On October 6, 2021, Deputy Attorney General Lisa O. Monaco announced the launch of the Department of Justice’s Civil Cyber-Fraud Initiative. The Department plans to use civil enforcement tools to “pursue…those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards.” Stating the Department will pursue “very hefty fines,” […]
Cyber Risk
California Federal Court Dismisses Data Security-Related Securities Fraud Class Action
A California federal court has dismissed a putative securities fraud class action alleging that a large title insurer that disclosed a data security incident in May 2019 made false and misleading statements related to its data security practices and the incident. The dismissal follows the June 2021 settlement of a related Securities & Exchange Commission […]
Securities Class Actions Filed Against Three Chinese Tech Titans After Announcement of Cyber-Related Investigations
In early July, investigations by a Chinese cybersecurity regulatory agency, the Cyberspace Administration of China (“CAC”), into at least three China-based technology companies—DiDi Global Inc. (“DiDi”), Full Truck Alliance Co. Ltd. (“FTA”), and Kanzhun Limited (“Kanzhun”)—were purportedly revealed weeks after each conducted a substantial initial public offering (“IPO”) on a United States stock exchange. These […]
SEC Settles Enforcement Action for Disclosure Controls Violations Stemming from Data Security Incident
The SEC has settled an enforcement action against a large title insurer in connection with public statements and disclosures made by the company in May 2019 relating to a data security incident. The underlying data security incident was the subject of the first set of charges brought by the New York Department of Financial Services […]
New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities
This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]