Alston & Bird's Privacy & Data Security Team Team led the May 14, 2013, monthly update conference call of the ABA Antitrust Section’s Privacy and Information Security Committee. Kim Peretti, Paul Martino, Bruce Sarkisian and David Keating were featured panelists during the call.
VIEW: ABA Privacy and Data Security Update presentation slides. (PDF)
Written by the Privacy & Data Security Team | Alston & Bird LLP
|
Kim Peretti, co-chair of the firm’s Security Incident Management and Response Team and former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, was interviewed by BankInfoSecurity.com, where she discussed the cyber heist scheme that involved $45 million withdrawn from ATMs worldwide.
Peretti offered insights, lessons learned from global cash-out schemes and security tips for targeted organizations.
Visit BankInfoSecurity.com to watch the video of Peretti’s interview.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
Kim Peretti, co-chair of the firm’s Security Incident Management and Response Team and former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, was quoted in The New York Times article, “In Hours, Thieves Took $45 Million in A.T.M. Scheme.”
Ms. Peretti said the significance in this data breach is that they are manipulating the financial system to be able to change these balance limits and withdrawal limits. “When you have a scheme like this, where the system can be manipulated to quickly get access to millions of dollars that in some sense did not exist before, it could be a systemic risk to our financial system.”
View the complete article: "In Hours, Thieves Took $45 Million in A.T.M. Scheme"
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
On May 17, 2013, Kim Peretti will serve as planning chair and Todd McClelland will be a featured speaker in the program entitled “The Top Five Data Security Threats in 2013: Knowing and Understanding the Legal Risks,” by ALI-CLE. Data security remains the elephant in the room for many corporate legal departments, law firms and outside counsel. Everyone knows data security concern is warranted, but many still do not entirely comprehend the risks, what resources are needed to protect against them, or how to handle liabilities resulting from breaches. Moreover, even if you appreciate the legal aspects of your data security needs, you may struggle to keep your policies and procedures current because of rapid changes in technology.
The following topics will be discussed during the program.
- National cyber security concerns
- Evolving cyber threat landscape
- Mobile devices in the workplace (BYOD)
- Data security in the cloud
- Employee training and awareness
To register, please click here.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
This article is the second in a four-part series describing some of the challenges to conducting breach investigations in response to increasingly sophisticated attacks. In Part 1, entitled Right-Sizing the Data Breach Investigation and published with Law360 on March 26, 2013, we provided an overview of the evolving advanced cyber threat landscape and the three common breach response scenarios (internal investigations to fix technical problems, investigation to assess payment card exposure, and investigations to determine compliance with state data breach notification statutes). This Part II takes a closer look at responses involving payment card breaches—both because of their unique nature and their potentially grave implications.
Please click the following link for a full version of Understanding the Role of the PFI in Payment Card Breaches.
Written by Jim Harvey, Partner, Privacy & Data Security | Alston & Bird LLP
|
Kim Peretti, co-chair of the firm’s security-incident and management-response team and former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, was quoted in the Wall Street Journal article, “U.S. Eyes Pushback On China .” U.S. officials view that strategy [indictment] as a way to establish a deterrent. China likely wouldn't turn over its citizens to the U.S. for prosecution, but U.S. authorities could ensure suspects would be unable to travel freely for fear of being turned over by a foreign government to U.S. law enforcement.
"It would be very significant, because it would be a first of its kind," said Kimberly Peretti, a former Justice Department prosecutor who handled cybercrime cases during eight years at the department until 2010. Indictments create leverage in diplomatic negotiations, because it is more difficult for the government to deny the problem when there is a specific legal action against an individual, she said.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
On April 11, Alston & Bird’s Kim Peretti was interviewed by Fox Business on the prosecution of cyber criminals. In the video interview entitled, “Cyber Conundrum: Prosecuting Hackers,” Peretti discusses:
- Prosecution roadblocks to bringing foreign and domestic hackers to justice.
- Primary categories of actors in the hacker world: hacktivists, state sponsored groups and global criminal hacking organizations.
View Kim Peretti's interview by Fox Business.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
On Wednesday, April 10, Security Incident Management & Response Team Co-Leaders Kim Peretti and Jim Harvey hosted the panel discussion “Nuts, Bolts and Latest Developments in Cyber and Privacy Investigations” in Alston & Bird’s Washington, D.C. office. They were joined by cybersecurity and cybercrime experts from the government and private sector to discuss the latest developments in the area of cyber and privacy investigations. The experts shared perspectives on behind-the-scene mechanics in conducting effective and efficient investigations, especially those that result from sophisticated threat actor activity.
In addition to the D.C. attendees, the presentation drew over 200 attendees from across 25 states who participated in this lively presentation via conference call.
If you are interested in participating in future events and would like to be added to our email distribution list, please send an email indicating your request to.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
Kim Peretti, co-chair of the firm’s security-incident and management-response team and former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, appeared on Fox News to discuss prosecuting cyber criminals.
To view the video, please click Peretti Appears on Fox News.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
Kim Peretti, co-chair of the firm’s security-incident and management-response team and former senior litigator for the Justice Department's Computer Crime and Intellectual Property Section, was quoted in the Wall Street Journal article, “Law Firms Tout Advantage of Secrecy in Cyberbreach Investigations.” Ms. Peretti said the practice is among the first at a major law firm that is dedicated to data-breach investigations and she expects the firm's competitors to follow suit.
