Litigation and legal developments concerning data breaches.
Occasionally, a business giant with the funds to fight the government will challenge a federal agency’s enforcement action. This time, it is MGM taking on the FTC. Law.com reports: The Federal Trade Commission this week defended its investigation of MGM Resort International’s data security practices as the Las Vegas-based casino is seeking a court order […]
Courthouse News reports that the Supreme Court has agreed to review a Ninth Circuit decision that revived a shareholder’s lawsuit against Facebook that stemmed from the Cambridge Analytica breach. The Supreme Court agreed on Monday to review whether shareholders can revive a lawsuit accusing Facebook of misleading them about the risk associated with user data […]
Linn Foster Freedman of Robinson + Cole notes that Tennessee Governor Bill Less has signed legislation into law that will shield private entities from class action lawsuits stemming from cybersecurity incidents unless the event was caused by willful, wanton, or gross negligence. The bill amends TCA Title 29 and Title 47. Freedman comments: This bill […]
On May 21, 2024, the U.S. Securities and Exchange Commission (“SEC”) published interpretive guidance on reporting material cybersecurity incidents under Form 8-K. Lawyers at Hunton Andrews Kurth comment: Since December 18, 2023, when the SEC’s rules for reporting material cybersecurity incidents under Item 1.05 on Form 8-K took effect, we have identified 17 separate companies that have made disclosures under […]
A press release from the Securities and Exchange Commission (SEC): Washington D.C., May 22, 2024 — The Securities and Exchange Commission today announced that The Intercontinental Exchange, Inc. (ICE) agreed to pay a $10 million penalty to settle charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to […]
From the Federal Trade Commission: The Federal Trade Commission has finalized an order against Blackbaud Inc. settling allegations that its lax security practices allowed a hacker to breach the company’s network and access the personal data of millions of consumers including Social Security and bank account numbers. In a complaint first announced in February 2024, the FTC […]
The following is a press release from the Securities and Exchange Commission: Washington D.C., May 16, 2024 — The Securities and Exchange Commission today announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update the […]
Alleged LockBit Developer Created and Operated Most Prolific Ransomware Variant Under Aliases “LockBit” and “LockBitSupp”; U.S State Department Offers Reward Up to $10M; U.S. Department of Treasury Designates LockBit Administrator for Sanctions The U.S. Justice Department unsealed charges today against a Russian national for his alleged role as the creator, developer, and administrator of the […]
A reminder to carefully vet contractors and to terminate access promptly when their contract ends Wednesday, May 1, 2024. Damian Williams, the United States Attorney for the Southern District of New York, announced today that VINCENT CANNADY was arrested in connection with his scheme to extort a publicly traded information technology infrastructure services provider of […]
Supreme Court Restricts Ability of Federal Agencies To Issue Fines
The Supreme Court issued a decision today that could limit federal agencies attempting to impose fines for data security violations or breaches. Although the decision in Securities and Exchange Commission v. Jarkesy did not involve data security or a data breach, the issue before the court involved the agency’s authority to charge someone with a violation […]