If you’ve seen the news, you’re probably aware that Equifax announced last week that hackers had breached some of its website application software, potentially affecting the sensitive personal information of approximately 143,000,000 consumers.  If you believe you may be affected by the breach, or are wondering what to do about it, read below for: (A)

An Alabama man has been sentenced to spend six months in prison for illegally accessing the personal information of over fifty women. For over two years, Kevin Maldonado engaged in a hacking technique called “phishing,” creating fake email accounts impersonating email providers and requesting numerous women to change their email passwords. He was then

Today, on June 1, 2017, China’s new cybersecurity law, entitled the “Network Security Law”, goes into effect.  The law was passed in November 2016.  It now becomes legally mandatory for “network operators” and “providers of network products and services” to: (a) follow certain personal information protection obligations, including notice and consent requirements; (b) for network

Target Corporation has reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the investigation into the retailer’s 2013 data breach, officials announced on May 23, 2017. The 2013 data breach incident triggered various state consumer protection and data breach laws when hackers accessed consumer data for over 110 million

On March 10, 2017, the White House Office of Management and Budget (“OMB”) released its 2016 Federal Information Security Modernization Act (“FISMA”) Annual Report to Congress. The FISMA Report describes the current state of Federal cybersecurity. It provides Congress with information on agencies’ progress towards meeting cybersecurity goals and identifies areas that need improvement. Additionally,

In a recent announcement today, Verizon and Yahoo have announced that they are amending the existing terms of their agreement for the purchase of Yahoo’s operating business.  Under the amended terms, Verizon and Yahoo have agreed to reduce the price Verizon will pay by $350 million.  In addition, Yahoo will be responsible for 50% of

On January 10, 2017, NIST issued an update to the NIST Cybersecurity Framework (v.1.1).  After reviewing public comment and convening a workshop, NIST intends to publish a final version of this Version 1.1 in the fall of 2017.

Key updates the framework include:

  • Metrics.  A new section 4.0 on Measuring and Demonstrating Cybersecurity to

On December 28, 2016, the New York State Department of Financial Services (NYDFS) updated its proposed cybersecurity regulation to protect New York State.  The proposed regulation is effective March 1, 2017, and requires banks, insurance companies and other financial services institutions regulated by DFS to establish and maintain a cybersecurity program designed to protect

On December 19, 2016, the U.S. District Court for the District of Kansas denied a motion to dismiss, ruling that the named plaintiff for a putative class, approximately two thousand former and current employees whose personal information had been compromised as a result if a phishing attack, had alleged sufficient harm for standing under Spokeo

computer securityCourts and litigants find themselves standing on the precipice of Spokeo v. Robins, a monumental Supreme Court decision that could have potentially wide-ranging implications for data breach cases. Given the Court’s holding in Spokeo that a plaintiff must allege and prove more than just “a bare procedural violation” to satisfy the “concrete injury” component of standing’s injury-in-fact requirement, it may prove difficult for data-breach plaintiffs to survive challenges to their allegations of standing. For example, even if a consumer’s data has been stolen, a third party (such as a bank) may ultimately pay for any out-of-pocket losses (for instance, in the case of stolen credit card numbers). Thus, in the absence of any actual monetary losses, which is often the case, plaintiffs are forced to rely on allegations of an increased likelihood of fraud or identity theft. But as the initial influx of post-Spokeo cases make clear, plaintiffs must establish that their risk of future harm is more than speculative, a leap which some courts have been reluctant to take.
Continue Reading