3rd Circuit finds data leaked on dark web “shaming” site inferred a “substantial risk” of imminent harm
9/13/22
By: Nicholas Jajko
The litigation battleground in class actions arising out of data breaches is almost always fought on Article III standing. Before any discovery is exchanged or fact depositions take place, claimants must allege they have standing to sue …
It’s Time to Makeup For Your Wrongs: California’s AG Declares First CCPA Enforcement Action Against Mega Retailer Sephora
9/1/22
By: Julia Bover
On August 24, 2022, California Attorney General Rob Bonta issued the first-ever enforcement action under the California Consumer Privacy Act (“CCPA”) against cosmetics retail chain Sephora.
The CCPA was signed into law in 2018 and went into …
Cyber insurance experiencing ‘Future Shock’
8/4/22
By: Barry M. Miller and Elisabeth Gentile
The idea of “Future Shock”—that an accelerated pace of change causes social and psychological disruptions—dates from Alvin Toffler’s 1970 book of the same name. As it copes with the mutable nature of cyber …
Elon Musk’s planned purchase of Twitter reignites questions of open source code security
4/29/22
By: Alexia Roney
On April 25, 2022, Elon Musk sealed the deal to buy Twitter, Inc., for $44 billion. Among the changes to the platform, Musk has floated making the algorithm that prioritizes tweets “open source,” so the public could …
Congress Imposes New 72-Hour Reporting Requirement for Cyber Security Incidents
3/28/22
By: David Cole and Heather Kuhn
President Biden’s promise to prioritize cybersecurity this year is beginning to take shape. On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act (“Cyber Incident Reporting Act”). …
Russia-Ukraine conflict raises cyber risks for U.S. enterprises
3/1/22
Cybersecurity—which is under constant attack from an unsavory mix of international state actors, paramilitaries, and organized crime—is never that far removed from geopolitics. So when a nation-state like Russia—hardly an unknown in the annals of cybercrime—physically invades another country, there …
$3.6 billion in cryptocurrency has been recovered… so what now?
2/22/22
By: Julia Bover
On February 8, 2022, the Department of Justice (“DOJ”) successfully seized over $3.6B in stolen cryptocurrency linked to a 2016 hack of Bitfinex, a virtual currency exchange platform. The Bitfinex hack was one of the biggest digital …
The preservation of appellate rights is critical to any trial
2/15/22
By: Patrick Cosgrove, Esq.
In a rare trade secret appeal involving two competitors in the alcohol sale software business, the United States Court of Appeals for the Eleventh Circuit provided a not-so-subtle reminder to all attorneys that correctly preserving appellate …
2022 International Data Privacy Day: Top Ways to Prepare Your Organization for Data Security and Privacy in the New Year
1/28/22
By: David Cole, Nick Jajko and Heather Kuhn
Each year on January 28th, the International Association of Privacy Professionals (IAPP) celebrates International Data Privacy Day. It was a day created to establish awareness about the importance of respecting privacy, …
The human resources impact of the Kronos ransomware attack
1/11/22
By: Chenee Castruita
The unique combination of COVID-19 and a drastic decrease in the workforce found more workers putting in overtime this holiday season. Unfortunately, millions of workers last month experienced a delay not only in their packages, but in …
FTC expands data security requirements for financial institutions with an update to the Gramm-Leach-Bliley Safeguards Rule
1/10/22
By: Kirsten Patzer and Courtney Mazzio
On October 27, 2021, the Federal Trade Commission (“FTC”) announced an update to the rules implemented by the Gramm-Leach-Bliley Act expanding the definition of “financial institutions” under the Financial Privacy Rule and requiring these …
Economic loss doctrine bars medical device company’s negligence claim against IT vendor arising out of personal health information data breach
12/9/21
By: William E. Gildea
In Zoll Medical Corp. v. Barracuda Networks, Inc., et al, United States District Court, District of Massachusetts Civil Action No. 20-11997-NMG, (D. Mass. Sept. 21, 2021) (Gorton, J) (“Zoll”), Plaintiff Zoll Medical Corp. (“Zoll Medical”) sued a third-party IT vendor over …