Elon Musk’s planned purchase of Twitter reignites questions of open source code security
4/29/22
By: Alexia Roney On April 25, 2022, Elon Musk sealed the deal to buy Twitter, Inc., for $44 billion. Among the changes to the platform, Musk has floated making the algorithm that prioritizes tweets “open source,” so the public could view and improve it. This generated articles in major news media over the security of…
Congress Imposes New 72-Hour Reporting Requirement for Cyber Security Incidents
3/28/22
By: David Cole and Heather Kuhn President Biden’s promise to prioritize cybersecurity this year is beginning to take shape. On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (“Cyber Incident Reporting Act”). Under the new law, certain businesses that are as “covered entities” and which are considered…
Russia-Ukraine conflict raises cyber risks for U.S. enterprises
3/1/22
Cybersecurity—which is under constant attack from an unsavory mix of international state actors, paramilitaries, and organized crime—is never that far removed from geopolitics. So when a nation-state like Russia—hardly an unknown in the annals of cybercrime—physically invades another country, there is little doubt the conflict will spill into the cyber world. And while the fighting…
$3.6 billion in cryptocurrency has been recovered… so what now?
2/22/22
By: Julia Bover On February 8, 2022, the Department of Justice (“DOJ”) successfully seized over $3.6B in stolen cryptocurrency linked to a 2016 hack of Bitfinex, a virtual currency exchange platform. The Bitfinex hack was one of the biggest digital currency compromises since cryptocurrency’s inception in 2009. Hackers were able to capitalize on a vulnerability…
The preservation of appellate rights is critical to any trial
2/15/22
By: Patrick Cosgrove, Esq. In a rare trade secret appeal involving two competitors in the alcohol sale software business, the United States Court of Appeals for the Eleventh Circuit provided a not-so-subtle reminder to all attorneys that correctly preserving appellate rights is a critical component of any trial. In the case, Financial Information Technologies, LLC…
2022 International Data Privacy Day: Top Ways to Prepare Your Organization for Data Security and Privacy in the New Year
1/28/22
By: David Cole, Nick Jajko and Heather Kuhn Each year on January 28th, the International Association of Privacy Professionals (IAPP) celebrates International Data Privacy Day. It was a day created to establish awareness about the importance of respecting privacy, safeguarding data, and enabling trust. It is also a good opportunity for organizations to review their…
The human resources impact of the Kronos ransomware attack
1/11/22
By: Chenee Castruita The unique combination of COVID-19 and a drastic decrease in the workforce found more workers putting in overtime this holiday season. Unfortunately, millions of workers last month experienced a delay not only in their packages, but in their pay as well. Kronos (Ultimate Kronos Group) provides human resource management services such as…
FTC expands data security requirements for financial institutions with an update to the Gramm-Leach-Bliley Safeguards Rule
1/10/22
By: Kirsten Patzer and Courtney Mazzio On October 27, 2021, the Federal Trade Commission (“FTC”) announced an update to the rules implemented by the Gramm-Leach-Bliley Act expanding the definition of “financial institutions” under the Financial Privacy Rule and requiring these institutions to enact specific measures to protect their customers’ nonpublic personal information under the accompanying…
Economic loss doctrine bars medical device company’s negligence claim against IT vendor arising out of personal health information data breach
12/9/21
By: William E. Gildea In Zoll Medical Corp. v. Barracuda Networks, Inc., et al, United States District Court, District of Massachusetts Civil Action No. 20-11997-NMG, (D. Mass. Sept. 21, 2021) (Gorton, J) (“Zoll”), Plaintiff Zoll Medical Corp. (“Zoll Medical”) sued a third-party IT vendor over a data breach that exposed protected health information (“PHI”). Zoll Medical did not directly contract with the third-party IT vendor. The District Court of Massachusetts granted the Defendants’ motion…
Connecticut joins states offering businesses a “Safe Harbor” against data breach lawsuits
11/23/21
By: Barry Miller Connecticut has become the third state to pass a “Safe Harbor” statute offering protection to businesses who face civil lawsuits based on data breaches. The Connecticut statute, which took effect in October, encourages businesses to adopt one of six cybersecurity frameworks, including three standards published by the National Institute of Standards and Technology (NIST). It also protects…
In a first, U.S. Treasury Department sanctions virtual currency exchange
9/28/21
By: Ben N. Dunlap, Esq. The U.S. Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) on September 21, 2021, for the first time issued sanctions against a virtual currency exchange, SUEX OTC, S.R.O. (SUEX), for its role in facilitating financial transactions for ransomware actors. The move by OFAC blocks SUEX’s property in the U.S. and makes SUEX and anyone engaging in transactions with SUEX potentially subject…
U.S. to buckle down on crypto payments in ransom cyberattacks- A push against a booming criminal industry
9/21/21
By: Julia Bover The Wall Street Journal reported last week that the Biden administration is “preparing an array of actions” to combat the ransomware epidemic by targeting the digital currency market as early as this week. Sanctions on cryptocurrency were discussed as being imminent, but the Treasury Department declined to comment for the story, leaving many to…