Continued Cyberattacks and New Regulations Result in Increased Risk

Continued Cyberattacks and New Regulations Result in Increased Risk

DATA BREACHES AND RANSOMWARE ATTACKS As with 2021, 2022 was a year filled with significant data breaches and widely disruptive ransomware attacks taking headlines: * In February, aviation company Swissport International suffered a ransomware attack affecting the company's information technology...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer and Internet Lawyer 2023-05, Vol.40 (5), p.6-10
Hauptverfasser: Kolodner, Jonathan S, Mukhi, Rahul, Rembar, Lilianna
Format: Artikel
Sprache:eng
Schlagworte:
Compliance
Consent
Customers
Cybercrime
Cybersecurity
Data integrity
Disclosure
Employees
Enforcement
Federal agencies
Mobile commerce
Ransomware
Regulations
Regulatory agencies
Risk assessment
Treasuries
Trend analysis
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:DATA BREACHES AND RANSOMWARE ATTACKS As with 2021, 2022 was a year filled with significant data breaches and widely disruptive ransomware attacks taking headlines: * In February, aviation company Swissport International suffered a ransomware attack affecting the company's information technology infrastructure and services. * In March, Nvidia, one of the world's largest semiconductor companies, confirmed that the company had suffered a cyberattack at the hands of the hacking group Lapsus$, which resulted in the leak of personally identifying information (PII) of more than 71,000 employees. * In April, mobile payment service Cash App disclosed to the Securities and Exchange Commission (SEC) through its parent company Block that the company had suffered a data breach affecting 8.2 million customers in December 2021. * In July, Marriot confirmed that a hacking group targeted an unsuspecting employee and successfully gained access to Marriot computer systems in June. According to the report, the Division has set out to review registrants' information security practices in order to protect critical investment information and prevent interruptions that could jeopardize businesses.4 * In September, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) published Cyber-Related Sanctions Regulations.5 While the regulations do not introduce new or change prior guidance, they amalgamate existing executive orders, laws and other regulations and reiterate the U.S. government's disapproval of making payments to bad actors in connection with cyberattacks, in particular relating to activity originating outside the United States. * In November, the Treasury Department's Financial Crimes Enforcement Network (FinCEN) issued a financial trend analysis regarding ransomware-connected Bank Secrecy Act filings occurring during the second half of 2021.6 FinCEN found that the number and dollar amounts at issue of ransomware-related, suspicious activity reports had tripled between 2020 and 2021, shifting from approximately $400 million to $1.2 billion. "9 The consent order required RHC to pay a $30 million civil penalty and hire an independent consultant for eighteen months to review and report on RHC's efforts to improve its compliance program. * In October, a federal jury convicted Uber's former chief security officer (CSO) of criminal obstruction of Federal Trade Commission (FTC) proceedings and concealment of a felony for attempting to hide Uber's 2016 data
ISSN:1531-4944