On December 8, 2023, the California Privacy Protection Agency (CPPA) will hold a board meeting seeking public comment on various privacy regulations. The meeting, which will take place on Zoom, will cover several topics listed in its published agenda. The New CPRA Rules Subcommittee will provide an update and present on the Draft Regulations on […]
Cybersecurity
Ransomware Group, in Midst of Extortion Attempt, Files Regulatory Notice with SEC
Just a month before the Security and Exchange Commission’s (“SEC’s”) Material Cybersecurity Incidents Rule is set to take effect, a ransomware group has apparently taken compliance with reporting requirements into its own hands. On November 15, 2023, the ransomware group known as BlackCat (also known as “AlphV”) posted a notice on its leak site alleging […]
FTC Approves New Data Breach Notification Requirement for Non-Banking Financial Institutions
On October 27, 2023, the FTC approved an amendment to the Safeguards Rule (the “Amendment”) requiring that non-banking financial institutions notify the FTC in the event of a defined “Notification Event” where customer information of 500 or more individuals was subject to unauthorized acquisition. The Amendment becomes effective 180 days after publication in the […]
FBI Cautions Organizations on Dual Ransomware Attacks
The Federal Bureau of Investigation (FBI) issued a Private Industry Notification on September 27, 2023, highlighting two concerning ransomware trends and providing companies with guidance on mitigating potential threat actor activity. As of July 2023, the FBI observed multiple ransomware attacks where two attacks against the same victim involving different ransomware variants are deployed often […]
CISA and NSA Highlight Technology Gaps in New Guidance on Identity and Access Management
On October 4, 2023, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) published Identity and Access Management: Developer and Vendor Challenges, an advisory document developed by the Enduring Security Framework (ESF). The ESF is a CISA and NSA led cross-sector, public-private working group that works to address risks to U.S. National […]