Tag Archives: data breach

A Review of the OMB Guidelines Issued to Federal Agencies for Reporting Requirements to Congress That Redefined What Constitutes a “Major” Cybersecurity Incident

With the growing threat of cyberattacks, we thought it would be worthwhile to discuss a late 2016 change in reporting requirements for federal agencies that have suffered a data breach.  The Office of Management and Budget’s (OMB) Memorandum 17-05, issued November 4, 2016, significantly redefined what constitutes a “major” cybersecurity incident that would require federal … Continue Reading

New York Department of Financial Services Delays Compliance Deadline for Cybersecurity Regulations

On October 25, the Privacy Law Report featured a blog post on new cybersecurity regulations being implemented by the New York Department of Financial Services (“DFS”).  Those regulations impose a number of requirements on financial institutions, including banks and insurance companies, such as the implementation of cybersecurity programs, the manner in which those companies handle … Continue Reading

Nossaman Hosts Annual Cybersecurity Symposium with UC Irvine

On December 1, Nossaman hosted its second annual Cybersecurity Symposium in conjunction with the University of California, Irvine School of Law.  This year’s Symposium was entitled “Cybersecurity, Data Breach, and Privacy: Examining Your Risks and Legal Issues From the Inside Out” and focused on recent developments in internal and external cybersecurity, data breach and privacy … Continue Reading

IRS Data Breach Class Action Dismissed

Last week, the Internal Revenue Service successfully defeated a putative class action related to a data breach it suffered in 2015. The D.C. District Court’s decision dismissing the suit demonstrates the high bar required to hold a federal agency accountable for lapses in cybersecurity. In Welborn v. IRS (Case No. 15-1352, D.D.C.), Plaintiffs Becky Welborn, … Continue Reading

Beazley Report Details Increase in Ransomware Attacks

A report issued last week by Beazley, one of the prominent insurance companies in the cyber field, revealed what industry experts predicted earlier in the year – ransomware is an increasingly prevalent menace.  That report is a reminder to everyone that there is no time like the present to review backup and incident response plans, … Continue Reading

New York Department of Financial Services Proposes Comprehensive Cybersecurity Regulations for Financial Institutions

In September, the New York Department of Financial Services (“DFS”) proposed new rules (“Rules”) that would require covered financial institutions – banks, insurers, and other institutions regulated by the DFS – to establish and maintain cybersecurity programs to protect consumer data and financial systems from cyberattacks. The Rules may have a very broad impact, if … Continue Reading

Breach Notification Law: Yahoo’s Breach and the Duty to Disclose

Last week, Yahoo disclosed that in 2014 it suffered one of the largest data breaches in history, with at least 500 million Yahoo accounts compromised.  Given the timing of its acquisition deal with Verizon, Yahoo has been criticized for failing to sooner notify its customers of the breach.  Reportedly, Yahoo has been aware of loss of information … Continue Reading

White House Commission on Cybersecurity Seeks Input from Stakeholders on Future of Digital Landscape

Last week, the White House Commission on Enhancing National Cybersecurity held its third of six scheduled meetings around the nation.  President Obama established the Commission by Executive Order in February 2016 with the goal of “recommending bold, actionable steps that the government, private sector, and the nation as a whole can take to bolster cybersecurity … Continue Reading
LexBlog