NYS Attorney General has been the most active state attorney general in terms of going after entities that don’t secure data properly. The following is from her latest press release: NEW YORK – New York Attorney General Letitia James secured $450,000 from three companies that distribute eufy home security video cameras for failing to secure consumers’…
Category: Legislation
KuCoin Agrees to $297 Million Settlement Over Regulatory Breach
Jimi Aki reports: KuCoin, a major cryptocurrency exchange, has been hit with a $297 million settlement after admitting to a regulatory breach in the United States. The settlement includes a criminal fine of $112.9 million and a forfeiture of $184.5 million, and KuCoin will be required to exit the U.S. market for at least two…
Proposed Turkish Law Could Mean Prison for Reporting Data Leaks
Graham Cluley writes: The Turkish government is proposing a controversial new cybersecurity law that could make it a criminal act to report on data breaches. The new legislation proposes penalties for various cybersecurity-related offences. But the key one which has people concerned is this: “Those who carry out activities aimed at targeting institutions or individuals…
UK floats ransomware payout ban for public sector
Connor Jones reports: A total ban on ransomware payments across the public sector might actually happen after the UK government opened a consultation on how to combat the trend of criminals locking up whole systems and taxpayers footing the bill. The consultation will consider views on extending the ransom payment ban from central government departments…
New York Modifies Data Breach Law Heading Into 2025
Liisa M. Thomas and Kathryn Smith of Sheppard Mullin write: As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying notification timing. The notice modification is now in effect; the…
Minnesota schools must report cybersecurity incidents under new law
Anna Merod reports: Dive Brief: Minnesota public school districts, charter schools and colleges must now report cybersecurity incidents such as ransomware or network attacks under a newly enacted state law. The information that schools report to Minnesota will not be shared publicly, unlike with similar statewide data breach reporting requirements in California and Maine. Instead, the information will be anonymized…