“Anatomy of a Data Breach”

Blog contributor James M. Paulino II recently co-authored an article in DRI’s For the Defense. The article, “Anatomy of a Data Breach,” takes a look at fundamental concepts on both the technical and legal sides of the issue of cybersecurity to help companies and their counsel face the growing threat of data breaches head-on. “As the stage is set for the first major debate over federal legislation, two basic issues emerge for attorneys and clients alike. First and foremost, what exactly is a data…
Continue reading...

DOJ Issues Best Practices for Cyber Incident Response

The US Department of Justice, Criminal Division, Cybersecurity Unit has issued a 15-page best practices document “to assist organizations in preparing a cyber incident response plan and…in preparing to respond to a cyber incident.”  The document explains in detail steps necessary before, during and after a cyber attack or intrusion, summarized in a “Cyber Incident Preparedness Checklist” (see below).  “Any Internet-connected organization” is advised to review and adopt these best practices in order to provide a prompt, effective response to incidents, minimize resulting harm, expedite…
Continue reading...

Senator Seeks Answers from President on White House Cyber Attack

Chairman of the Senate Committee on Commerce, Science and Transportation, John Thune, has sent an open letter to President Obama to address the cyber attack on the White House’s unclassified computer system in late-2014. The breach, allegedly by Russian hackers, was according to Senator Thune “more extensive than previously known,” and accessed “a great deal of sensitive information, such as schedules, policy discussions, and e-mails sent and received by” Mr. Obama, “including exchanges with ambassadors.” Following increased attacks across Executive Branch departments and agencies, Mr.…
Continue reading...

Recent Class Action Settlements By Target & Adobe

Adobe’s impending settlement in a class action comes just a month after Target settled claims for $10 million.  Although confirmatory discovery is ongoing according to Law360, Adobe and the named class members are expected to present their settlement proposal to District Judge Lucy Koh by the end of May.  Last year, both Adobe and Target lost motions to dismiss that challenged the plaintiffs’ Article III standing based on the U.S. Supreme Court’s 2012 decision in Clapper v. Amnesty International USA.  This may have been…
Continue reading...

House Overwhelmingly Passes Two Cyber Threat-Sharing Bills, Senate Poised for Third

On Wednesday, April 22, by a vote of 307-116, the House passed its first major cybersecurity bill of 2015, the Protecting Cyber Networks Act (PCNA), backed by the leadership of the Committee on Intelligence, which would shield private companies when sharing cyber threat data with government civilian agencies, including the Commerce and Treasury Departments. A second bill, The National Cybersecurity Protection Advancement Act of 2015 (NCPAA), which amends the Homeland Security Act of 2002, was passed by the House the following day, Thursday April 23,…
Continue reading...

Symantec Issues Threat Report – Cyber Threats on the Increase

Symantec issued its 2014 Internet Threat Security Report (“ITSR” or the “Report”). The Report highlighted some interesting trends including:
  • “60 percent of all targeted attacks struck small- and medium-sized organizations.” In part, this is due to the fact that these “organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses, but also their business partners, at higher risk.”
  • “Non-targeted attacks still make up

Continue reading...

NY Dept. of Financial Services Requests Detailed Cyber Security Reports From Insurers

Cyber security is clearly one of the highest priorities — if not the top concern — for regulators in 2015. Late last month, the New York Department of Financial Services (DFS) sent more than 160 licensed insurers a New York Insurance Law Section 308 Letter seeking a detailed report regarding their cyber security practices and procedures. The Section 308 Letter — to which there is now less than three weeks to respond — also provides greater insight into the scope of cyber security examinations that…
Continue reading...

Target to Change Security Policies and Pay $10 Million to Settle Data Breach Lawsuit

U.S. District Court Judge Paul Magnuson has indicated that he will grant preliminary approval of a 97-page settlement agreement between Target and class-action plaintiffs.  Under the settlement, Target will pay $10 million to compensate injured customers, with court documents suggesting as much as $10,000 for a victim. In total, 42 million shoppers had their credit or debit information stolen, and 61 million had personal data stolen from November 27 through December 18, 2013. The settlement also requires Target to change its security policies within 10…
Continue reading...

Hackers Charged with Stealing 1 Billion E-mail Addresses

The U.S. Department of Justice has unsealed indictments against three hackers for having broken into eight email service providers (ESPs), stealing 1 billion email addresses and names, and receiving $2,000,000 for the sale of products to those email addresses through a “spam” sales scheme. According to the indictments filed with the U.S. District Court for the Northern District of Georgia, Canadian David-Manuel Santos Da Silva and Viet Quoc Nguyen and Giang Hoang Vu from Vietnam used an email phishing scheme beginning in 2009 to gain…
Continue reading...

SEC, FINRA and the U.S. Senate Prepare for Cyberattacks in 2015

Two major government agencies have issued reports addressing security of brokerage and advisory firms, and two U.S. Senators have declared their intention to expand cyber-security laws into automobiles.  In February, the SEC released two major publications (here and here) regarding risks for brokerage and advisory firms, as well as adjusters.  The Financial Industry Regulation Authority (FINRA), a private corporation managed by financial industry insiders and billed as the self-appointed “regulator” for NYSE and NASDAQ, has issued a report to assist broker-dealer firms with…
Continue reading...