In early March, the New York Department of Financial Services (NYDFS) announced a settlement involving a $1.5M penalty and mandatory remediation in response to a mortgage lender’s alleged failure to report a cyber breach, and other alleged cybersecurity failures. This enforcement action marks the second public enforcement action under 23 NYCRR Part 500 (the “Cybersecurity […]
Security Breach
SolarWinds Hack: Unparalleled Supply Chain Attack Results in Potential Compromise of Private and Public Sector Organizations
On Sunday, December 13, 2020, SolarWinds announced that it had learned of a “highly sophisticated, manual supply chain attack” by a nation state affecting its Orion Platform, which is used by a wide variety of public and private sector organizations for IT infrastructure monitoring and management. In this attack, adversaries were able to compromise the […]
Warning: Iranian Cyber Response Possible Against Private Industry
After Friday’s announcement of the killing of Major General Qassem Soleimani, a leader of Iran’s Quds Force, several regulators have put industry on high alert of the increased potential for cyber-attack. Iran has a known history of launching cyber-attacks against US industry, and regulators warn industry to prepare for a possible rise in cyber-attacks. The […]
New Hampshire Passes Insurance Data Security Law
New Hampshire recently passed its Insurance Data Security Law based on the National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law. The law will go into effect January 1, 2020. New Hampshire is one of several states, including Alabama, Connecticut, Delaware, Michigan, Mississippi, Ohio, and South Carolina, that has passed an insurance data […]
The CCPA Could Reset Data Breach Litigation Risks
While much has been written about the California Consumer Privacy Act (“CCPA”), the focus has primarily been on the new rights it affords California consumers to have access to and control use of their data and opt out of many transfers to third parties. While this is a sea change in data privacy legislation in […]