Litigation and legal developments concerning data breaches.
The following is a press release from the Securities and Exchange Commission: Washington D.C., May 16, 2024 — The Securities and Exchange Commission today announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the […]
Alleged LockBit Developer Created and Operated Most Prolific Ransomware Variant Under Aliases “LockBit” and “LockBitSupp”; U.S State Department Offers Reward Up to $10M; U.S. Department of Treasury Designates LockBit Administrator for Sanctions The U.S. Justice Department unsealed charges today against a Russian national for his alleged role as the creator, developer, and administrator of the […]
A reminder to carefully vet contractors and to terminate access promptly when their contract ends Wednesday, May 1, 2024. Damian Williams, the United States Attorney for the Southern District of New York, announced today that VINCENT CANNADY was arrested in connection with his scheme to extort a publicly traded information technology infrastructure services provider of […]
Although the Federal Trade Commission (FTC) has the authority to investigate data breaches, some entities they have investigated have pushed back against the regulator. In 2013, FTC filed a complaint against LabMD for allegedly failing to protect consumer’s data. When the government found for itself in a proceeding by an administrative law judge, LabMD sued […]
Victim Falsely Prosecuted and Spent Nearly Two Years in Jail and Mental Hospital A former Iowa hospital administrator who lived under a false identity for more than 30 years and caused the false imprisonment of his victim pled guilty today in federal court in Cedar Rapids, Iowa. Matthew David Keirans, age 58, from Hartland, Wisconsin, […]
A draft of federal cyber incident reporting rules for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) has been posted in the Federal Register. It’s not exactly light reading, weighing in at a whopping 447-page Notice of Proposed Rulemaking. The rules will require critical infrastructure entities to notify the federal government of […]
The Readable explains: A decade-long legal battle involving a data breach that affected the majority of the South Korean population concluded last week. The court confirmed a compensation award of $48 million to a credit card company. The Supreme Court of Korea has rejected the appeal of the defense and ordered the company to pay […]
The Information Commissioner’s Office has published new data protection fining guidance setting out how it decides to issue penalties and calculate fines. The guidance provides greater transparency for organizations about how the ICO goes about using its fining power. Tim Capel, ICO Director of Legal Service, said: “We believe the guidance will provide certainty and clarity for […]
On March 14, 2024, the Court of Justice of the EU (“CJEU”) ruled that EU supervisory authorities have the (corrective) power to order data controllers who have been found to process personal data unlawfully to erase such personal data, even if the data subjects have not requested the erasure. (Case C‑46/23) The CJEU ruled that […]
AI Poses a Threat to Financial Sector, and Cyberattackers are ‘Outpacing’ Defenses – Treasury
Law.com reports that the U.S. Treasury Department warned the financial services sector this week that artificial intelligence (AI) will become a powerful weapon for fraudsters and cyberattackers, who will outgun the sector’s defensive efforts in the foreseeable future. The report was based on interviews with representatives from 42 financial services and technology companies about the […]