Data Security Law Blog is the firm’s resource for the latest news, analysis, and thought leadership in the critical area of privacy and cybersecurity law.

Recent Blog Posts

  • Cyber Attacks Targeting K-12 Education Are On the Rise As remote learning continues to play a critical role in the world’s pandemic response, cybercriminals see another opportunity for exploitation.  The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) recently issued an Advisory warning of cyber-attacks to K-12 educational institutions.  The Advisory reports that in August and September, ransomware incidents targeting K-12 education reported to the MS-SAC made up 57% of all reported ransomware incidents, up from 28% reported... More
  • Ransomware as Reminder: Back to Basics of Cyber Readiness The growing threat from ransomware is forcing organizations to re-think their cyber risk mitigation strategy. As private organizations and governments look ahead to 2021 and the risks they face in an increasingly uncertain world, ransomware will no doubt rank high on any list. Ransomware attacks involve the use of malware that encrypts the victim’s computing system, rendering files and data inaccessible until a demand for payment is met, and a decryption key is provided. To continue reading Michael Buchanan and Alejandro Cruz's article... More
  • Hack of IT Service Provider May Affect Thousands of Private Businesses On December 13, the software and service provider SolarWinds announced that its Orion software platform had been the target of a sophisticated cyber-attack that may have resulted in malicious code being pushed to as many as 18,000 customers.  The SolarWinds software is used by many corporate and not-for-profit entities of all sizes to monitor the health of their IT networks.  Although the details of this breach are still unfolding, based on the information currently available, Orion users who updated... More
  • Supreme Court Hears Oral Argument in Landmark CFAA Case The United States Supreme Court heard oral argument on Monday in Van Buren v. United States, No. 19-783, a landmark case involving a key provision of the Computer Fraud and Abuse Act (“CFAA”).  At issue was whether a person who is authorized to access information on a computer for certain purposes violates CFAA if that person accesses the same information for unauthorized reasons.  The Court’s decision has the potential to resolve an important circuit split on the interpretation of CFAA... More
  • Who’s On the Other Side: OFAC Releases Guidance on Ransomware Payments and Sanctions Enforcement As we previously reported, companies across the globe increasingly have been targeted by cyber criminals during the COVID-19 pandemic.  Just last month, a major U.S. healthcare provider, United Health Services (“UHS”), suffered a ransomware attack, crippling its digital networks and forcing many UHS-owned facilities to rely on offline backups and paper charts to provide health care.  The attack on UHS is one of the latest incidents in a trend of increasing ransomware attacks, a type of cyberattack in which cyber... More
  • Government Warns of New Cyber Threats Targeting U.S. Businesses The Cybersecurity and Infrastructure Security Agency (CISA) teamed up with the Federal Bureau of Investigation (FBI) to issue a joint warning of cyber-attacks emanating from Iran and targeting U.S. federal agencies and businesses.  These hackers target vulnerabilities in virtual private networks (VPNs), which organizations use to allow remote network access.  Once the hackers gain access through a VPN, they export data, sell access to the network, and have the ability to install ransomware.  This is the latest example of criminals... More
  • Ransomware Attacks During COVID-19 As we previously described and as reflected in the rapidly increasing number of cyber-attacks since its start, the COVID-19 pandemic has triggered a shift in working practices that hackers and other bad actors are using to their advantage.  Recent studies show a 273% percent rise in large-scale data breaches in the first quarter of 2020, compared to prior-year statistics, and a 109% year-over-year increase in ransomware attacks in the United States through the first half of 2020.  This post will... More
  • Capital One to Pay $80 Million Fine for 2019 Data Security Hack As we previously reported, Capital One Financial Corporation announced in July 2019 a major data security breach when an individual gained unauthorized access to personal information about Capital One credit card customers.  According to the Office of the Comptroller of the Currency (“OCC”), which regulates large U.S. banks, Capital One has now agreed to pay an $80 million fine to resolve claims related to the incident.  Affecting more than 100 million accounts in the U.S., the hack of Capital... More
  • New York DFS Announces First Cybersecurity Enforcement Action The New York Department of Financial Services (“DFS”) recently initiated its first enforcement action against a company for violating DFS’s first-in-the-nation cybersecurity regulation.  As our readers know, we have written quite a few posts and articles about the regulation.  And as we’ve warned, with the regulation now in full effect, covered companies should expect DFS’s Cybersecurity Division to start cracking down on companies that haven’t complied.  It appears that day has come at last.  On July 22, DFS filed... More
  • The Minted Complaint: Another Case Brought Under the CCPA’s Private Right of Action Well before the California Attorney General’s power to enforce the California Consumer Privacy Act (CCPA) commenced on July 1, 2020, as we have recently reported, private plaintiffs had already jumped into the fray, suing companies like Zoom and Houseparty for alleged violations of the CCPA. We noted that if one of these private lawsuits were to survive a motion to dismiss, it could lead to a substantial increase in class action litigation under the CCPA. Another putative class action under... More