Are Third-Party Vendors the Weakest Link in your Cyber Security Chain?

So, you’ve invested in a top-rate data security system, and hired the best CISO (Chief Information Security Officer) imaginable, but have you ever audited the security of the computers used by your attorneys and accountants…to whom you disclose your company’s most confidential and sensitive information? Well, you should. As recently reported in the Wall Street Journal, today’s largest financial institutions are now putting law firms to the test when it comes to the security of the information provided to their attorneys. And, rightly so, as…
Continue reading...

Can Companies Pre-Emptively Avoid Class Action Suits from Massive Data Breaches? (A Blog Series)

There’s a constant flow of news about massive data breaches nowadays.  So much so that the question for companies with large amounts of personal data storage is no longer “if” it can happen but “when” it will happen.  In this series, we’re going to discuss one method that larger companies are using to significantly reduce the risk exposure to massive data breaches: click-wrap terms of use that require users to waive participation in class actions and instead only pursue claims by way of arbitration or…
Continue reading...

Breach of U.S. Public Utility

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advised in its quarterly report that an unnamed public utility was compromised after attackers took advantage of a weak password security system by using brute force techniques by trying on various passwords until they hit the right one. This may come as no surprise to some as the vulnerability of the U.S. power grid to electronic attack has been known since the 1990’s. Factors contributing to this increasing danger include the shift…
Continue reading...

NYDFS to Conduct Annual Cyber Assessments on NY Regulated Banks

Governor Andrew Cuomo of New York announced on May 6, 2014 that the New York State Department of Financial Services (NYDFS) would begin conducting “new, regular, targeted cyber security preparedness assessments of the banks [NYDFS] regulates.”  Governor Cuomo noted, Targeted cyber security assessments for banks will better safeguard financial institutions from attacks and secure personal bank records from being breached. When consumers sign up for online banking they expect their personal information to be secure and we are working to make sure financial institutions take…
Continue reading...

Lawsuits Follow College’s Untimely Notifications – Can’t Blame the Dog…

Last year, the Maricopa County Community College District suffered a data breach in April, but waited until November before advising former students and employees that their academic and/or personal data may have been compromised.  Approximately 2.4 million people were impacted by this breach, or roughly the population of Pittsburgh, Pennsylvania.  Among the data that may have been breached were social security numbers, dates of birth, and bank account numbers. Recently, a current student of Phoenix College sued the College District in Maricopa County Court, making…
Continue reading...

Cy-“Burned” – The New Importance of Cyber Insurance

Data breaches that result in the unwanted dissemination of personal information are prevalent in the news of late, particularly given the rapid growth of electronically stored information and online commerce. A data breach can be very, very expensive even for the smallest of companies. This post was originally published on Professional Liability Matters. Please click here to read the rest of the article written by Seth L. Laver, Jessica L. Wuebker, and Matthew D. Cabral.…
Continue reading...

In a Rare Move, Banks Sue Target’s Data Security Auditor

One of the recurring themes of the Target data breach is “compliance does not guarantee security.”  As if in response to the open question of whether compliance auditors should be looked at more closely, banks have started a lawsuit against Target’s data security vendor Trustwave, along with Target itself Monday in Chicago federal court.  There are already over 90 lawsuits commenced by consumer or banks against Target, but this is the first to focus on Trustwave, which audits companies’ IT systems to ensure that they…
Continue reading...

More Credit Card Security On the Way

There has been a spike in the number of reported credit card breaches in recent days, including the most well-known of them all, Target, which led to the eventual resignation of its Chief Information Officer. Now, the California Department of Motor Vehicles has reportedly experienced a possible breach of its online payment system. It has become clear that the current security measures are insufficient to protect consumers and the corporate entities catering to the credit card consumer. In this regard, both Visa and MasterCard have…
Continue reading...

Don’t Let Love Lead to a Loss

“Better to have loved and lost than never to have loved at all.”  Alfred Lord Tennyson probably did not have computer operating systems in mind when he wrote this famous line. Come April 2014, however, those who aren’t willing to end their love affair with Windows XP may lose big. Windows XP was long the favorite operating system for companies.  However, it was also well-known for its vulnerabilities and that Microsoft actively serviced XP providing patches for these vulnerabilities.  On April 8, 2014, Microsoft…
Continue reading...