Category Archives: Cyber Security

Recent Class Action Settlements By Target & Adobe

Adobe’s impending settlement in a class action comes just a month after Target settled claims for $10 million.  Although confirmatory discovery is ongoing according to Law360, Adobe and the named class members are expected to present their settlement proposal to District Judge Lucy Koh by the end of May.  Last year, both Adobe and Target lost motions to dismiss that challenged the plaintiffs’ Article III standing based on the U.S. Supreme Court’s 2012 decision in Clapper v. Amnesty International USA.  This may have been…

Continue Reading....

House Overwhelmingly Passes Two Cyber Threat-Sharing Bills, Senate Poised for Third

On Wednesday, April 22, by a vote of 307-116, the House passed its first major cybersecurity bill of 2015, the Protecting Cyber Networks Act (PCNA), backed by the leadership of the Committee on Intelligence, which would shield private companies when sharing cyber threat data with government civilian agencies, including the Commerce and Treasury Departments. A second bill, The National Cybersecurity Protection Advancement Act of 2015 (NCPAA), which amends the Homeland Security Act of 2002, was passed by the House the following day, Thursday April 23,…

Continue Reading....

Symantec Issues Threat Report – Cyber Threats on the Increase

Symantec issued its 2014 Internet Threat Security Report (“ITSR” or the “Report”). The Report highlighted some interesting trends including:

  • “60 percent of all targeted attacks struck small- and medium-sized organizations.” In part, this is due to the fact that these “organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses, but also their business partners, at higher risk.”
  • “Non-targeted attacks still make up

Continue Reading....

NY Dept. of Financial Services Requests Detailed Cyber Security Reports From Insurers

Cyber security is clearly one of the highest priorities — if not the top concern — for regulators in 2015. Late last month, the New York Department of Financial Services (DFS) sent more than 160 licensed insurers a New York Insurance Law Section 308 Letter seeking a detailed report regarding their cyber security practices and procedures. The Section 308 Letter — to which there is now less than three weeks to respond — also provides greater insight into the scope of cyber security examinations that…

Continue Reading....

SEC, FINRA and the U.S. Senate Prepare for Cyberattacks in 2015

Two major government agencies have issued reports addressing security of brokerage and advisory firms, and two U.S. Senators have declared their intention to expand cyber-security laws into automobiles.  In February, the SEC released two major publications (here and here) regarding risks for brokerage and advisory firms, as well as adjusters.  The Financial Industry Regulation Authority (FINRA), a private corporation managed by financial industry insiders and billed as the self-appointed “regulator” for NYSE and NASDAQ, has issued a report to assist broker-dealer firms with…

Continue Reading....

Third Circuit Reviews FTC’s Authority To Enforce An “Unreasonable Failure” To Protect Against A Cyber Attack

Today, the Third Circuit heard oral argument in a case that may have a profound impact on the Federal Trade Commission’s enforcement authority over corporate cybersecurity.  The question presented to the Court of Appeals is whether the FTC can pursue an enforcement action against a company under Section 5 of the FTC Act if the FTC believes that a cyber-hack occurred due to the company’s “unreasonable failure” to protect consumer data. The FTC alleges that Wyndham Worldwide did not “employ reasonable and appropriate measures to…

Continue Reading....

Cyber Breaches Prompt Government Action

Several government entities are taking action to address the growing rise of cyber-attacks as more fully explained in Goldberg Segalla’s Insurance & Reinsurance Report. As reported in a post by Frederick J. Pomerantz and Aaron J. Aisen, in response to a cyber breach at a major insurer, Connecticut lawmakers are considering legislation requiring insurance companies to encrypt sensitive information.  Furthermore, the Federal Government is considering several proposals  including a Consumer Privacy Bill of Rights and standardized consumer notification procedures.  Similarly, as discussed in…

Continue Reading....

Cyber Attack Immobilizes Dutch Government Websites

As reported by the BBC, most of the Dutch government’s websites were rendered inoperable after a successful distributed denial of service (DDoS) cyber-attack on Tuesday, when servers were flooded with traffic, rendering the sites virtually inoperable.  A number of private sites were also breached, and the attack also affected communications provider Telford.  As the BBC noted, these attacks “highlighted the vulnerability of public infrastructure.” An official from the Dutch Government Information Service, Rimbert Kloosterman, remarked that the complexity and size of the government’s websites had…

Continue Reading....

ACE Group and The Institutes Launch Dedicated Cyber Risk Programs

This week, two major industry players announced the launch of dedicated cyber risk programs. ACE Group, one of the world’s largest multiline property and casualty insurers, announced the launch of its new dedicated cyber risk business unit in response to internal research showing that cyber risk is a “top three” emerging issue among European risk managers.  ACE first established its global cyber practice in 2014, and is seeking to strengthen its leadership in this new risk area with the addition of full-time dedicated cyber underwriting…

Continue Reading....

Department of Homeland Security Must Assess Cyber Risks to Building Access and Control Systems

The U.S. Government Accounting Office (GAO) issued a report this month calling on the Department of Homeland Security (DHS) and General Services Administration (GSA) to develop and implement a strategy to address cyber risks to building and access control systems, including the computers that monitor and control building operations such as elevators, electrical power, and heating, ventilation, and air conditioning.  As these systems are increasingly connected to other information systems and the Internet, there is greater vulnerability to cyber attacks, which, the report explains, “could…

Continue Reading....