Lewis Roca Blog

The National Credit Union Administration (NCUA) approved a final rule that will require any Federally-Insured Credit Union (FICU)—including federally chartered corporate credit unions and federally insured state-chartered corporate credit unions—to report certain cyber incidents to the NCUA as soon as possible, and no later than 72 hours, after it “reasonably believes” it has experienced a reportable incident. The rule, which adds a new subsection (c) to 12 CFR Part 748.1, goes into effect September 1, 2023.

In issuing its new rule, the NCUA attempted to closely ...

The investigation is focused on retail, travel, and food service apps that either do not honor consumer opt-out requests or do not provide the appropriate mechanisms for consumers to stop the sale of their data.

A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk.

After much haggling, Congress passed its second major COVID-related relief package on December 21, 2020. The $900 billion package is included in the 5,593-page Consolidated Appropriations Act of 2021, which is expected to be signed by President Trump shortly and will provide funding for the federal government between now and the end of the current fiscal year on September 30, 2021.

FireEye, Inc., a leading U.S. cybersecurity firm, recently disclosed that it had been hacked by a nation-state actor. The company has since revealed that the hack was likely perpetrated, in part, through an ongoing compromise of “Orion” IT monitoring and management software offered by SolarWinds Worldwide, LLC.

According to recent reports, cloud hosting and IT services provider Netgain, which bills itself as “the industry standard for secure and scalable IT-as-a-Service (ITaaS) for accounting and healthcare,” has been forced to take some of its data centers offline after suffering a recent (and potentially ongoing) ransomware attack.

Since January, the COVID-19 pandemic has altered the global economy, leading to even greater cybersecurity threats as more and more people are connecting remotely. Indeed, the FBI has reported a 300% increase in the number of daily complaints submitted to its Internet Crime Complaint Center (IC3) during the pandemic.

The California Consumer Privacy Act (“CCPA”) came into effect on January 1, 2020, significantly altering the data privacy landscape for businesses across the nation. As a result, many businesses have been waiting to finalize their compliance procedures to ensure consistency with those regulations, which are still subject to revision.

Ransomware—malicious software that locks or alters computer data and demands a ransom payment to unlock or restore the data—is not a new phenomenon. Recently, though, ransomware attacks have become increasingly common and increasingly sophisticated, with hackers not only locking but also stealing the data.