Litigation and legal developments concerning data breaches.
The Record reports that the Securities and Exchange Commission has charged four cybersecurity firms for their disclosures stemming from the SolarWinds incident in 2020: The Securities and Exchange Commission (SEC) charged four companies —- Check Point, Avaya, Unisys and Mimecast — for making “materially misleading” disclosures related to cybersecurity risks and intrusions. Tuesday’s announcement is the result […]
There are so many data breaches and data leaks every day that potential class action lawsuits or announcements of law firm investigations of breaches seems somewhat de rigueur by now. But not all lawsuits stem from huge breaches. Here’s one that stems from a mistaken configuration that exposed student information for 24 hours. Reuters reports: […]
If your company is the victim of a ransomware attack and you decide you have no choice but to pay the threat actors, can your cyberinsurer or cyberinsurance reinsurer decline to reimburse you if the threat actors you paid are on Treasury’s sanctioned list? Would reimbursing them expose the cyberinsurer or reinsurer to problems with […]
Settlements were announced by the FTC and state attorneys general yesterday. Only the state settlement involved a monetary penalty because the FTC had no authority to impose penalties in its case. Settlement with the FTC Source: The Federal Trade Commission $52 Million Settlement with States Source: NYS Attorney General’s Office
A new regulation related to cybersecurity program requirements for all New York general hospitals licensed under Article 28 of the Public Health Law (PHL) took effect on October 2, 2024. All general hospitals covered by the regulation must comply with the new provisions within one year of the adoption date, except that general hospitals must […]
Brian Montgomery is a partner at Pillsbury and a former NYDFS deputy superintendent. Mark Krotoski is a partner at Pillsbury and former national coordinator for the Computer Hacking and Intellectual Property Program at the Department of Justice. In an article on Bloomberg Law, they write: Cybersecurity regulations can be a constantly moving target, with digital advances and […]
A recent press release from the Dutch DPA (Autoriteit Persoonsgegevens) emphasizes that Dutch organizations need to do better in providing breach victims with timely information that they need to protect themselves. If the Dutch DPA thinks warnings or alerts sent to victims more than three weeks after a breach is “way too slow,” The Data […]
Datatilsynet is Norway’s Data Protection Authority. Inspection of its website indicates that it has not imposed many monetary penalties in recent years for violations of the Personal Data Act 2000. After 2021, in which it reported 37 actions, it issued only 12 reports in 2023, and only 7 so far in 2024. Here are two […]
The Federal Communications Commission announced a major settlement today: WASHINGTON, September 30, 2024—The Federal Communications Commission today announced a groundbreaking data protection and cybersecurity settlement with T-Mobile to resolve the Enforcement Bureau’s investigations into significant data breaches that impacted millions of U.S. consumers. To settle the investigations, T-Mobile has agreed to important forward-looking commitments to address foundational […]
TechCrunch reports: Reset your clocks: Meta has been hit with yet another privacy penalty in Europe. On Friday, Ireland’s Data Protection Commission (DPC) announced a reprimand and a €91 million fine — around $101.5 million at current exchange rates — after concluding a multiyear investigation into a 2019 security breach by Facebook’s parent company. […] After investigating, […]
