Archives: Cybersecurity & Data Breach

Subscribe to Cybersecurity & Data Breach RSS Feed

The SEC Gets Hacked: What Now?

It was recently revealed that the Securities and Exchange Commission’s (“SEC”) EDGAR database, which is used by public companies to file official documents, was breached.  According to the SEC, trading off of that hacked information may have reaped millions of dollars for the hackers.  While discovering a hack is always startling for a private company, … Continue Reading

A Review of the OMB Guidelines Issued to Federal Agencies for Reporting Requirements to Congress That Redefined What Constitutes a “Major” Cybersecurity Incident

With the growing threat of cyberattacks, we thought it would be worthwhile to discuss a late 2016 change in reporting requirements for federal agencies that have suffered a data breach.  The Office of Management and Budget’s (OMB) Memorandum 17-05, issued November 4, 2016, significantly redefined what constitutes a “major” cybersecurity incident that would require federal … Continue Reading

The Remedy for the New Cyber Threat Posing Major Coverage Problems: “Fake President” E-mails

In the last few weeks, we have seen yet another widespread ransomware attack that hit nearly one hundred companies around the world.  It reminded me of a recent request from a client, made just after news broke of the WannaCry ransomware attacks, to review its insurance portfolio to confirm that it was covered for ransomware … Continue Reading

The Ninth Circuit Holds that California’s Anti-Hacking Law, Penal Code Section 502, does not Proscribe Unauthorized “Access” to a Database; Rather, the Section Prohibits Unauthorized Use, Copying, or Manipulation of Information in the Database

California’s Computer Data Access And Fraud Act, Cal. Pen. Code, § 502 (“CDAFA”) is a state law analog to the federal Computer Fraud and Abuse Act, 18 U.S.C. § 1030 et seq. (“CFAA”).  Both are aimed at fighting unauthorized intrusions into electronic data (for a primer on these statutes, see “Strategies For Businesses Protecting Electronic … Continue Reading

SEC Urges Investment Firms to Better Prepare for Ransomware Attacks

On May 17, 2017, the SEC’s Office of Compliance Inspection and Examination (“OCIE”) issued a risk alert urging broker-dealers, investment advisors and investment companies to safeguard themselves against ransomware in light of the recent global “WannaCry” ransomware attack that impacted entities in over one hundred countries, including Britain’s health system and major companies such as … Continue Reading

Settlement in Home Depot Class Action Provides Data Security Corporate Governance Framework for Companies

The latest settlement in Home Depot’s data breach litigation provides a data security framework for corporate governance that may be used by other companies as a template.  Based on claims arising from a massive data breach in 2014 involving 56 million credit cards, Home Depot Inc. recently settled both a shareholder derivative action and a class … Continue Reading

SEC Hints that Enforcement Actions on Lax Cybersecurity Might Be Coming

With the confirmation of Jay Clayton as the Chair of the Securities and Exchange Commission, comments made last month by the Acting Enforcement Director, Stephanie Avakian, regarding the importance of accurate reporting in the area of cybersecurity, and consequences of inaccurate reporting, may get lost.  At a speech last month, Ms. Avakian, on behalf of the … Continue Reading

Trump Budget Raises Questions about Approach to Cybersecurity

On Thursday, March 16, 2017, President Trump unveiled his “America First” budget blueprint.  One of the most important quandaries for those in the cybersecurity world is how the proposal to reorganize the executive branch to improve “the Federal Government’s effectiveness, efficiency, cybersecurity, and accountability” will impact our nation’s cyber defenses since overall spending in this … Continue Reading

NARUC Release of Cybersecurity Guidelines should have Utility Companies on High Alert

On January 30, 2017, the National Association of Regulatory Utility Commissioners (“NARUC”) released Version 3.0 of “Cybersecurity A Primer for State Utility Regulators.”  This cybersecurity overview is an important reminder to public utilities to be prepared for cyber threats. Then again, public utilities probably don’t need a reminder after a cybersecurity event that occurred at … Continue Reading
LexBlog