Alexander Boyd and Colin H. Black of Polsinelli PC write: On February 16, 2023, the National Credit Union Administration (“NCUA”) unanimously approved a final rule that requires a federally-insured credit union to report “reportable cyber incidents” to the NCUA as soon as possible, and in no event later than 72 hours after the credit union…
Lessons From a Ransomware Attack: The Importance of Partnership & Collaboration
The following is a guest article by John Gaede, Director of Information Systems at Sky Lakes Medical Center that appeared on Healthcare IT Today. Imagine a rural business is the victim of a cyberattack. A nefarious person or group convinces an unsuspecting employee to open an email promising a bonus. Within 12 hours, every piece of technology…
UK: Meta successfully resists certification in data privacy collective action
Jennifer Reeves, Simon Day, and Cameron Firth of MacFarlanes write: In an early victory for Meta, the Competition Appeal Tribunal has refused to certify a collective claim brought on behalf of some 45 million consumers by proposed class representative Dr Liza Lovdahl Gormsen (the “PCR”). Less than three weeks after the certification hearing, the Tribunal…
Thoughts on Dubin v. United States and the Aggravated Identity Theft Statute
Law professor Orin Kerr writes: On February 27, the Supreme Court will hear argument in Dubin v. United States, a case on the Aggravated Identity Theft Statute, 18 U.S.C. § 1028A. This statute comes up often in the context of computer crimes, and its interpretation raises some interesting and important questions. So I thought I would blog…
Rehoboth McKinley Christian Health Care Services settles data breach litigation for undisclosed amount
Rehoboth Mckinley Christian Health Care Services (“RMCHCS”) in New Mexico has reportedly settled litigation stemming from a ransomware attack that DataBreaches first reported in February 2021. Although Conti ransomware threat actors had added the health care service to their leak site and leaked some patients’ protected health information as proof of claims, there was nothing…
Activision did not notify employees of data breach for months
Lorenzo Franceschi-Bicchierai reports: On December 4, hackers successfully phished an employee at the games giant Activision, gaining access to some internal employee and game data. This data breach was not disclosed until last weekend, when cybersecurity and malware research group vx-underground posted on Twitter screenshots of the stolen data, as well as the hackers’ messages on Activision’s internal Slack…