Insights Search

Two weeks ago, the Department of Justice (“DOJ”) announced two significant enforcement actions and shut down NetWalker and Emotet, powerful tools that had been used by alleged criminal networks engaging in widespread ransomware extortion schemes.

On November 9, 2020, the U.S. Federal Trade Commission (“FTC”) announced a proposed settlement with Zoom Video Communications, Inc. (“Zoom”), a video conferencing provider, to resolve claims that Zoom deceived users about the extent and nature of its software’s encryption and secretly installed software that circumvented a browser security safeguard.

In 2019, the Federal Bureau of Investigation (“FBI”) estimated that business email compromises, often carried out via email scams that trick businesses into making wire payments, have caused an estimated $1.7 billion in losses for businesses that fell victim to these schemes, which amounts to the highest out-of-pocket losses incurred from any class of cybercrime.^[1]

On September 29, 2020, the Department of Defense (“DoD”) issued an Interim Rule to supplement its Cybersecurity Maturity Model Certification (“CMMC”) program with a DoD Assessment Methodology.

On October 1, 2020, the Office of Foreign Assets Control (“OFAC”) issued guidance warning of potential sanctions risks for making ransomware payments related to malicious cybersecurity incidents.  The same day, the Financial Crimes Enforcement Network (“FinCEN”) issued an advisory related to the role of financial institutions in processing ransomware payments.

In June 2019, U.S. Customs and Border Protection (“CBP”) suspended a government contractor, Perceptics, LLC, after it suffered a highly publicized cyberattack that resulted in a breach of sensitive data collected from Government surveillance equipment used along the U.S. border.

General Counsel and in-house legal departments have long struggled with articulating the risk of and determining the appropriate response to breaches of the company network and the potential exposure of confidential information about employees and third parties. It’s rarely a simple question.

A recent order by a federal court in Virginia rejected arguments that a cybersecurity consultant’s data breach report, which had been prepared at the direction of outside legal counsel, qualified for work product protection.

When a person who is authorized to access information on a computer for certain purposes accesses the information for another, improper purpose, does that amount to a federal crime?

For the period between January and June 2019, Facebook received 128,617 requests for user data from various government entities—16% above the 110,634 requests in the period between July and December…

The United States and the United Kingdom recently entered the first ever CLOUD Act Agreement , which aims to streamline the process by which either government can collect electronic evidence located…