Cybersecurity

NYDFS Releases Industry Letter on the Use of Self-Service Password Reset Feature

January 23, 2024 By Kim Peretti, Lance Taubin and Ashley Miller

On January 12, 2024, the New York State Department of Financial Services (“NYDFS”) released a new Industry Letter on the use of self-service password reset (“SSPR”) services, which enable users to reset their own password without the assistance of help desk or IT professionals. The Industry Letter discusses the risks associated with the use of […]

NYDFS Releases Consent Order in First Enforcement Action Brought Under the Cybersecurity Regulations

December 18, 2023 By Lance Taubin, Ashley Miller, Kristen Bartolotta and Privacy, Cyber & Data Strategy Team

After a three-year investigation/enforcement action by the New York Department of Financial Services (“NYDFS”), NYDFS entered into a Consent Order with a large title insurer (the “Company”) for its violation of NYDFS’s Cybersecurity Regulation (23 NYCRR Part 500) (the “Regulation”), specifically, its failure to protect non-public information (“NPI”). NYDFS originally brought the enforcement action in […]

CPPA Publishes Revised Cybersecurity Audit Regulations in Advance of Board Meeting

November 27, 2023 By Lance Taubin, Kristen Bartolotta and Santi Villar

On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics listed in its published agenda. The New CPRA Rules Subcommittee will provide an update and present on the Draft Regulations on […]

CISA Releases Advisory Concerning Chinese-Backed Threat Actor

October 9, 2023 By Kim Peretti

On September 27, 2023, The U.S. National Security Agency (NSA), the U.S. Federal Bureau of Investigation (FBI), the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Japanese National Police Agency (NPA), and the Japanese National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released a joint cybersecurity advisory (CSA) concerning the recent activity of […]

New York Continues to Focus on Companies’ Data Security Practices

October 6, 2023 By Kim Peretti and Kristen Bartolotta

New York Attorney General Letitia James recently announced two agreements related to data breaches with entities that operate in the education industry. In both instances the entities paid the ransom and received evidence of deletion of the stolen data. Most recently, on October 5, 2023 the Office of the Attorney General (OAG) announced a $49.5 […]