On Tuesday, July 21, 2020, the New York Department of Financial Services (the “NYDFS”) brought its first enforcement action under its Cybersecurity Regulation (the “Regulation”) against a large title insurer (the “Company”) for failing to protect sensitive personal information. The NYDFS is seeking civil monetary penalties, an order requiring the Company to remedy the alleged […]
Cybersecurity
UK National Cyber Security Centre Advisory: Russian Attackers, APT29, Targets Companies Involved in COVID-19 Vaccine Development
Yesterday, the UK National Cyber Security Centre and Canada’s Communications Security Establishment released an advisory linking APT29 (also known as, ‘the Dukes’ or ‘Cozy Bear’) to attacks against COVID-19 vaccine development in Canada, the US and the UK. The Advisory stated that APT29 is “almost certainly part of the Russian intelligence services.” APT29/Cozy Bear was […]
DOJ Releases Guidance On Gathering Threat Intel From The Dark Web
The Cybersecurity Unit (“CsU”) of the Computer Crime and Intellectual Property Section of the Criminal Division of the United States Department of Justice (“CCIPS”) has released its guidance on “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources” (“Guidance”). The CsU prepared the Guidance—with input from the FBI, the U.S. […]
FBI Releases IC3 2019 Internet Crime Report
The FBI’s Internet Crime Complaint Center (“IC3”) has released its 2019 Internet Crime Report (“Report”) on trends and statistics of suspected cybercrimes from 2019. The Report gathers data from 467,361 complaints, an increase from prior years, with dramatic losses in excess of $3.5 billion. In addition to an explanation of the IC3’s history and operations, […]
DOJ Indicts Chinese Military Personnel for Involvement in 2017 Equifax Breach
On February 10, 2020, the U.S. Department of Justice announced charges against four members of China’s People’s Liberation Army (“PLA”) for their alleged involvement in the 2017 Equifax hack that resulted in the theft of the personal information of 145 million Americans. In the nine-count indictment, the four individuals, Wu Zhiyong, Wang Qian, Xu Ke, […]