On November 30, 2022, the UK government confirmed that the Network and Information Systems Regulations 2018 will be strengthened to protect essential and digital services against cyber attacks.
Continue Reading UK Cyber Laws Extended to Bring Outsourcers and Managed Service Providers into Scope to Strengthen UK’s Resilience Against Online Cyber Attacks
Cyber Attack
CISA Releases Cross-Sector Cybersecurity Performance Goals
Posted on
The Cybersecurity and Infrastructure Security Agency recently released the first iteration of the agency’s Cross-Sector Cybersecurity Performance Goals.
Continue Reading CISA Releases Cross-Sector Cybersecurity Performance Goals
TSA Issues New Railroad Cybersecurity Requirements
Posted on
Posted in Cybersecurity, Information Security
On October 18, 2022, the Transportation Security Administration issued a new cybersecurity directive requiring passenger and freight railroad carriers to create plans for responding to cybersecurity incidents. …
Continue Reading TSA Issues New Railroad Cybersecurity Requirements
UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
Posted on
On October 24, 2022, the UK Information Commissioner’s Office issued a £4.4 million fine to Interserve Group Limited for failing to keep employee personal data secure, which violates Article 5(1)(f) and Article 32 of the GDPR, during the period of March 2019 to December 2020.
Continue Reading UK Information Commissioner’s Office Fines Construction Company £4.4 Million for Breach of Security Obligations
NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
Posted on
On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations
New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach
Posted on
On October 12, 2022, New York Attorney General Letitia James announced that her office had secured a $1.9 million penalty from e-commerce retailer Zoetop, owner of SHEIN and ROMWE, following an improperly handled data breach.
Continue Reading New York Attorney General Fines E-Commerce Parent Company for Failing to Properly Handle a Data Breach
Cyber Incident Reporting for Critical Infrastructure Act
Posted on
The Cybersecurity and Infrastructure Security Agency released a Request for Information seeking public input regarding the recently passed Cyber Incident Reporting for Critical Infrastructure Act of 2022. …
Continue Reading Cyber Incident Reporting for Critical Infrastructure Act
Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Posted on
On July 26, 2022, the attorneys general of New Jersey, Pennsylvania, Delaware, Maryland, Virginia, Florida and Washington D.C. announced an $8 million multistate settlement with Wawa Inc. that resolves the states’ investigation into a 2019 data breach that compromised approximately 34 million payment cards used by consumers at Wawa stores and fueling locations. …
Continue Reading Wawa Inc. Settles Multi-State AG Breach Investigation for $8 Million
Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
Posted on
Posted in Cybersecurity, Financial Privacy
On July 29, 2022, the New York Department of Financial Services posted proposed amendments to its Cybersecurity Requirements for Financial Services Companies. This blog entry provides highlights of the amendments.
Continue Reading Proposed Amendments to NY Financial Services Cybersecurity Regulations Impose New Obligations on Large Entities, Boards of Directors and CISOs
Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms
Posted on
On July 1, 2022, amendments to Florida’s State Cybersecurity Act took effect, imposing certain ransomware reporting obligations on state agencies, counties and municipalities and prohibiting those entities from paying cyber ransoms. …
Continue Reading Florida Enacts Law Prohibiting State Agencies from Paying Cyber Ransoms