On April 14, 2021, the New York Department of Financial Services (“NYDFS”) announced a settlement with National Securities Corporation (“National Securities”), a licensed insurer, in connection with claims under the NYDFS Cybersecurity Regulation (23 NYCRR Part 500). The consent order requires payment of a $3M penalty and mandatory remediation in response to alleged failures to […]
National Security & Digital Crimes
NYDFS Reports Major Cybersecurity Settlement
In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]
President Biden Issues Executive Order on America’s Supply Chains
On February 24, 2021, President Biden announced a new Executive Order on America’s Supply Chains. The Order provides for two key initiatives, including a 100-day review of the supply chains for certain vital products and a long-term review of supply chains in six different sectors of the U.S. economy, including the information and communications technology […]
U.S. Takes Part in Multinational Efforts to Disrupt Netwalker Ransomware and Emotet Malware
On January 27 and 28, 2021, the U.S. Department of Justice (DOJ) announced two successful operations to disrupt two different strains of malware, Netwalker ransomware and a banking Trojan known as Emotet, which have affected victims around the globe and caused millions of dollars in damage in recent years. The law enforcement actions against Netwalker and […]
Federal Court Rules Cyber Forensic Report Is Not Protected Under Attorney-Client Privilege Or Work Product Doctrine
On January 12, 2021, Judge Boasberg (D.D.C.) ruled that a forensic report prepared for outside counsel following a cyber incident investigation was not protected under either attorney-client privilege or the work product doctrine. The investigation in question was run by outside counsel and the security firm had been retained by outside counsel. This decision is […]