Cybersecurity

DOJ Settles False Claims Act Case with MORSECORP Over Cybersecurity Program

May 6, 2025 By Kim Peretti, Andrew Liebler, Lance Taubin and Andrew Rice

On March 26, 2025, the United States Department of Justice (DOJ) announced that it had reached an agreement with MORSECORP Inc. (MORSE) to settle alleged violations of the False Claims Act (FCA), specifically regarding MORSE’s cybersecurity program. The DOJ and MORSE—a government contractor that provides services to both the Departments of the Army and Air […]

Additional Cybersecurity Requirements of NYDFS Part 500 Take Effect Today

May 1, 2025 By Kim Peretti, Kate Hanniford, Scott Hilsen, Lance Taubin and Andrew Rice

Today, on May 1, 2025, additional enhanced cybersecurity controls required by the Second Amendment to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) (the “Second Amendment”) take effect. Although the Second Amendment was originally adopted in November of 2023, NYDFS established a multi-year rollout of the Second Amendment’s requirements, […]

2025 State Cybersecurity Legislation Focuses on Financial Services

April 18, 2025 By Kim Peretti and Scott Hilsen

Eight years ago, on March 1, 2017, the New York Department of Financial Services enacted its landmark cybersecurity regulation covering financial services companies, 23 NYCRR Part 500, known as “Part 500.” Part 500 was the first state regulation to enumerate, in great detail, the elements of a cybersecurity program that a covered financial service company […]

UK Government Publishes Cyber Governance Code of Practice for Boards and Directors

April 10, 2025 By Hanna Hewitt and Kelly Hagedorn

On April 8, 2025, the UK government published the Cyber Code of Practice (the “Code”) to support board directors in governing cybersecurity risks. The Code is available online. The UK’s data protection regulator is actively investigating and, in some instances, fining companies for personal data breaches caused by cybersecurity issues. It is therefore more important […]

UK’s Data Protection Regulator fines a UK SaaS provider ~$4 million following a ransomware incident

April 4, 2025 By Hanna Hewitt and Kelly Hagedorn

On March 26, 2025, the UK data protection regulator (the Information Commissioner’s Office (“ICO”)) fined Advanced Computer Software Group Ltd (“Advanced”) £3.07 million (approximately $4 million). In 2022, Advanced suffered a ransomware incident that put the personal data of 79,404 people at risk. In its penalty notice, the ICO found that Advanced failed to implement […]