9/16/21
By: Zachary E. Danner, Esq. Over the past several months, there have been numerous instances of significant data privacy breaches reported in the news. From Facebook, who experienced a data breach affecting over 540 million users, to Microsoft, Capital One, T-Mobile, and Volkswagon. These are all some of the largest companies in technology, communications, and transportation. …
8/9/21
By: Nicholas Jajko The crack in the foundation of Attorney Work Product and Client Communication Privilege protections for data breach forensic investigation reports was further eroded by a recent Federal district court ruling. The Magistrate Judge in a Middle District of Pennsylvania data breach class action granted Plaintiffs’ letter motion to compel an investigation report…
It’s a crowd: Colorado joins California and Virginia in passing consumer privacy legislation
8/6/21
By William W. Cheney On July 7, 2021, Colorado passed the Colorado Privacy Act (“CPA”), becoming the third state, joining California and Virginia, to enact comprehensive consumer privacy legislation. The CPA will not go into effect, however, until July 1, 2023. Moreover, Colorado Governor Jared Polis noted in signing the bill that it “will require clean-up legislation next year, and in fact, the sponsors, proponents, industry, and consumers…
7/9/21
By: Ryan Mayo Recent ransomware cyberattacks on critical infrastructure, including the devastating attack on Colonial Pipeline, have forced the federal government to immediately consider new regulations and legislation to protect American interests. As regulators and Congress move quickly, industries and businesses beyond those involved in recent critical infrastructure attacks should keep a watchful eye on…
Can an Ancient Tool From the Age of Sail Sink Cyber Criminals?
6/30/21
By: Barry Miller As early as the 13th-century, governments licensed private sailors—“Privateers”— to seize vessels belonging to enemy nations, issuing letters of marque and reprisal to ship owners and captains. Some American commentators have suggested reviving that idea in response to cyber-attacks, especially attacks backed by nation-states. A hack this spring that shut down the…
5/21/21
By: Caitlin Tubbesing On the heels of the May 7th ransomware attack on Colonial Pipeline—resulting in a temporary shutdown of its 5,5000 mile pipeline system carrying 45% of the East Coast’s fuel supply— President Biden issued an Executive Order aimed at modernizing and improving the country’s defenses against these ever-increasing and malicious cyberattacks. The Order…
4/30/21
By: Kirsten Patzer In a 6-2 decision, the Supreme Court of the United States(the “Court”) reversed the US Court of Appeals for the Federal Circuit in Google LLC v. Oracle America, Inc., holding Google’s use of Oracle’s Java Application Programming Interfaces (API) in its Android operating system was “fair use.” The Court granted Google’s certiorari…
Client Update – MS Exchange Server Mass-Hack
4/28/21
By: John Ghose In March 2021, government and private sector sources estimated that 30,000 U.S. organizations, and 100,000 organizations worldwide, were hacked by a Chinese state-sponsored group known as Hafnium. The mass-hack exploited previously unknown “zero-day” vulnerabilities of Microsoft Exchange on-premises products as far back as January 6, 2021. (You can read more about this…
Breaking – U.S. Supreme Court Narrowly Interprets TCPA Autodialer Definition
4/1/21
By: Matt Foree As we have discussed previously HERE and HERE, the Supreme Court of the United States has been considering an important Telephone Consumer Protection Act (“TCPA”) case concerning the statutory definition of “automatic telephone dialing system” (“ATDS”) in the Facebook v. Duguid case. Today, the Supreme Court issued its opinion on the matter,…
NYSDFS’s Cyber Insurance Risk Framework Responds to the “Urgent Challenge” of Managing Cyber Risk
3/16/21
By: Curt Graham New York’s Department of Financial Services (“DFS”) recently issued its Cyber Insurance Risk Framework which details seven best practices for managing cyber insurance risk. The Framework can be found here. One of the primary drivers for this guidance is the rise in the frequency of ransomware attacks, with the global cost of…
3/10/21
By: John Ghose State-sponsored hackers have accessed the Microsoft email environments of an estimated 30,000 U.S. organizations – including many small and medium-sized companies, universities, and government agencies. This hack is nearly twice the size of the recent SolarWinds hack, and immediate action is needed to determine if your organization has been compromised. Below we…
Massive Unemployment Fraud Brings Some Taxpayers Another Nasty Pandemic Surprise
3/9/21
By: Barry Miller Last spring FMG reported that the pandemic was making accountants attractive targets for hackers. Extended tax deadlines and stimulus checks keyed to tax information created the incentive for fraud. This year, Krebs on Security warns that “The Taxman Cometh for ID Theft Victims.” The issue arises from another pandemic-related issue—massive unemployment insurance…