Since Friday, May 12, over 200,000 companies from over 150 countries have become victims of a massive cyber-attack from the ransomware variant WannaCry (also known as WCry or WanaCryptor). The attackers demanded payment of $300 in Bitcoin from each victim to restore access to files that the ransomware encrypted. The attackers stated that the price of file retrieval would elevate to $600 after a short period of time, and if the company-victim refused to pay, the files would be permanently deleted. Notably, this particular ransomware appears to have been propagated primarily due to a failure to patch a Windows software vulnerability known as EternalBlue, and potentially gave the attackers access to the files they encrypted. Organizations large and small, domestic and international, are among the victims. The WannaCry attack is a stark reminder of the need to have comprehensive information governance and incident response plans in place. Planning for such an attack can be just as important, if not more so, than the response itself, and can block the threat or mitigate the damage, disruption, and liability suffered in the event the organization is a victim of a successful attack. Implement a Written Information Security Program. Knowing how to mitigate the effects of a breach and how to respond upon notice of a breach starts with...
11th Circuit’s Stay Suggests that the FTC’s Final Order Against LabMD May Itself be “Unfair” and “Unreasonable”
As reported on this blog on September 27, 2016, the FTC issued a Final Order holding that LabMD’s data security practices were “unreasonable” and constituted an “unfair” business practice in violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), 15 U.S.C. §45(a) and (n). The findings were a clear signal of the FTC’s expanding efforts to regulate data security and to incentivize companies handling sensitive data to implement and maintain strong data security practices. On Thursday, November 10, 2016, the 11th Circuit stayed enforcement of the FTC’s Final Order pending a full hearing and final decision on LabMD’s appeal, and called into question the validity of the FTC’s conclusions as to what may constitute an actionable “privacy harm” following a data security breach.
On June 6, the Gibbons Institute of Law, Science & Technology, along with Seton Hall University School of Law, will host a timely and informative program, “Cybersecurity Insurance and Cybersecurity Risk Management.” The evening features two expert panels who will examine the developing cyber-risk insurance market. Panelists will address the potential legal liability for businesses victimized by cyber crimes, as well as the availability and scope of coverage for cyber-risk insurance policies.
Cybercrime has increased tremendously in the digital economy. “According to the American Society for Industrial Security, American businesses [are] losing $250 billion a year from intellectual property theft since the mid-1990’s.” There is a clear and growing threat of Chinese industrial espionage targeted at American companies. In a recent case, a Michigan couple was accused of stealing $40 million worth of trade secrets from General Motors and selling them to a Chinese car maker. Aside from hackers, the threat also exists within organizations from insiders. A recent study commissioned by Cisco found that “[i]n the hands of uninformed, careless, or disgruntled employees, every device that accesses the network or stores data is a potential risk to intellectual property or sensitive customer data.”
Current Cybersecurity Issues and Laws Effecting Private Sector Industries Discussed at the Fifth Annual Gibbons E-Discovery Conference
On the heels of National Cybersecurity Awareness Month in October, the second panel discussion at the Fifth Annual Gibbons E-Discovery Conference dealt with pressing issues involving cybersecurity and their effect on private industries. Moderated by Gibbons Director and senior E-Discovery Task Force member Jeffrey L. Nagel, Esq., the panel opened with a presentation by Erez Lieberman, Esq., Deputy Chief of the Economic Crimes Unit and Chief of the Computer Hacking and Intellectual Property Section, Office of the United States Attorney, District of New Jersey. Mr. Lieberman discussed several cases of high profile cybersecurity breaches in recent years and the government’s role in those cases. Mr. Lieberman identified the various types of cybercrimes affecting businesses and provided the audience with a unique understanding of the interaction and coordination between his office, the Secret Service, the Federal Bureau of Investigations, and private companies. Mr. Lieberman also addressed the effect of data breaches on the public sector and the impact of public perception on the business.
The Gibbons E-Discovery Task Force will host its fifth annual full day E-Discovery Conference for corporate counsel and information technology professionals on November 3, 2011, in the firm’s Newark, NJ office. Devoted to the latest developments in electronic discovery and corporate information management, this program will include speakers who are among the most respected names in the e-discovery field, including former United States Magistrate Judge John Hughes, e-discovery authority Michael Arkfeld, and representatives of leading corporations and e-discovery service providers. Among the Gibbons attorneys who will present and moderate panels are Task Force Chair, Mark S. Sidoti and Task Force members, Paul E. Asfendis, Melissa DeHonney, Luis J. Diaz, Phillip J. Duffy, Scott J. Etish, Jennifer A. Hradil, Jeffrey L. Nagel, and Mara E. Zazzali-Hogan.
The Gibbons Institute Presents, “Cybersecurity Law and Policy: Changing Paradigms and New Challenges” – June 8, 2011
“Cybersecurity Law and Policy: Changing Paradigms and New Challenges” is an all-day conference featuring seven break-out sessions and over 35 speakers and panelists. This seminar is part of the Cybersecurity Law Project, a collaboration between the Gibbons Institute of Law, Science & Technology at Seton Hall Law School, Rutgers School of Law-Newark, and the Bergen County Prosecutor’s Office, which promotes specialized legal training in the emerging area of cybersecurity law to law students and practicing attorneys.