On June 7, 2023, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Joint Cybersecurity Advisory in connection with a recent zero-day (or previously undetected) vulnerability in Progress Software’s managed file transfer software (MOVEit Transfer), exploited by the CL0P ransomware group. CL0P publicly claimed responsibility for exploiting the […]
New NAIC Consumer Privacy Model Law Proposed for Insurers
The National Association of Insurance Commissioners (NAIC) Privacy Protections Working Group (the “Working Group”) released Insurance Consumer Privacy Protection Model Law #674 (“Model 674”) for comment on February 1, 2023. Model 674 is intended to modernize and replace the Insurance Information and Privacy Protection Model Act #670 (“Model 670”) and the Privacy of Consumer Financial […]
FTC Takes Action Against Ed Tech Provider for Failure to Secure Student’s Personal Information
On October 31, 2022, the Federal Trade Commission (FTC) announced it has taken action against education technology provider Chegg Inc. (“Chegg”) for its “careless” cybersecurity practices that exposed sensitive personal information of millions of its customers and employees. This action highlights the FTC’s continued efforts to aggressively protect consumer personal data. The FTC’s complaint alleges […]
Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices
On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]
SEC Settles Enforcement Actions with Broker-Dealers and Investment Advisors for Identity Protection Deficiencies
On July 27, 2022, the Securities and Exchange Commission (SEC) separately settled three enforcement actions with broker-dealers and investment advisers for alleged deficiencies relating to the prevention of customer identity theft, in violation of the SEC’s Identity Theft Red Flags Rule, or Regulation S-ID. Regulation S-ID requires registered financial institutions, broker dealers, and investment advisers […]