As a strong signal that it intends to increase its focus on illicit crypto transactions, the Department of Justice (“DOJ”) announced the creation of an enforcement team, the National Cryptocurrency Enforcement Team (“NCET”), on October 6, 2021.
The Department of Justice (“DOJ”) recently announced a new Civil Cyber-Fraud Initiative (the “Initiative”) that will use the False Claim Act (“FCA”) to pursue contractors and grant recipients that knowingly (1) provide deficient cybersecurity products or services, (2) misrepresent their cybersecurity practices or protocols, or (3) violate obligations to monitor and report cybersecurity incidents and breaches.
As the onslaught of data breaches and ransomware attacks continues, state governments are grappling with ways to bolster the impact and reach of breach notification laws.
Amid high-profile cybersecurity breaches that have spurred regulatory action and encouraged compliance revamps, the Fifth Circuit recently ruled that the Insurance Company of the State of Pennsylvania (“ICSOP”) has a duty to defend Landry’s, a Houston-based hospitality chain, in a $20 million data breach litigation.
In a notable decision on June 3, 2021, the Supreme Court resolved a circuit split about the reach of the Computer Fraud and Abuse Act of 1986 (“CFAA”), a statute that allows for potential civil and criminal penalties against those who have “exceed[ed] authorized access” in obtaining and/or using information from company computer systems.
The Computer Fraud and Abuse Act (“CFAA”) was designed to stop hacking and other forms of cybercrime.
On May 27, 2021, against the backdrop of the Colonial Pipeline cybersecurity incident, the Department of Homeland Security’s Transportation Security Administration (“TSA”) announced Security Directive Pipeline-2021-01 regarding enhancements to pipeline cybersecurity (the “Directive”).
In McMorris v. Carlos Lopez & Associates, LLC, a data breach case, the Second Circuit held that plaintiffs may demonstrate standing based on a theory of “increased risk” of future identity theft or fraud following an unauthorized disclosure of their data.
On March 4, 2021, the U.S. Government Accountability Office (“GAO”) published a report titled “Weapon Systems Cybersecurity: Guidance Would Help DOD Programs Better Communicate Requirements to Contractors” (the “Report”).
Two weeks ago, the Department of Justice (“DOJ”) announced two significant enforcement actions and shut down NetWalker and Emotet, powerful tools that had been used by alleged criminal networks engaging in widespread ransomware extortion schemes.