"While forensic firms still get most of the work, and are hired by law firms, the need to establish attorney-client privilege has led companies to turn to law firms," she said.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
In the age of targeted intrusions, sophisticated criminal and nation-state actors are often compromising hundreds of systems within a single company’s environment. However, companies are often only seeing a small portion of the entire incident, as their response to such invasions can be, and often is, too narrowly shaped by state security breach notification requirements, industry rules governing payment card breaches and the absence of a direct legal obligation requiring a more comprehensive review. If a company has a less-than-complete understanding of the nature and scope of the intrusion, it could be exposed when the criminals revisit the enterprise for further exploitation or when regulators and class-action plaintiffs begin probing into details of the company’s response. Please click the following link for a full version of Cyber Alert: Breach Investigations, Part 1: Right-Sizing the Data Breach Investigation.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
After observing a noticeable increase in sophisticated attacks targeting payment processors of prepaid debit accounts in which criminals are able to manipulate balances of accounts and/or fraud prevention controls, the United States Secret Service released an Industry Advisory on March 15, 2013. The Advisory outlines several “macro” and “prepaid platform specific” strategies that payment processers should take to mitigate the risk of such attacks occurring on their systems.
Read More
|
On February 27, Alston & Bird’s Kim Peretti spoke at the 2013 RSA conference. Following the conference, Kim was interviewed by BankInfoSecurity about her discussion during the conference. In the video interview entitled, “Tips and Tools for Breach Investigations,” Peretti discusses:
- Areas most frequently overlooked;
- Lessons learned from recent investigations;
- Technology tools to aid investigators.
To view the full video, please click here.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
On April 10, 2013, Alston & Bird will bring together cybersecurity and cybercrime experts from the government and private sector to discuss the latest developments in the area of cyber and privacy investigations. The experts will also share perspectives on behind-the-scene mechanics in conducting effective and efficient investigations, especially those that result from sophisticated threat actor activity. Please join us for this lively and topical discussion.
Read More
|
Distributed Denial-of-Service (DDoS) attacks are not a new method employed by cyber criminals to inflict damage on victim entities’ networks. In fact, DDoS attacks were one of the first types of online crimes to appear in the dawn of the Internet age. In the past several years, however, cyber threat actors have rekindled this attack to produce two new variants, both of which specifically target the financial services sector. Attorneys from our Security Incident Management and Response Team have drafted a Cyber Alert that provides background on these events, some of the regulatory and governmental context and helpful tips for those addressing these issues. To read the complete alert, please visit here.
Written by Kimberly Peretti, Partner, Security Incident Mangement & Response Team and Maki DePalo, Associate, Privacy & Data Security | Alston & Bird LLP
|
On January 14, 2013, Singapore passed an amendment to the Computer Misuse Act (now renamed the Computer Misuse and Cybersecurity Act), which provided the government with additional authorities to prevent, detect and counter cyber attacks on critical infrastructure. Key aspects of this law include the ability of the government to direct a person or organization to take specific steps – including exercising certain powers under the criminal procedure code -- with respect to preventing, detecting, or countering a cyber threat where the threat relates to certain types of critical infrastructure. Such broad authority could encompass directing companies to conduct “pre-emptive” strikes or other measures prior to the onset of an imminent cyber attack. Importantly, the law confers immunity from any civil or criminal liability resulting from fulfilling an obligation under the law, but also provides for criminal penalties for failing to comply.
Read More
|
Last week the United States Court of Appeals for the Fourth Circuit halted an attempt by three individuals involved in the ongoing WikiLeaks investigation to make information about the investigation public. Specifically, the three users sought to unseal the prosecution’s request for a court order requiring Twitter to disclose certain user account information, including the three user’s personal identifying information and account information, as well as all messages they sent and received using the service. The prosecution’s request would have included its reasoning behind why the government suspected the three user’s involvement, and may have included information regarding how the investigation has been operating. The users also moved to unseal any other orders that were issued to other companies demanding similar information be turned over to the government.
Read More
|
Alston & Bird has developed a checklist tool to assist Covered Entities, Business Associates, and Subcontractor Business Associates to plan their implementation of the January 25, 2013 Omnibus HIPAA Rule. The Omnibus HIPAA Rule significantly amended the HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rules, as summarized in an Alston & Bird HIPAA Advisory issued on January 25, 2013.
Read More
|
Last week, we blogged about the U.S. Department of Health & Human Services putting on display at the Office of Federal Register the long-awaited “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules” (the “Omnibus Rule”). Today, the Omnibus Rule was published in the Federal Register – and Alston & Bird has issued a Health Care ADVISORY on the Omnibus Rule. The Health Care ADVISORY can be found on our website at: www.alston.com/advisories/healthcare-HIPAA/HITECH-Act-Omnibus-FinalRule
Written by Paula Stannard, Counsel, Privacy & Data Security | Alston & Bird LLP
|
On January 23, Alston & Bird and KPMG co-hosted a seminar entitled, “Cyber Security and Breach Response: What Board Members and Executive Leadership Need to Know” on the topic of cyber risks and how public company boards can best prepare themselves for a security breach situation and respond optimally, should one occur. This program provided board members, executive leadership and their direct advisors valuable insights into one of the largest threats facing public companies today. Greg Bell from KPMG, along with Jim Harvey and John Latham from Alston & Bird, covered the following topics and more:
- Today’s increased threat environment and why it is a top boardroom issue
- Critical considerations in the event of a breach
- Preparedness and how cyber breaches differ from other risks
You may listen to a recording of this seminar by visiting Cyber Security and Breach Response Seminar.
Written by Security Incident Management & Response Team | Alston & Bird LLP
|
|