Client Update – MS Exchange Server Mass-Hack
4/28/21
By: John Ghose
In March 2021, government and private sector sources estimated that 30,000 U.S. organizations, and 100,000 organizations worldwide, were hacked by a Chinese state-sponsored group known as Hafnium. The mass-hack exploited previously unknown “zero-day” vulnerabilities of Microsoft Exchange …
1/27/21
By: Justin Boron and Courtney Mazzio
The eye that retail businesses must thread to avoid data breach class actions just got a little narrower in Pennsylvania.
In a decision issued this month in In re Rutter’s Data Sec. Breach Litig.…
New Jersey’s Continued Push to Expand its Data Breach and Privacy Laws
7/1/20
By: Zachary Danner
Following in the steps of California and other states considering consumer privacy legislation, New Jersey’s legislators have recently introduced a number of bills that would establish specific notification requirements for the collection and use of personally identifiable …
An Arbitration Clause May Present A Defense To A Data Breach Class Action – But At What Cost?
6/10/20
By: Bill Cheney
A common defense strategy in response to data privacy and security class actions is to file a motion to compel arbitration. The arbitration forum has a number of advantages, including efficiency, speed, lower costs, expertise, and confidentiality, …
Georgia High Court to Rule on Damages Required for Data Breach Claims
9/3/19
By: Amy Bender
The Georgia Supreme Court soon will weigh in on the ongoing debate within the courts of when individuals may bring claims based on data breaches involving their personal information when they have not suffered any actual financial …
Massachusetts' Will-o'-the-WISP
4/24/19
By: Zach Moura
Massachusetts revised its data breach notification law, effective April 10, 2019, to change the minimum standards for what companies should include in a Written Information Security Plan, or WISP. Companies that experience a data breach incident must …
Bold New Changes to Massachusetts' Data Breach Notification Law
3/15/19
By: Michael Kouskoutis
Effective April 11, 2019, Massachusetts’ data breach notification law will compel notifying entities to follow several additional and unprecedented requirements when responding to a data breach.
First, the notifying entity must report to the state’s Attorney General …
A Majority of Federal Agencies Are “At Risk” For Further Data Security Incidents
6/6/18
By: Allen Sattler
The Office of Management and Budget (“OMB”) performed a cyber security risk assessment of 96 federal agencies, and it recently published its findings in the “Federal Cybersecurity Risk Determination Report and Action Plan.” The OMB reported that …
Facebook and Twitter: More Transparency for Political Ads
6/4/18
By: Amy Bender
In the wake of the alleged Russian interference with the U.S. presidential election through targeted Facebook ads, both Facebook and Twitter now have imposed conditions for political campaign advertisements. Since there currently are no legal requirements for …
Lessons Learned from the SEC’s Order in the Yahoo! Data Breach Enforcement Action
5/22/18
By: Jennifer Lee
On April 24, 2018, the SEC issued an order in the enforcement action against Altaba Inc., formerly Yahoo! Inc., and imposed a $35 million fine relating to the 2014 data breach which affected more than 500 million …
Cybersecurity in Georgia Hits a Roadblock
5/14/18
By: Ze’eva Kushner
On May 8, 2018, Georgia’s Governor Nathan Deal made a controversial decision to veto a cybersecurity bill. Issued in the wake of the massive data breach of Atlanta-based Equifax, among other data breaches across the country, the …
5/7/18
By: Robyn Flegal
Alabama has officially become the last of the 50 States to pass a data breach notification statute, which will go into effect on June 1, 2018. The Alabama Data Breach Notification Act of 2018 requires that covered …