Tag: cybersecurity

SIM swap scams are nothing new, and are back in the news with high profile SIM swap attacks on Twitter’s CEO. Telecommunications providers such as Verizon, AT&T, T-Mobile, and Sprint have been aware for over ten years that unauthorized third parties regularly attempt to obtain access to customer subscriber accounts to gain control over a […]

How to Manage Data Breaches Under GDPR In recent weeks, we have posted about the requirements of personal data protection under Europe’s General Data Protection Regulation (GDPR) that companies must now follow. Today we will look into what a company must do in the event of a data breach under this regulation. Over the past […]

Some of the more perplexing issues in our data-driven world are the questions of data localization and export – that is, where data should be stored and how it can be moved. Up until recently, data and computer-housed information has flowed cross-border without much hindrance. In general, companies store data wherever it is convenient to […]

The Securities and Exchange Commission (“SEC”) just issued, on February 21, 2018, a new Guidance with respect to cybersecurity disclosures for publicly-held corporations. The quick takeaway is that data breaches and data breach risks are likely to be “material” for purposes of disclosure, data security should be deemed a “board level” concern, and knowledge of […]

On May 28, 2018, new data protections laws and regulations go into effect for the European Union (“EU”). See recent news report here. The new regulations are called the General Data Protection Regulation (“GDPR”). See the full GDPR here. The EU is getting serious about punishing companies that suffer data breaches. For the most serious […]

SIM swap scams are nothing new. Telecommunications providers such as Verizon, AT&T, T-Mobile, and Sprint have been aware for over ten years that unauthorized third parties regularly attempt to obtain access to customer subscriber accounts to gain control over a customer’s SIM card. Hackers Gaining Account Control By gaining control over a customer’s SIM card, […]

Businesses that engage in deceptive and unfair internet practices are subject to injunctions and large monetary damage awards under the Federal Trade Commission Act (“FTC Act”). Just as importantly, the owners and principals of businesses can be held personally liable. In the case discussed below, FTC v. Ross, the website owner was fined $163 million […]

In early September of 2017, it was reported that Equifax Inc., one of the country’s three leading credit reporting services, was subject to a cyberattack that resulted in the access by the hackers of financial and personal information of more than 143 million U.S. consumers. According to Equifax, the hacking occurred from mid-May through July […]

Healthcare computer systems harbor the most useful three pieces of personal identifying information that can be used for fraud and identity theft – names, Social Security numbers, and dates of birth. With these three pieces of important and essential personal identifying data, hackers, fraudsters and impersonators can do virtually anything they would like. Increase in […]

New Mexico recently became the 48th state in the US to adopt data breach notification laws. The new laws take effect June 16, 2017 and will apply in all situations in which a data breach occurs, i.e., an unauthorized attempt to access unencrypted or encrypted computerized data. In addition to providing governance on how personal […]