Litigation and legal developments concerning data breaches.
New York’s Governor Hochul signed two bills into law in December that modify New York’s breach notification law. One that has already gone into effect replaces the “in the most expedient time” type of language with an actual deadline of 30 days from discovery of a breach but retains an exception for the legitimate needs […]
The Department’s Office for Civil Rights seeks to update HIPAA Security Rule for the first time since 2013 Source: U.S. Department of Health and Human Services, December 27, 2024
For a while, it was just a recommendation. Now it’s mandatory. Federal civilian agencies were ordered to secure their Microsoft cloud systems after several recent cyber incidents. The Cybersecurity and Infrastructure Security Agency (CISA) issued a binding directive on Tuesday giving federal agencies a series of deadlines to identify cloud systems, implement assessment tools and abide by […]
It is the first lawsuit filed by a state attorney general against Change Healthcare over the February breach that affected 100,000 Americans. From the state’s December 16 press release: Download the court filing.
A press release from the DPC explains the penalty:
ADMINISTRATIVE PROCEEDINGFile No. 3-22360 December 16, 2024 – The Securities and Exchange Commission today filed settled charges against Flagstar Bancorp, Inc. (now known as “Flagstar Financial, Inc.”), for making materially misleading statements regarding a cybersecurity attack on Flagstar’s network in late 2021 (the “Citrix Breach”). The SEC’s order finds that Flagstar negligently made materially misleading statements […]
Deloitte has been getting its name in the news this month, but not in a good way. First, a ransomware group named “Brain Cipher” claimed to have attacked Deloitte UK. Deloitte responded to their claims by denying that their network was breached and stating that the breach involved a single client’s system that is not […]
The Hacker News reports that a notorious Russian cybercriminal wanted in the U.S. in connection with LockBit and Hive ransomware operations has been arrested: According to a news report from Russian media outlet RIA Novosti, Mikhail Pavlovich Matveev has been accused of developing a malicious program designed to encrypt files and seek ransom in return for a […]
A recent article by Allen Matkins Leck Gamble Mallory & Natsis LLP begins: On May 29, 1453 the walls of Constantinople had stood unbreached for more than a thousand years. Yet on that day, the army of Sultan Mehmed II was able to force entry into the city through the Gate of St. Romanus. The Byzantine Emperor Constantine […]
Should regulators do more naming and shaming?
The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports: The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities. […]