Data Breach

California Federal Court Dismisses Data Security-Related Securities Fraud Class Action

October 1, 2021 By Sierra Shear, Cara Peterman and Madeleine Juszynski Davidson

A California federal court has dismissed a putative securities fraud class action alleging that a large title insurer that disclosed a data security incident in May 2019 made false and misleading statements related to its data security practices and the incident. The dismissal follows the June 2021 settlement of a related Securities & Exchange Commission […]

Key Takeaways from OFAC’s Updated Ransomware Advisory

September 23, 2021 By Kim Peretti and Lance Taubin

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued an “Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” While this advisory explicitly supersedes OFAC’s previous ransomware advisory from October 2020, it does not fundamentally alter OFAC’s approach towards ransom payments. Like the prior guidance, OFAC’s […]

New York and Illinois Regulators Recommend Third Party Cybersecurity Review For Specific Vulnerabilities

May 21, 2021 By James Harvey and Privacy, Cyber & Data Strategy Team

This month, the Illinois Department of Insurance issued guidance to insurers recommending assessments in response to a Microsoft Exchange vulnerability, detailed in the guidance. In the Bulletin dated May 5, the Department encourages regulated entities to “assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact.” The […]

NYDFS Announces Cybersecurity Settlement, Addresses Multi-Factor Authentication Rules

April 16, 2021 By Privacy, Cyber & Data Strategy Team

On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to […]

Another Court Dismisses Data Breach Class Action Lawsuit for Lack of Standing

March 12, 2021 By Donald Houser

In what appears to be a growing trend, another federal district court has dismissed a data breach case for lack of standing. In Springmeyer et al. v. Marriott International, Inc., 2021 WL 809894 (D. Md.), Plaintiffs, former guests of Marriott hotels, sued Marriott in connection with a data breach affecting over 5 million guests. Marriott moved […]