The U.S. Department of Justice (the “DOJ”) has unsealed an indictment accusing nine Iranian nationals of engaging in a “massive and brazen cyber assault” against at least 176 universities, 47 private companies and 7 government agencies and non-governmental organizations, including the Federal Energy Regulatory Commission (“FERC”). According to the DOJ, the nationals worked for Mabna Institute, an Iranian-based company, as “hackers for hire,” stealing login credentials and other sensitive information to sell within Iran and for the benefit of the Iranian government. Continue Reading DOJ Accuses Iranian Nationals of “Brazen Cyber Assault” on Universities and Government Agencies

On February 5, 2018, the Federal Trade Commission (“FTC”) announced its most recent Children’s Online Privacy Protection Act (“COPPA”) case against Explore Talent, an online service marketed to aspiring actors and models. According to the FTC’s complaint, Explore Talent provided a free platform for consumers to find information about upcoming auditions, casting calls and other opportunities. The company also offered a monthly fee-based “pro” service that promised to provide consumers with access to specific opportunities. Users who registered online were asked to input a host of personal information including full name, email, telephone number, mailing address and photo; they also were asked to provide their eye color, hair color, body type, measurements, gender, ethnicity, age range and birth date. Continue Reading FTC Brings Its Thirtieth COPPA Case, Against Online Talent Agency

Recently, the FTC and FCC announced their intent to enter into a Memorandum of Understanding (“MOU”) under which the agencies would coordinate their efforts following the adoption of the Restoring Internet Freedom Order (the “Order”). As we previously reported, if adopted, the Order would repeal the rules put in place by the FCC in 2015 that prohibit high-speed internet service providers (“ISPs”) from stopping or slowing down the delivery of websites and from charging customers extra fees for high-quality streaming and other services.  Continue Reading FTC and FCC Announce Cooperation on Repeal of Net Neutrality Rules

Recently, FCC Chairman Ajit Pai released a draft of the Restoring Internet Freedom Order (the “Order”). If adopted, the Order would repeal the rules put in place by the FCC in 2015 that prohibit high-speed internet service providers (“ISPs”) from stopping or slowing down the delivery of websites and from charging customers extra fees for high-quality streaming and other services. Continue Reading FCC Releases Plan to Repeal Net Neutrality Rules

On November 8, 2017, Sears Holding Management Corporation (“Sears”) requested that the FTC reopen and modify a 2009 Commission Order (the “Order”) settling charges that Sears inadequately disclosed the scope of consumer data collected through the company’s software application. The initial FTC complaint alleged that Sears represented to consumers that its downloadable software application would track users’ “online browsing,” but in fact tracked nearly all of the users’ Internet behavior. Sears petitioned the FTC to modify the Order’s definition of “tracking system,” which the company contends is overbroad and impracticable. The FTC is seeking public comment on Sears’ petition, which it will receive until December 8, 2017.

On October 23, 2017, the Federal Trade Commission issued a policy enforcement statement providing additional guidance on the applicability of the Children’s Online Privacy Protection Rule (“COPPA Rule”) to the collection of children’s audio voice recordings. The FTC previously updated the COPPA Rule in 2013, adding voice recordings to the definition of personal information, which led to questions about how the COPPA Rule would be enforced against organizations who collect a child’s voice recording for the sole purpose of issuing a command or request.

Continue Reading FTC Issues Policy Statement on COPPA and Voice Recordings

On September 29, 2017, Samanage USA, Inc. (“Samanage”), a North Carolina-based technology company that provided cloud-based IT support services as a subcontractor for Vermont’s health care exchange (“Vermont Health Connect”), agreed to a $264,000 settlement with the Vermont Attorney General in relation to a breach that exposed the Social Security numbers of 660 Vermont Health Connect users.

Continue Reading Samanage USA, Inc. Agrees to Pay to Settle Vermont AG’s Data Security Investigation

On August 11, 2017, the FTC published the fourth blog post in its “Stick with Security” series. As we previously reported, the FTC will publish an entry every Friday for the next few months focusing on each of the 10 principles outlined in its Start with Security Guide for Businesses. This week’s post, entitled Stick with Security: Require secure passwords and authentication, examines five effective security measures companies can take to safeguard their computer networks.

Continue Reading FTC Posts Fourth Blog in Its “Stick with Security” Series

On May 12, 2017, a massive ransomware attack began affecting tens of thousands of computer systems in over 100 countries. The ransomware, known as “WannaCry,” leverages a Windows vulnerability and encrypts files on infected systems and demands payment for their release. If payment is not received within a specified time frame, the ransomware automatically deletes the files. A wide range of industries have been impacted by the attack, including businesses, hospitals, utilities and government entities around the world. Continue Reading Global Ransomware Attacks Raise Key Legal Considerations

On April 3, 2017, President Trump signed a bill which nullifies the Broadband Consumer Privacy Rules (the “Rules”) promulgated by the FCC in October 2016. The Rules largely had not yet taken effect. In a statement, FCC Chairman Ajit Pai praised the elimination of the Rules, noting that, “in order to deliver that consistent and comprehensive protection, the Federal Communications Commission will be working with the Federal Trade Commission to restore the FTC’s authority to police Internet service providers’ privacy practices.”