On January 8, 2017, the UK Information Commissioner issued an unprecedented monetary penalty of 400,000 pounds against British mobile phone retailer, The Car Phone Warehouse Limited. Following an attack on their system in 2015, the ICO found that the company had failed to take adequate steps to protect the personal data it held on its system.
Continue Reading UK ICO Issues Unprecedented Fine Against Mobile Phone Retailer for Lax Security

Recently, the Colorado Division of Securities published cybersecurity regulations for broker-dealers and investment advisers regulated by the Division. Colorado’s cybersecurity regulations follow similar regulations enacted in New York that apply to certain state-regulated financial institutions.
Continue Reading Colorado Publishes Cybersecurity Regulations for Financial Institutions

On May 22, 2017, New York Attorney General Eric T. Schneiderman announced that the AG’s office has reached a settlement with Safetech Products LLC regarding the company’s sale of insecure Bluetooth-enabled wireless doors and padlocks. This “marks the first time an Attorneys General’s Office has taken legal action against a wireless security company for failing to protect their [customers’] personal and private information.”
Continue Reading New York AG Settles with Wireless Lock Maker Over Security Flaws

Recently, Virginia passed an amendment to its data breach notification law that adds state income tax information to the types of data that require notification to the Virginia Office of the Attorney General in the event of unauthorized access and acquisition of such data.
Continue Reading Virginia Adds State Income Tax Provision to Data Breach Notification Law

On February 17, 2017, Horizon Blue Cross Blue Shield of New Jersey agreed to pay 1.1 million dollars as part of a settlement with the New Jersey Division of Consumer Affairs regarding allegations that Horizon did not adequately protect the privacy of nearly 690,000 policyholders.
Continue Reading Health Insurer Reaches Privacy Settlement with New Jersey Division of Consumer Affairs

On November 14, 2016, Lincoln Financial Securities Corp., a subsidiary of Lincoln Financial Group, entered into a settlement with the Financial Industry Regulatory Authority, requiring LFS to pay a 650,000 dollar fine and implement stronger cybersecurity protocols following a 2012 hack into its cloud-based server.
Continue Reading FINRA Fines Brokerage Firm $650,000 After Cyber Attack