Companies that experience a cyber breach face several immediate and difficult challenges: quickly getting a handle on the scope of the breach, making sure that the intruder is out of their system, remediating any vulnerability, assessing what data was accessed (if any), deciding whether to reach out to law enforcement, determining whether any mandatory notification obligations have been triggered, and weighing whether to make any voluntary notification to regulators, customers, investors, etc. One thing companies … Continue Reading
Appleby, a multi-national law firm known for its tax planning services, is the latest law firm to suffer a major cyber breach in an event that has been dubbed the “Paradise Papers.” This breach mirrors the Panama Papers leak from two years ago, which exposed millions of documents from the Mossack Fonseca law firm.
Appleby, like Mossack Fonseca, is known for its high-net-worth clients and its use of offshore entities to assist them in tax … Continue Reading
The National Association of Insurance Commissioners (“NAIC”) has signaled that insurance regulators may be the first government agencies to adopt the framework for cybersecurity regulation that was recently set out in the New York Department of Financial Services (“NYDFS”) cybersecurity rules, which went into effect on August 28, 2017.
The Cybersecurity (EX) Working Group and the Innovation and Technology (EX) Task Force of NAIC approved the Insurance Data Security Model Law (“Model Law”) in August … Continue Reading
Earlier this month, HBO disclosed that it is the latest victim of cyber breach extortion, which involves criminals hacking into a company’s computer system, extracting sensitive information (e.g., emails of executives) or valuable intellectual property (e.g., unreleased television scripts or episodes), and then threatening to make the information public if a ransom is not paid, usually in Bitcoin. In the HBO case, the hackers claim that this is their 17th target and that all … Continue Reading
Three recent cybersecurity events highlight the need for companies to review their access controls to limit who has administrator privileges and how long those elevated privileges last.
First, this week, computer malware that has variously been called PetyaWrap, WannaCry2, GoldenEye and NotPetya began spreading in dozens of countries, encrypting computers and informing users that they could unlock their machines by paying a $300 ransom. Although the malware first appeared to function as ransomware, it now … Continue Reading