Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Who’s On the Other Side: OFAC Releases Guidance on Ransomware Payments and Sanctions Enforcement As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic.  Just last month, a major U.S. healthcare provider, United Health Services (“UHS”), suffered a ransomware attack, crippling its digital networks and forcing many UHS-owned facilities to rely on offline backups and paper charts to provide health care.  The attack on UHS is one of the latest incidents in a trend of increasing ransomware attacks, a type of cyberattack in which cyber... More
  • Government Warns of New Cyber Threats Targeting U.S. Businesses The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and businesses.  These hackers target vulnerabilities in virtual private networks (VPNs), which organizations use to allow remote network access.  Once the hackers gain access through a VPN, they export data, sell access to the network, and have the ability to install ransomware.  This is the latest example of criminals... More
  • Ransomware Attacks During COVID-19 As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to their advantage.  Recent studies show a 273% percent rise in large-scale data breaches in the first quarter of 2020, compared to prior-year statistics, and a 109% year-over-year increase in ransomware attacks in the United States through the first half of 2020.  This post will... More
  • Capital One to Pay $80 Million Fine for 2019 Data Security Hack As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers.  According to the Office of the Comptroller of the Currency (“OCC”), which regulates large U.S. banks, Capital One has now agreed to pay an $80 million fine to resolve claims related to the incident.  Affecting more than 100 million accounts in the U.S., the hack of Capital... More
  • New York DFS Announces First Cybersecurity Enforcement Action The New York Department of Financial Services (“DFS”) recently initiated its first enforcement action against a company for violating DFS’s first-in-the-nation cybersecurity regulation.  As our readers know, we have written quite a few posts and articles about the regulation.  And as we’ve warned, with the regulation now in full effect, covered companies should expect DFS’s Cybersecurity Division to start cracking down on companies that haven’t complied.  It appears that day has come at last.  On July 22, DFS filed... More
  • The Minted Complaint: Another Case Brought Under the CCPA’s Private Right of Action Well before the California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) commenced on July 1, 2020, as we have recently reported, private plaintiffs had already jumped into the fray, suing companies like Zoom and Houseparty for alleged violations of the CCPA. We noted that if one of these private lawsuits were to survive a motion to dismiss, it could lead to a substantial increase in class action litigation under the CCPA. Another putative class action under... More
  • MGM Resolves Las Vegas SAFETY Act Litigation After over 18 months of private mediation, MGM Resorts International has finally dismissed a series of declaratory judgment actions the company brought against victims of the Route 91 Harvest Festival shooting.  Those cases stem from the October 2017 Las Vegas shooting in which Stephen Paddock killed 58 people and wounded hundreds more from his hotel room in the Mandalay Bay hotel, owned by MGM.  That event resulted in thousands of threatened legal actions against MGM by victims of the shooting,... More
  • Magistrate Judge Finds Data Breach Investigation Report Not Privileged Last week, a magistrate judge in the Eastern District of Virginia held that a breach report prepared by Mandiant (a digital forensics investigator, among other things) in response to the Capital One data breach was not protected by the attorney work product doctrine.  First some background:  In 2019, a hacker “gained unauthorized access” to Capital One’s network.  According to the company, the event “affected approximately 100 million individuals in the United States.”  Capital One says no credit card numbers... More
  • New York State AG Probe of Zoom Results in Enhanced Cybersecurity Practices The Zoom videoconferencing platform has been a constant fixture in recent news as the coronavirus pandemic has caused businesses around the world to flock to it, exposing significant cybersecurity and privacy concerns.  These concerns drew the attention of the New York State Attorney General’s Office (“NYAG”), which initiated an investigation into the company’s cybersecurity practices in March, following a massive surge in use.  The NYAG’s investigation came to a conclusion on May 7, 2020, when it reached a settlement with... More
  • COVID-19 Cyber Risks Continue to Grow As we previously detailed, the coronavirus pandemic has expanded opportunities for nefarious actors to exploit the digital vulnerabilities of individuals, local governments, industries, organizations, and essential services as they rapidly adapt to the public health crisis. Recent reports have confirmed that attacks and cyber scams associated with the pandemic are in fact on the rise. On May 4, a new report released by Palo Alto Networks underscored the seriousness of these threats. Palo Alto reviewers searched for domain names using... More