SEC Chairman Jay Clayton issued a public statement on Cybersecurity (the “Clayton Statement”) last week, disclosing a 2016 attack on the SEC’s database of corporate filings. The intrusion exploited a vulnerability in the test filing component of the EDGAR system, a document repository for disclosures from public companies and issuers, through which the intruder was […]
Digital Crimes
New York High Court Denies Facebook’s Challenge of Bulk Stored Communications Act Warrants
The Court of Appeals for the State of New York recently rejected Facebook’s appeal of its challenge to bulk search warrants issued pursuant to the Stored Communications Act (SCA) and separately challenged the warrants’ nondisclosure component. The Court affirmed the lower court’s ruling that Facebook could not appeal the rejection of its motion to quash the […]
President Obama Issues Directive on Government Cyber Incident Response
Last week, President Obama issued a new Presidential Policy Directive (PPD) establishing principles to govern the federal government’s response to cyber incidents, “whether involving government or private sector entities.” Titled “PPD-41,” the document also designates the lead federal agencies for so-called significant cyber incidents and creates an “architecture for coordinating the broader Federal Government response” […]
Department of Justice Indicts Seven Iranians for State-Sponsored Hacking
The Department of Justice has announced the indictment of seven Iranian hackers alleged to work for the Iranian government on charges stemming from a coordinated string of distributed denial of service (“DDoS”) attacks primarily against U.S. financial institutions from 2011 to 2013. One of the hackers is also charged with hacking into the supervisory control […]
DHS Establishes Information Sharing Capability and Process Required under CISA; Issues Multi-Agency Information Sharing Guidance
The Department of Homeland Security (“DHS”) has posted four documents on the US Computer Emergency Readiness Team (US-CERT) website to satisfy several requirements set forth in the Cybersecurity Information Sharing Act of 2015 (“CISA”). Details on the four documents are provided below. By way of background, CISA was passed into law on December 18, 2015 […]