On July 16, 2019, the U.S. Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) issued an “Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes” (the “Advisory”). The Advisory provides a detailed and helpful overview of trends in Business Email Compromise (“BEC”) schemes affecting U.S. financial institutions and other businesses.
Category: Cybersecurity
Texas Amends State Breach Notification Law and Creates Advisor Council to Study Privacy Laws
Businesses in Texas that own or license computerized data will expect a shortened data breach notification deadline for any breach of sensitive personal information after January 1, 2020. Meanwhile, reporting to state attorney general (“AG”) will become mandatory if more than 250 Texans are involved in a single data breach.
Further Expansion of Data Security Requirements in FTC Order with LightYear Dealer Technologies
The FTC has entered into a settlement with LightYear Dealer Technologies, doing business as DealerBuilt, a technology company that develops and sells dealer management system (DMS) software and data processing services to automotive dealerships nationwide. The settlement resolves allegations that DealerBuilt engaged in a number of unreasonable data security practices. The DealerBuilt’s DMS software tracks, manages, and stores information related to all aspects of a dealership’s business, including sales, finance, inventory, accounting, payroll, and parts and service and collects and maintains personal and competitively sensitive information about consumers and employees.
Oregon Amends Data Breach Notification Law to Apply to Vendors
On May 24, 2019, Oregon Governor Kate Brown signed into law Senate Bill 684, which requires vendors, service providers and other entities that maintain or possess consumers’ personal information to notify consumers of a security breach.
Continue reading “Oregon Amends Data Breach Notification Law to Apply to Vendors”
As Cyberattacks Rise, U.S. Business Readiness Falls
Two recent reports reflect that cyberattacks and resulting data breaches continue to threaten U.S. companies and public entities. The Hiscox Cyber Readiness Report (April 23, 2019), compiled from a survey of more than 1,000 U.S. cybersecurity professionals at private companies and public-sector entities with 50 to 1,000+ employees, found that 53% of firms reported at least one cyberattack – up from 38% in 2018. Interestingly, only 11% of U.S. firms qualified as experts based on their cybersecurity preparedness and responses – down from 26% in last year’s survey; 16% of firms ranked as intermediate, and the remaining 73% ranked as novice. These statistics reflect a continuing need for public- and private-sector emphasis on cybersecurity preparedness and incident response.
Continue reading “As Cyberattacks Rise, U.S. Business Readiness Falls”
FBI Releases 2018 Internet Crime Report
On April 22, 2019, the FBI’s Internet Crime Complaint Center (“IC3”) released its Internet Crime Report (the “Report”) for 2018. IC3 issues the Report annually as a means to highlight data and identify key trends about Internet crimes.