On September 5, 2017, the FTC announced that Lenovo, Inc. agreed to settle charges that its preloaded software on some laptop computers compromised online security protections in order to deliver advertisements to consumers. … Continue Reading
On August 7, 2017, the Securities and Exchange Commission Office of Compliance Inspections and Examinations issued a Risk Alert examining the cybersecurity policies and procedures of 75 broker-dealers, investment advisers and investment companies. … Continue Reading
Amidst much anticipation, on July 25, 2017, the Securities and Exchange Commission released a Report of Investigation under Section 21(a) of the Securities Exchange Act of 1934 warning the market that "tokens" issued in ICOs may be "securities" such that the full breadth of the U.S. federal securities laws may apply to their offer and sale.… Continue Reading
On July 5, 2017, the FTC announced that Blue Global Media, LLC agreed to settle charges that it misled consumers into filling out loan applications and then sold those applications, including sensitive personal information contained therein, to other entities without verifying how consumers’ information would be used or whether it would remain secure.… Continue Reading
On May 26, 2017, Alcoa Community Federal Credit Union, on behalf of itself, credit unions, banks and other financial institutions, filed a nationwide class action against Chipotle Mexican Grill, Inc. arising from a breach of customer payment card data.… Continue Reading
Recently, the Colorado Division of Securities published cybersecurity regulations for broker-dealers and investment advisers regulated by the Division. Colorado’s cybersecurity regulations follow similar regulations enacted in New York that apply to certain state-regulated financial institutions.… Continue Reading
Earlier this month, the New York State Department of Financial Services published FAQs and key dates for its cybersecurity regulation for financial institutions that became effective on March 1, 2017.… Continue Reading
Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.… Continue Reading
On March 21, 2017, New York Attorney General Eric Schneiderman announced that the New York Office of the Attorney General received over 1,300 data breach notifications in 2016, a 60 percent increase from 2015. … Continue Reading
On March 9, 2017, AllClear ID hosted a webinar with Hunton & Williams partner Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog post provides a link to the recording and presentation materials. … Continue Reading
On March 9, 2017, Home Depot reached an agreement that includes the payment of 25 million dollars and the implementation of new data security measures to resolve a putative class action brought by financial institutions impacted by the company’s 2014 data breach.… Continue Reading
On March 9, 2017, AllClear ID will host a webinar with Hunton & Williams partner and chair of the Global Privacy and Cybersecurity practice Lisa J. Sotto on the new cybersecurity regulations from the New York State Department of Financial Services. This blog entry provides a link to register for the event.… Continue Reading
The Financial Industry Regulatory Authority recently announced that it had fined 12 financial institutions a total of 14.4 million dollars for improper storage of electronic broker-dealer and customer records. … Continue Reading
On December 28, 2016, the New York State Department of Financial Services announced an updated version of its cybersecurity regulation for financial institutions that will become effective on March 1, 2017.… Continue Reading
On December 27, 2016, the Securities and Exchange Commission announced charges against three Chinese traders who allegedly made almost $3 million in illegal profits by fraudulently trading on nonpublic information that had been hacked from two New York-based law firms.… Continue Reading
On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.… Continue Reading
Earlier this week, retailer Tesco Plc’s banking branch reported that approximately 3 million dollars had been stolen from 9,000 customer bank accounts over the weekend in what cyber experts said was the first mass hacking of accounts at a western bank. … Continue Reading
Recently, the U.S. Department of Treasury’s Financial Crimes Enforcement Network issued an advisory entitled Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime, to help financial institutions understand how to fulfill their Bank Secrecy Act obligations with regard to cyber events and cyber-enabled crime.… Continue Reading
On October 18, 2016, the United States Court of Appeals for the Fifth Circuit held in Apache Corp. v. Great American Ins. Co. that a crime protection insurance policy does not cover loss resulting from a fraudulent email directing funds to be sent electronically to the imposter’s bank account because the scheme did not constitute “computer fraud” under the policy. … Continue Reading
On October 19, 2016, the Federal Deposit Insurance Corporation, the Federal Reserve System and Office of the Comptroller of the Currency issued an advance notice of proposed rulemaking suggesting new cybersecurity regulations for banks with assets totaling more than 50 billion dollars.… Continue Reading
On October 11, 2016, Group of Seven financial leaders endorsed the Fundamental Elements of Cybersecurity for the Financial Sector, a set of non-binding best practices for banks and financial institutions to address cybersecurity threats. … Continue Reading
On August 29, 2016, the Federal Trade Commission announced that it is seeking public comment regarding the Gramm Leach Bliley Act Safeguards Rule.… Continue Reading
On April 6, 2016, the Federal Trade Commission endorsed the Organization for Economic Cooperation and Development’s updated guidelines on consumer protection in e-commerce. This blog entry provides highlights on the OECD’s new recommendations. … Continue Reading
On February 27, 2016, the Consumer Financial Protection Bureau reached a settlement with Dwolla, Inc., an online payment system company, to resolve claims that the company made false representations regarding its data security practices in violation of the Consumer Financial Protection Act. Among other things, the consent order imposes a 100,000 dollar fine on Dwolla. This marks the first data security-related fine imposed by the CFPB. … Continue Reading
