Litigation and legal developments concerning data breaches.
The Record reports: The FBI has published guidance on how companies can request a delay in disclosing cyber incidents to the Securities and Exchange Commission (SEC). The document is a followup to new rules that the SEC approved in June requiring companies to quickly disclose “material” cybersecurity incidents and share the details of their cybersecurity risk management, […]
Inside Privacy writes: Read more at Inside Privacy.
On November 28, the New York State Department of Financial Services (DFS) issued a press release about a settlement stemming from a 2019 data breach: The New York State Department of Financial Services (DFS) today announced that First American Title Insurance Company (First American) will pay a $1 million penalty to New York State for […]
InnovationAus reports: Queensland has become only the second state to legislate a mandatory data breach notification scheme for public sector entities, as an almost identical scheme comes into effect in New South Wales. The Information Privacy and Other Legislation Amendment Bill 2023 passed through the Queensland state Parliament on Wednesday, less than two months after the bill […]
Bleeping Computer reports: The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. FCC’s Privacy and Data Protection Task Force introduced the new regulations in July. They are geared toward thwarting scammers who seek to access personal data and information […]
TALLAHASSEE, Fla.—Attorney General Ashley Moody, along with five other attorneys general, secured a $6.5 million agreement with Morgan Stanley Smith Barney LLC, also known as Morgan Stanley. The action comes after an investigation found that Morgan Stanley compromised the personal information of its customers due to negligent internal data-security practices. Morgan Stanley potentially exposed millions […]
“They did WHAT??” Ransomware gangs will often test ways to pressure victims to pay. But today, threat actors associated with the AlphV (BlackCat) group tested a new approach that is raising eyebrows in the cybersecurity community. When a victim, MeridianLink, didn’t pay them quickly and didn’t even start to negotiate any payment with them, AlphV […]
New York State continues to strengthen cybersecurity regulations for financial institutions. New amendments to the Cybersecurity Regulation enacted in 2017 strengthen the regulation and add new security obligations. As Hunton Andrews Kurth summarizes it, “The new amendments strengthen the initial framework and require NYDFS-regulated entities to adhere to a number of additional prescriptive data security […]
Released by the White House, November 2, 2023 The 50 members of the International Counter Ransomware Initiative (CRI)—Albania, Australia, Austria, Belgium, Brazil, Bulgaria, Canada, Colombia, Costa Rica, Croatia, the Czech Republic, the Dominican Republic, Egypt, Estonia, the European Union, France, Germany, Greece, India, INTERPOL, Ireland, Israel, Italy, Japan, Jordan, Kenya, Lithuania, Mexico, the Netherlands, New […]
Update on Cyber Incident Reporting for Critical Infrastructure Act of 2022
Constangy, Brooks, Smith & Prophete, LLP writes: As we near the end of another year, it is time to look ahead to developments in the information security and privacy landscape. One area of particular importance is the development of regulations implementing the Cyber Incident Reporting for Critical Infrastructure Act of 2022. CIRCIA, which was signed into […]