On August 30, 2021, the Securities and Exchange Commission (SEC) sanctioned eight firms in three actions for cybersecurity failures in their policies and procedures that exposed the personal information of thousands of customers at each firm. These firms included: Cetera Advisor Networks LLC, Cetera Investment Services LLC, Cetera Financial Specialists LLC, Cetera Advisors LLC,
On May 12, 2021, President Biden issued an executive order to strengthen U.S. cybersecurity defenses. The order comes in the wake of the ransomware attack on Colonial Pipeline and numerous other cybersecurity attacks against the U.S. government and private companies over the past few years. The order proposes a wide array of changes to bolster
On October 22, 2020, the National Institute of Standards and Technology (“NIST”) published NIST Technical Note (TN) 2111, “An Empirical Study on Flow-based Botnet Attacks Prediction”. The note, authored by Mitsuhiro Hatada and Matthew Scholl of NIST’s Information Technology Laboratory, presents a method to predict botnet attacks, such as mass spam email and distributed denial-of-service
The National Security Agency (NSA) and Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint alert warning that, over recent months, hackers have been attempting to target Critical Infrastructure (CI) by exploiting Internet-accessible Operational Technology (OT) assets. The alert notes recently observed tactics from the hackers, including spear phishing and
On July 21, 2020, the New York State Department of Financial Services (NYDFS) filed charges against First American Title Insurance Company (First American) for breach of state cybersecurity regulations. Specifically, NYDFS alleges that First American exposed tens of millions of documents containing consumers’ sensitive personal information, including bank account numbers and statements, mortgage and tax
Last Friday, May 1, the White House signed an executive order prohibiting Federal Agencies and U.S. persons from acquiring, importing, transferring, or installing any bulk power system (“BPS”) equipment in which:
Note: This post was originally posted in our Southeast Financial Litigation Monitor.
Gregory C. Cook & Brandon N. Robinson
The story is becoming all too common. A merchant (or consumer) is convinced to wire money to a fraudulent account because of an incorrect belief that they are wiring the money to the real party.
According to a Bloomberg article posted earlier this morning, the U.S. Health and Human Services Department (“HHS”) suffered a cyber attack on its computer systems Sunday night. The attack appears to have been intended to slow the agency’s systems, but was unable to do so in any meaningful way. Just before midnight, the National Security
In our Southeast Financial Litigation Monitor, our own Lindsey Catlett posts about a recent opinion in Southern Independent Bank vs. Fred’s Inc., in which the Middle District of Alabama denied class certification following a data breach which allegedly affected over 2,000 financial institutions across the country. Southern Independent, a community bank located in south
On July 19, 2018, the Federal Energy Regulatory Commission (FERC) issued a final rule (Order No. 848) directing the North American Electric Reliability Corporation (NERC) to develop and submit modifications to NERC Reliability Standards related to Cyber Security Incident reporting. FERC recognized that, under the current Cyber Security Incident reporting Reliability Standard, incidents are only
