Cybersecurity

DOJ Will Use False Claims Act to Target Cybersecurity Fraud

On October 6, Deputy Attorney General Lisa Monaco announced the launch of the US Department of Justice’s (DOJ) Civil Cyber-Fraud Initiative. The DOJ will utilize the False Claims Act (FCA) to pursue cybersecurity related fraud by government contractors and grant recipients.  The False Claims Act was enacted during the Civil War to stamp out fraud…
Read More
Ransomware

Senate Introduces Ransomware Notification Mandate 

The US Senate has introduced a bill that would require businesses with more than 50 employees to report ransomware payments within 24 hours.  (S. 2666), the “Sanction and Stop Ransomware Act of 2021,” was introduced by the Senate Homeland Security Committee and Governmental Affairs Committee and also would apply to nonprofits, state and local government…
Read More
Breach

Attorney-Client Privilege in the Age of Cyber Breaches

Investigations and forensic reports relating to a cybersecurity breach may not always be protected by the attorney-client privilege or work product protection.  Companies seeking such reports after a data breach must take caution to protect them from a possible waiver of privilege in the event of subsequent litigation relating to a data breach. The following…
Read More
Ransomware

New Ransomware Guidance Issued

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) issued new ransomware guidance, discouraging companies and citizens from paying ransoms. The Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments is the latest step taken by the Biden Administration to curb the increase in ransomware attacks. In…
Read More
Data Security

The Impact of Data Security Incident Trends on Commercial Transactions

The 2021 edition of BakerHostetler’s annual Data Security Incident Response Report – a report based on the firm’s experience with data security incident response and litigation over the past year – features a number of important insights previously covered on this blog including trends in global breach notification, healthcare industry risks and ransomware. The Report is a helpful tool for companies…
Read More
Cybersecurity

How Cybersecurity Frameworks Can Protect Your Organization (Even in the Event of a Breach)

It’s certainly no secret how damaging data breaches can be for organizations today. And if lost revenue and a tarnished reputation aren’t enough to make you want to act, your organization could face punitive damages if you fail to protect your customers’ private information. Yes, that’s right—steep fines imposed by regulatory agencies can await those…
Read More
SEC

SEC Doubles Down on Safeguards Rule Enforcement

The Securities and Exchange Commission issued sanctions against three financial services companies last week. The sanctions came in response to a series of email-takeover attacks in which Personally Identifiable Information (PII) was exposed.  In each case, the SEC found that the firms failed to implement proper cybersecurity measures against breaches. Each firm was found responsible…
Read More
Cybersecurity

Infrastructure Bill Allocates Nearly $2 Billion to Cybersecurity 

On Tuesday, the U.S. Senate approved a $1 trillion infrastructure package, which it has passed along to the House for approval. The package includes a variety of bills that allocate spending toward critical infrastructure, including roads, railways, bridges, electric vehicles, and telecom companies. The package also allocates more than $1.9 billion toward cybersecurity. The move…
Read More

2020 News in Review

Week Ending December 28  ICO Warns SolarWinds Victims to Report Breaches  The United Kingdom’s Information Commissioner’s Office (ICO) has issued a warning to organizations compromised by the SolarWinds breach. The breach, which was carried out by Russian hackers, affected more than 18000 organizations worldwide. ICO requires UK data controllers subject to NIS regulations to report…
Read More

What We Can Learn From the SolarWinds Breach

SolarWinds, a network management software company, found itself the direct victim of an insidious malware breach last week that had been in the works for months. The hack involved the installation of malware onto an updated version of their software, which was downloaded by over 18,000 customers, including approximately 421 Fortune 500 companies–and large swaths…
Read More
Back To Top