On April 9, 2021, the First-Tier Tribunal of the General Regulatory Chamber stayed proceedings in Ticketmaster UK Limited’s (“Ticketmaster’s”) appeal against a fine issued by the UK Information Commissioner’s Office (“ICO”) until 28 days after a judgment in civil litigation brought by 795 customers against Ticketmaster. The group action, which relates to the breach for which Ticketmaster was fined by the ICO, is currently before the High Court in England. As a result of the stay in proceedings, the appeal likely will not be heard before the Tribunal until mid to late 2023.
Continue Reading Ticketmaster Appeal of ICO Fine Stayed by UK Tribunal Until 2023
Cyber Attack
NYDFS Settles with Mortgage Company for Data Breach
Posted on
The New York Department of Financial Services recently announced it had entered into a settlement with Residential Mortgage Services, Inc. related to allegations that the company violated the NYDFS Cybersecurity Regulation in connection with a 2019 data breach. …
Continue Reading NYDFS Settles with Mortgage Company for Data Breach
New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
Posted on
The New York Department of Financial Services, which regulates the business of insurance in New York, has issued guidelines, in the Insurance Circular Letter No. 2 (2021) regarding “Cyber Insurance Risk Framework”, calling on insurers to take more stringent measures in underwriting cyber risks. In the Guidelines, NYDFS cites the 2020 SolarWinds attack as an example of how managing growing cyber risk is “an urgent challenge for insurers.”…
Continue Reading New York Regulators Call on Insurers to Strengthen the Cyber Underwriting Process
NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
Posted on
The New York Department of Financial Services has issued a Cyber Fraud Alert to regulated entities in light of a growing campaign to steal Nonpublic Information, as defined under New York law, from public-facing websites that provide instant quotes for products like auto insurance.…
Continue Reading NY Department of Financial Services Issues Cyber Fraud Alert to Regulated Entities Using Instant Quote Websites
CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
Posted on
On January 27, 2021, the French Data Protection Authority announced that it imposed a fine of 150,000 Euros on a data controller, and a fine of 75,000 Euros on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website of the data controller. The CNIL decided not to make its decisions public, thereby not disclosing the name of the companies sanctioned.…
Continue Reading CNIL Fines a Data Controller and Its Processor 225,000 Euros for Security Violation in Connection with Credential Stuffing
ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures
Posted on
On November 13, 2020, the UK Information Commissioner’s Office fined Ticketmaster UK Limited £1.25 million for failing to keep its customers’ personal data secure.…
Continue Reading ICO Fines Ticketmaster 1.25 Million Pounds for Security Failures