identifiable Information ,
Popular ,
Settlement ,
Spouses ,
Website Owner Liability ,
Websites
In a ruling with significant potential impact, the Court of Justice of the European Union (CJEU) has ruled that a dynamic internet protocol (IP) address may constitute "personal data" under EU Data Protection Directive...more
Three federal banking agencies have announced plans to develop new rules that would establish cyber risk management and resiliency standards for large interconnected entities under the agencies' supervision, as well as those...more
10/21/2016
/ Advanced Notice of Proposed Rulemaking (ANPRM) ,
Cyber Attacks ,
Cybersecurity ,
FDIC ,
Federal Reserve ,
FFIEC ,
Financial Institutions ,
Financial Services Industry ,
Hackers ,
Handbooks ,
Incident Response Plans ,
OCC ,
Risk Management
The latest development in how American courts will handle the standing question for data breach class actions came last week when the U.S. District Court for the District of Columbia dismissed for lack of standing a putative...more
8/17/2016
/ Article III ,
Blue Cross ,
Blue Shield ,
CareFirst ,
Class Action ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Hackers ,
Health Insurance ,
Healthcare ,
Identity Theft ,
Injury-in-Fact ,
Personally Identifiable Information ,
Putative Class Actions ,
Standing
Powered in part by the growing use of Internet of Things (IoT) technologies, cybersecurity has surged to become one of the leading concerns for global manufacturers, according to a recently released study....more
Three bills that will update California’s data breach notification requirements have been signed into law by Governor Jerry Brown. The bills impose specific requirements on providing breach notification to consumers, add a...more
10/20/2015
/ Automatic License Plate Readers ,
Breach Notification Rule ,
Compliance ,
Cyber Attacks ,
Cyber Crimes ,
Data Breach ,
Encryption ,
Hackers ,
New Legislation ,
Personal Data ,
Personally Identifiable Information ,
Posting Requirements ,
Privacy Laws ,
Surveillance
In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more
8/24/2015
/ Aerospace ,
Automotive Industry ,
C-Suite Executives ,
Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Department of Homeland Security (DHS) ,
Energy Sector ,
Hackers ,
Information Technology ,
Internet ,
Manufacturers ,
NIST ,
Oil & Gas ,
Pharmaceutical Industry ,
Popular ,
Transportation Corridor ,
Wastewater ,
Water