Cyber Attack

Subscribe to Cyber Attack

On June 24, 2022, the New York State Department of Financial Services announced it had entered into a $5 million settlement with Carnival Corp., the world’s largest cruise-ship operator, for violations of the Cybersecurity Regulation in connection with four cybersecurity events between 2019 and 2021, including two ransomware events.
Continue Reading NYDFS Imposes Fine of $5 Million on Carnival for Cybersecurity Breaches

On March 15, 2022, the FTC announced a proposed settlement with custom merchandise platform CafePress in connection with the company’s alleged failure to implement reasonable security measures, and its alleged attempt to cover up a 2019 data breach.
Continue Reading FTC Announces Proposed Settlement with CafePress over Alleged Data Breach Cover Up

The New York Office of the Attorney General recently announced the results of an investigation into “credential stuffing,” which uncovered 1.1 million compromised accounts from cyberattacks on 17 well-known companies. The announcement included a “Business Guide for Credential Stuffing Attacks,” detailing the attacks and providing tips for businesses to protect themselves.
Continue Reading New York Attorney General Announces 1.1 Million Accounts Compromised in Credential Stuffing Attacks

Earlier this month, the New Jersey Acting Attorney General Andrew Bruck announced that its Division of Consumer Affairs had reached a $425,000 settlement with three New Jersey-based providers of cancer care over alleged failures to adequately safeguard patient data.
Continue Reading NJ Acting Attorney General Announces $425,000 Fine to Settle Breach Investigation

On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.”
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies

On October 12, 2021, New Jersey Acting Attorney General Andrew J. Bruck and the Division of Consumer Affairs announced a settlement with Diamond Institute for Infertility and Menopause, LLC over a data breach that compromised the personal information of 14,663 patients, including 11,071 New Jersey residents. The Division of Consumer Affairs alleged that the fertility clinic violated the New Jersey Consumer Fraud Act and the federal HIPAA’s Privacy and Security Rules by removing protected health information safeguards.
Continue Reading New Jersey Acting Attorney General Announces Data Breach Settlement with Fertility Clinic

On September 22, 2021, Secretary of Homeland Security Alejandro N. Mayorkas and Secretary of Commerce Gina Raimondo released a joint statement on the Department of Homeland Security’s issuance of preliminary Critical Infrastructure Control Systems Cybersecurity Performance Goals and Objectives. The Preliminary Goals identify nine overarching control system cybersecurity performance goals, each containing specific objectives to support the deployment and operation of secure control systems.
Continue Reading DHS Issues Cybersecurity Guidance for Critical Infrastructure Firms

On September 21, 2021, the U.S. Department of the Treasury’s Office of Foreign Assets Control issued an Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments on the sanctions risks associated with facilitating ransomware payments. OFAC, with assistance from the FBI, also designated SUEX OTC, S.R.O., as a malicious cyber actor, the first such sanctions designation against a virtual currency exchange.
Continue Reading OFAC Again Says Beware of Sanctions When Making Ransomware Payments and Designates Virtual Currency Exchange as Malicious Cyber Actor