On May 11, 2017 President Donald Trump signed an executive order to bolster the government's cybersecurity and protect critical infrastructure from cyber-attacks, marking his first significant action to address what he had previously called a top priority.
Victims of a ransomware attack may now have alternatives to paying the ransom to a cyber-criminal as a result of the No More Ransom project. Recognizing the enormous amount of harm that ransomware creates for the enterprise, No More Ransom was started by Europol, the Dutch National Police, Intel Security, and Kaspersky Lab to help ransomware victims unlock their data without paying any money.
The average American consumer has become accustomed to, and even relies upon, receiving their tax refund during this time of the year. Unfortunately, so have hackers, who use tax refund season as an opportunity to obtain data and, of course, cash from unsuspecting victims.
Not surprisingly, based on a recent survey performed by CyberScout, about six out of every ten people stated that they were not worried about tax fraud. It is tough to reconcile the findings of CyberScout’s survey with data obtained by the IRS, which estimated that it stopped more than $4 billion in refunds that were claimed by scammers on 787,000 tax returns. Clearly, this is a bigger problem than most people realize.
The United States District Court for the Northern District of Georgia was recently tasked with determining whether a shareholder derivative action against Home Depot, challenging the adequacy of the company’s cyber security strategy, should be dismissed. The action was filed on the heels of a 2014 data breach in which over 56 million customers’ personal information was stolen by unknown hackers. Prior to the hacking, Home Depot broke up the committee responsible for IT oversight, forming the basis for the shareholders’ actions.
Recognizing that cybercriminals have sought to exploit technological vulnerabilities to gain access to sensitive electronic data, the New York State Department of Financial Services (“DFS”) has proposed new rules regarding cybersecurity requirements for financial services companies (Proposed 23 NYCRR 500). The proposed rules have been given an effective date of January 1, 2017. However, covered entities, as defined below, will have 180 days from that day to comply with all of the requirements.
According to a statement this past Thursday, WikiLeaks published more than 200,000 internal Sony Pictures Entertainment documents and e-mails in connection with the data breach incident involving Sony Corp.’s Hollywood studio late last year. The release included 30,287 documents and 173,132 e-mails, sent from or received by more than 2,200 Sony Pictures e-mail addresses. The material is searchable, giving legions of journalists and Sony competitors access to the information that was quickly taken down after it was first posted by hackers.
The Federal Communications Commission (FCC) reached a $25 million settlement with AT&T for failing to protect the privacy, personal information and social security numbers of its customers. According to the FCC’s complaint, AT&T employees actively stole this information from an estimated 300,000 people at call centers working in Mexico, Colombia and the Philippines.
On March 19, 2015, Target and the class of consumer plaintiffs which sued following the December 13, 2013 data breach filed a motion seeking approval of their settlement. Among other things, the settlement calls for Target to create a $10 million settlement fund from which class members who prove documented losses would be made reimbursed. Class representatives would receive an award for their “service” to the plaintiff class, and the balance distributed to class members who submit a “self-certification” claim.
Target also agreed to certain non-monetary measures, including:
In a recent decision from the United States District Court for the Western District of Pennsylvania, the Court found a that bank who made a voluntary reimbursement to its client for an unauthorized wire transfer, pursuant to state statute, should not have their policy disclaimed on this basis.