Data Privacy and Security Blog

May 12, 2017 Cyber Attacks

Major Cyber Attack on Britain’s National Health Service

A widespread cyber attack has breached healthcare services across England and Scotland, possibly impacting up to 33 NHS organizations and additional general practitioners. The Prime Minister has confirmed the attack, and that the National Cyber Security Centre is already working with NHS digital to safeguard patient data. More information can be found here. … Continue Reading

May 2, 2017 Cyber Attacks

Don’t Be Held Hostage by Ransomware

Chair of Goldberg Segalla’s Cyber Risk Practice Group, John J. Jablonski, Esq., offers insights on avoiding a ransomeware attack in a recent blog post for the Pennsylvania Institute of Certified Public Accountants, accessible here. John will also be sharing his insights on cybersecurity at the PICPA Data Privacy and Security for Professional Service Organizations program in Philadelphia on May 24.… Continue Reading

April 27, 2017 Cybersecurity / Emerging Issues

Re-Thinking the U.S. Government’s Approach to Cybersecurity

Are the “cybersecurity” tools used by the CIA and NSA causing harm to U.S. businesses and citizens? An analysis of the WikiLeaks materials, and recent hacker activity, suggests the answer may be yes. This month, it was revealed that at least 40 cyber attacks on organizations in 16 countries were conducted with top-secret hacking tools, according to security researcher Symantic Corporation. While not formally blaming the CIA, Symmantic said it connected these attacks to the CIA hacking tools obtained by WikiLeaks, and that the targets… Continue Reading

April 25, 2017 Cybersecurity / Legislation

April Brings Showers … and Changes to State Data Breach Notification Laws

Over the past few weeks there have been noteworthy changes to data breach notification acts within several states. Of importance, New Mexico enacted its first notification law while Tennessee and Virginia amended existing legislation. New Mexico On April 6, 2017 New Mexico enacted HB 15, the Data Breach Notification Act, making it the 48^th state to pass a notification law. The Act goes into effect on June 16, 2017, leaving Alabama and South Dakota as the only states without notification requirements. The Act, drawing… Continue Reading

April 13, 2017 Cyber Attacks / Cyber Breach

IRS Student Loan Application Program Breach Affecting up to 100,000 Taxpayers

On April 6, 2017, IRS Commissioner John Koskinen testified during a Senate Finance Committee meeting that the personal data of up to 100,000 taxpayers may have been compromised by hackers accessing both students’ and parents’ tax information through the Data Retrieval Tool (DRT), a free application for federal student aid data retrieval connected with the Free Application for Federal Student Aid (FAFSA). Obtaining such information allowed these hackers to file fraudulent tax returns and steal refunds. The last breach of this magnitude occurred in 2015,… Continue Reading

March 29, 2017 Regulation

Congress Rolls Back FCC Privacy Regulations

On March 28, 2017, Congress passed legislation (S.J. Res. 34) that rolled back privacy regulations recently adopted by the Federal Communications Commission. The resolution passed the Senate by a vote of 50-48 and the House by a voted of 215 to 205. This is one of several sets of regulations Congress is rolling back under the authority of the Congressional Review Act of 1996. Under this statute, Congress can nullify administrative regulations by simply passing a joint resolution of disapproval. On December 2, 2016,… Continue Reading

March 7, 2017 Cybersecurity / Regulation

New York Issues Final Cybersecurity Regulation

On February 13, 2017, the New York Department of Financial Services (NYDFS) adopted the final version of its first-of-its-kind cybersecurity regulation, “Cybersecurity Requirements For Financial Services Companies” (23 NYCRR 500). This regulation took effect on March 1, 2017. The final regulation reflects several of the comments offered during the final comment period that concluded on January 27, 2017. For a prior list of significant changes from the initial version to the second version, please see our blog post located here. Most of… Continue Reading

January 10, 2017 Cybersecurity / Regulation

NYDFS Issues Updated Cybersecurity Regulation

The New York Department of Financial Services (NYDFS) recently issued an updated version of its proposed cybersecurity regulation, “Cybersecurity Requirements For Financial Services Companies” (23 NYCRR 500). The updated proposed regulation reflects several of the comments offered during the initial public notice and comment period that concluded on November 14, 2016. Some of the most noteworthy changes in the revision are as follows:

Section 500.04 — NYDFS clarified that while a Covered Entity must designate a qualified individual to perform the responsibilities

December 22, 2016 Cybersecurity / Emerging Issues / Lawsuit

Despite Recent High-Profile Dismissals, Wendy’s Shareholders Try Again with Cybersecurity-Related Derivative Lawsuit

The resilient plaintiff’s bar is not backing down from their quest to hold directors and officers personally liable for corporate misconduct that leads to cybersecurity breaches. Taking guidance from the failures which resulted in a string of dismissals of high-profile cybersecurity-related shareholder derivative lawsuits, a shareholder of the fast food-chain The Wendy’s Company is taking another shot to impose liability on corporate leadership for failing to take precautions against cyber-attacks. To be clear, these derivative cases are trying to hold the directors and officers liable… Continue Reading

October 20, 2016 Cyber Attacks / Cyber Risk

Lessons in Cyber-Hygiene: How John Podesta was Caught by Phishing

Instead of a Hollywood-style cyberattack into an underground bank of highly secure servers, it appears Hillary Clinton’s campaign chairman John Podesta fell victim to a run-of-the-mill phishing email appearing to come from Google. On March 19, 2016, Podesta received an alarming email to his Gmail account indicating someone had accessed his account, inviting Podesta to click on a Bitly URL (a service providing shortlinks, or smaller URL addresses) pointing to a longer URL that looked like a Google link. According to Bitly’s statistics, the URL… Continue Reading

Data Privacy and Security™

LATEST INSIGHTS