The human resources impact of the Kronos ransomware attack
1/11/22
By: Chenee Castruita The unique combination of COVID-19 and a drastic decrease in the workforce found more workers putting in overtime this holiday season. Unfortunately, millions of workers last month experienced a delay not only in their packages, but in their pay as well. Kronos (Ultimate Kronos Group) provides human resource management services such as…
1/10/22
By: Kirsten Patzer and Courtney Mazzio On October 27, 2021, the Federal Trade Commission (“FTC”) announced an update to the rules implemented by the Gramm-Leach-Bliley Act expanding the definition of “financial institutions” under the Financial Privacy Rule and requiring these institutions to enact specific measures to protect their customers’ nonpublic personal information under the accompanying…
12/9/21
By: William E. Gildea In Zoll Medical Corp. v. Barracuda Networks, Inc., et al, United States District Court, District of Massachusetts Civil Action No. 20-11997-NMG, (D. Mass. Sept. 21, 2021) (Gorton, J) (“Zoll”), Plaintiff Zoll Medical Corp. (“Zoll Medical”) sued a third-party IT vendor over a data breach that exposed protected health information (“PHI”). Zoll Medical did not directly contract with the third-party IT vendor. The District Court of Massachusetts granted the Defendants’ motion…
Connecticut joins states offering businesses a “Safe Harbor” against data breach lawsuits
11/23/21
By: Barry Miller Connecticut has become the third state to pass a “Safe Harbor” statute offering protection to businesses who face civil lawsuits based on data breaches. The Connecticut statute, which took effect in October, encourages businesses to adopt one of six cybersecurity frameworks, including three standards published by the National Institute of Standards and Technology (NIST). It also protects…
In a first, U.S. Treasury Department sanctions virtual currency exchange
9/28/21
By: Ben N. Dunlap, Esq. The U.S. Department of the Treasury’s Office of Foreign Assets Control’s (OFAC) on September 21, 2021, for the first time issued sanctions against a virtual currency exchange, SUEX OTC, S.R.O. (SUEX), for its role in facilitating financial transactions for ransomware actors. The move by OFAC blocks SUEX’s property in the U.S. and makes SUEX and anyone engaging in transactions with SUEX potentially subject…
9/21/21
By: Julia Bover The Wall Street Journal reported last week that the Biden administration is “preparing an array of actions” to combat the ransomware epidemic by targeting the digital currency market as early as this week. Sanctions on cryptocurrency were discussed as being imminent, but the Treasury Department declined to comment for the story, leaving many to…
9/16/21
By: Zachary E. Danner, Esq. Over the past several months, there have been numerous instances of significant data privacy breaches reported in the news. From Facebook, who experienced a data breach affecting over 540 million users, to Microsoft, Capital One, T-Mobile, and Volkswagon. These are all some of the largest companies in technology, communications, and transportation. …
8/9/21
By: Nicholas Jajko The crack in the foundation of Attorney Work Product and Client Communication Privilege protections for data breach forensic investigation reports was further eroded by a recent Federal district court ruling. The Magistrate Judge in a Middle District of Pennsylvania data breach class action granted Plaintiffs’ letter motion to compel an investigation report…
It’s a crowd: Colorado joins California and Virginia in passing consumer privacy legislation
8/6/21
By William W. Cheney On July 7, 2021, Colorado passed the Colorado Privacy Act (“CPA”), becoming the third state, joining California and Virginia, to enact comprehensive consumer privacy legislation. The CPA will not go into effect, however, until July 1, 2023. Moreover, Colorado Governor Jared Polis noted in signing the bill that it “will require clean-up legislation next year, and in fact, the sponsors, proponents, industry, and consumers…
7/9/21
By: Ryan Mayo Recent ransomware cyberattacks on critical infrastructure, including the devastating attack on Colonial Pipeline, have forced the federal government to immediately consider new regulations and legislation to protect American interests. As regulators and Congress move quickly, industries and businesses beyond those involved in recent critical infrastructure attacks should keep a watchful eye on…
Can an Ancient Tool From the Age of Sail Sink Cyber Criminals?
6/30/21
By: Barry Miller As early as the 13th-century, governments licensed private sailors—“Privateers”— to seize vessels belonging to enemy nations, issuing letters of marque and reprisal to ship owners and captains. Some American commentators have suggested reviving that idea in response to cyber-attacks, especially attacks backed by nation-states. A hack this spring that shut down the…
5/21/21
By: Caitlin Tubbesing On the heels of the May 7th ransomware attack on Colonial Pipeline—resulting in a temporary shutdown of its 5,5000 mile pipeline system carrying 45% of the East Coast’s fuel supply— President Biden issued an Executive Order aimed at modernizing and improving the country’s defenses against these ever-increasing and malicious cyberattacks. The Order…