Tag Archives: data breach

FBI and CISA Issue Advisory on Scattered Spider Ransomware Attacks

Key Takeaways:

The Federal Bureau of Investigation (FBI) and Cybersecurity & Infrastructure Security Agency (CISA) have jointly issued a cybersecurity advisory in response to recent activity by the threat actor group known as Scattered Spider.
Scattered Spider is known to target large companies holding sensitive data – including financial services, telecommunications, business process outsourcing, hospitality, and cryptocurrency firms – for ransomware attacks.
Scattered Spider largely relies upon impersonating IT support professionals and manipulating target company employees into sharing passwords or running malicious executables through remote access software.…

Ransomware Payments – OFAC Updates its Advisory and Congress Gets Involved

Ransomware payments continue to be a focus of the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”). As previously reported by Foley Hoag, on October 1, 2020, OFAC released an advisory regarding potential sanctions risks related to facilitating ransomware payments. Almost a year later, on September 21, 2021, OFAC updated its advisory to provide additional guidance regarding what OFAC considers to be mitigating factors if facilitating a ransomware payment results in an apparent violation of U.S.… More

GDPR, CCPA and Now, the NY SHIELD Act: Additional Data Security Responsibilities for Companies Holding the Private Information of NY Residents

On March 21, 2020, the last of the features of the NY Stop Hacks and Improve Electronic Data Security Act (“SHIELD Act”) became effective: its data security requirements. The SHIELD Act is a sweeping statute governing individual rights relating to data breaches. It was adopted in July 2019 and has been rolled out in the months since then: its breach notification provisions took effect on October 23, 2019, and its data security requirements have now taken effect. … More

Minimizing Litigation Risk: What Cybersecurity Auditors Can Learn From Their Financial Statement Auditor Analogues

Data breaches – always critically important to those with responsibility for storing, transporting and protecting electronic information – have become an all-consuming topic of late. Stories about data theft dominate political headlines, boardroom discussions, and family meetings around the dinner table. They, of course, have also been the subject of government investigations and private litigation.

The current environment is not unlike other moments in our recent past that seemed to have captured the attention of Wall Street,… More

Cybersecurity Incident Response: Who You Gonna Call?

Who should you call when you suspect, or are certain of, a data breach? Data breaches and other cybersecurity incidents have become of a fact of life. Yahoo! recently disclosed that data for over one billion users was compromised in 2013. Hundreds of incidents affecting millions of records were reported in 2016 alone. So when — not if — your company suffers a breach,… More

New York’s “First in the Nation” Financial-Sector Cybersecurity Regulations Put on Hold

In late December, New York’s Financial Services Superintendent Maria T. Vullo announced that the New York’s Department of Financial Services’ (“DFS”) new cybersecurity regulations would not go into effect on January 1, 2017 as initially planned. These “first-in-the-nation” cybersecurity regulations were designed to help protect consumers and the financial system from the increasingly serious threat of cyberattacks. However, the regulations faced opposition from the financial services companies and insurers that would have been subject to them.… More

Cybersecurity 2017 – The Year in Preview: Changes Afoot in Federal Enforcement?

Editor’s note: This is the sixth and last in our end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, HIPAA compliance, emerging threats, and energy. See you in 2017!

Fragmentation in U.S. data privacy and cybersecurity law is both peril and promise. The peril? Businesses must contend with uncertainty and the costs associated with pleasing many regulatory masters. … More

Cybersecurity 2017 – The Year in Preview: Emerging Security Threats

Editor’s note: This is the fourth in a continuing end-of-year series. See our previous posts on trade secrets, state regulation and law enforcement, and HIPAA compliance. Our last two posts will focus on the energy industry, and federal regulation and law enforcement.

In 2016, new and alarming cybersecurity threats emerged, raising concerns in government, the business world,… More

Cybersecurity 2017 – The Year In Preview: The Changing Face of State Law and Enforcement

Editor’s Note: This is the second in a continuing end-of-year series. Stay tuned for our next installment, discussing HIPAA compliance.

In the patchwork of state and federal law regulating the use and maintenance of personal confidential information, states play a significant role and can often be the most important regulator and law enforcement authority. Recent events have signaled changes in how states interpret and enforce their data privacy standards —… More

Cybersecurity 2017 – The Year In Preview: Trade Secret Theft Takes Center Stage

Editor’s Note: This is the first of an end-of-year series of posts examining coming trends in cybersecurity. Posts will examine trends in state regulations, federal regulatory authority, the changing nature of the threat landscape, and HIPAA. This post discusses a shift in concern from personal consumer information toward company trade secrets.

When it comes to the issue of data privacy and security, especially among lawyers, the discussion generally concerns personally identifiable information. … More