Litigation and legal developments concerning data breaches.
The Guardian reports: A former Central Intelligence Agency (CIA) software engineer who was convicted for carrying out the largest theft of classified information in the agency’s history and of charges related to child abuse imagery was sentenced to 40 years in prison on Thursday. The 40-year sentence by US district judge Jesse Furman was for […]
While advocates for more transparency and timely disclosures in response to data breaches were generally pleased with the new disclosure rule by the SEC that went into effect on December 18, not everyone was pleased. In November 2023, Senator Thomas Tillis [R-NC] introduced bill S.J.Res.50 – A joint resolution providing for congressional disapproval under chapter […]
NEW YORK – New York Attorney General Letitia James today sued Citibank, N.A. (Citi) for failing to protect and refusing to reimburse victims of fraud. The lawsuit alleges that Citi does not implement strong online protections to stop unauthorized account takeovers, misleads account holders about their rights after their accounts are hacked and funds are stolen, […]
Bloomberg News reports: A former Internal Revenue Service contractor who stole and leaked the tax returns of former President Donald Trump, Ken Griffin, Elon Musk and other billionaires was sentenced to five years in prison. Charles Littlejohn, 38, pleaded guilty Oct. 12 to stealing Trump’s tax data from the IRS and leaking it to the New York Times. He also admitted taking tax […]
Bloomberg Law reports on a case that probably has a lot of CISOs somewhat nervous: SolarWinds Corp. issued a full-throated denial of wrongdoing in how it handled one of the worst cyberattacks in history in a Friday court filing seeking the dismissal of US Securities and Exchange Commission allegations that its software security representations defrauded […]
Robinson + Cole informs us that the California Privacy Protection Agency (CPPA) has opened a new website at https://privacy.ca.gov/ with resources for California residents to help them understand their rights under the California Consumer Privacy Act (CCPA). The resources include how to submit a complaint against a business that has violated consumer rights under the […]
From the law firm of Polsinelli PC: Beginning on May 13, 2024, nonbanking “financial institutions” must notify the Federal Trade Commission (“FTC”) within 30 days of discovering a data breach involving the nonpublic personal information of at least 500 consumers. These covered organizations can include a wide variety of companies that engage in financial activities […]
Today’s General Counsel reports: Genetic testing company 23andMe, which is facing more than 30 lawsuits from the victims of a massive data breach, is claiming that the victims themselves are to blame for the loss of their own data, TechCrunch reports. In a letter to hundreds of 23andMe users suing the company, 23andMe said the victims “negligently […]
TechCrunch reports: An international law firm that works with companies affected by security incidents has experienced its own cyberattack that exposed the sensitive health information of hundreds of thousands of data breach victims. San Francisco-based Orrick, Herrington & Sutcliffe said last week that hackers stole the personal information and sensitive health data of more than 637,000 […]
Superintendent Adrienne A. Harris announces $8 Million Penalty Against Genesis Global Trading, Inc. After DFS Investigation Finds Significant Failings in Anti-Money Laundering and Cybersecurity Programs
In connection with the settlement, Genesis Global Trading will surrender its BitLicense New York State Department of Financial Services (DFS) Superintendent Adrienne A. Harris today announced that Genesis Global Trading, Inc. (“Genesis Global Trading”) will pay an $8 million penalty to New York State for compliance failures that violated DFS’s virtual currency and cybersecurity regulations […]