With an increase in the frequency, sophistication, and cost of ransomware attacks, the Financial Crimes Enforcement Network (FinCEN) issued an advisory on October 1, 2020 alerting financial institutions to ransomware trends and typologies, and related financial red flags, that may result in a regulatory obligation to report and share information related to ransomware attacks. Based […]
Yesterday, October 1, 2020, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued its “Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments.” The advisory begins with the observation that “ransomware attacks have become more focused, sophisticated, costly, and numerous,” citing certain FBI statistics, before making clear what was already well […]
OCIE has released a risk alert regarding credential stuffing in the context of compliance with Regulation S-P and Regulation S-ID, and is encouraging firms to both (i) review and update their policies and procedures to address the risks associated with credential stuffing and (ii) consider proactive outreach to customers regarding measures taken to safeguard their […]
Brazil’s General Data Protection Law (the “LGPD”), a law similar to the European Union’s General Data Protection Regulation (the “GDPR”) is now effective. On April 29 of this year, Brazil’s President issued Provisional Measure 959 that, amongst other things, postponed the effective date of the LGPD, which was originally set to be effective August 2020, […]
On August 13, Massachusetts Attorney General Maura Healey announced the creation of a Data Privacy and Security Division with the AG’s office, and named Sara Cable as Chief of the new division. The new division is intended to protect Massachusetts consumers from increased threats to the privacy and security of their data.