On September 9, 2022, the National Highway Traffic Safety Administration announced its publication of final Cybersecurity Best Practices for the Safety of Modern Vehicles.
Continue Reading NHTSA Publishes Final Cybersecurity Best Practices
Cybersecurity
The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
Posted on
On August 16, 2022, the Securities and Exchange Commission charged 18 individuals and entities in relation to their involvement in a fraudulent hacking scheme. …
Continue Reading The SEC Charged Several Individuals and Entities in a Fraudulent Hacking Scheme
Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Posted on
On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations. …
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
Posted on
Posted in Cybersecurity, Financial Privacy
On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
Posted on
Posted in Cybersecurity, Information Security
New York recently became the first state to require attorneys to complete at least one credit of cybersecurity, privacy and data protection training as part of their continuing legal education requirements. The new requirement will take effect July 1, 2023.
Continue Reading New York Becomes First State to Require CLE in Cybersecurity, Privacy and Data Protection
NIST Publishes New Draft Guidance on HIPAA Security Rule
Posted on
On July 21, 2022, the National Institute of Standards and Technology released an updated draft of its HIPAA Security Rule guidance. …
Continue Reading NIST Publishes New Draft Guidance on HIPAA Security Rule
T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Posted on
On July 22, 2022, T-Mobile entered into an agreement to settle a class action lawsuit stemming from its 2021 data breach. …
Continue Reading T-Mobile to Pay $500 Million to Settle Claims Related to 2021 Breach
Arizona Adds Breach Notification Obligation
Posted on
On July 22, 2022, companies are required to notify the Arizona Department of Homeland Security when they experience a data breach impacting more than 1,000 Arizona residents. …
Continue Reading Arizona Adds Breach Notification Obligation
Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms
Posted on
On July 1, 2022, amendments to Florida’s State Cybersecurity Act took effect, imposing certain ransomware reporting obligations on state agencies, counties and municipalities and prohibiting those entities from paying cyber ransoms. …
Continue Reading Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms
Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse
Posted on
On June 30, 2022, the New York Office of the Attorney General announced a $400,000 agreement with Wegmans Food Markets, Inc. in connection with a cloud storage security issue. …
Continue Reading Wegmans Agrees to Pay $400,000 Penalty After Cloud Security Lapse