Lewis Roca Blog

The Arizona Court of Appeals affirmed a jury verdict that imposed 100% liability on an escrow agent for a wire transfer it sent to a cybercriminal/imposter and attributed no fault to the imposter or the party whose systems were compromised by the imposter. Cybersecurity practitioners and Arizona litigators should take note of the decision and its potential implications.

In Mago v. Arizona Escrow & Financial Corp., the plaintiff (“Mago”) had contracted to purchase a Subway franchise from the prior owners (the “Sellers”). The escrow agent for the deal was Arizona Escrow (the ...

The National Credit Union Administration (NCUA) approved a final rule that will require any Federally-Insured Credit Union (FICU)—including federally chartered corporate credit unions and federally insured state-chartered corporate credit unions—to report certain cyber incidents to the NCUA as soon as possible, and no later than 72 hours, after it “reasonably believes” it has experienced a reportable incident. The rule, which adds a new subsection (c) to 12 CFR Part 748.1, goes into effect September 1, 2023.

In issuing its new rule, the NCUA attempted to closely ...

The investigation is focused on retail, travel, and food service apps that either do not honor consumer opt-out requests or do not provide the appropriate mechanisms for consumers to stop the sale of their data.

The best time to respond to a ransomware attack was yesterday, but the second-best time to start responding is today. Study after study over the past year has confirmed that having a plan in place in the event of a data breach and ransomware attack can save you and your company millions. Every employer has a fire evacuation plan and drills they run, and this is no different.

A widely reported flaw in popular software known as Log4j poses a severe cybersecurity threat to organizations around the globe, with hundreds of millions of devices at risk.

FireEye, Inc., a leading U.S. cybersecurity firm, recently disclosed that it had been hacked by a nation-state actor. The company has since revealed that the hack was likely perpetrated, in part, through an ongoing compromise of “Orion” IT monitoring and management software offered by SolarWinds Worldwide, LLC.

According to recent reports, cloud hosting and IT services provider Netgain, which bills itself as “the industry standard for secure and scalable IT-as-a-Service (ITaaS) for accounting and healthcare,” has been forced to take some of its data centers offline after suffering a recent (and potentially ongoing) ransomware attack.

Since January, the COVID-19 pandemic has altered the global economy, leading to even greater cybersecurity threats as more and more people are connecting remotely. Indeed, the FBI has reported a 300% increase in the number of daily complaints submitted to its Internet Crime Complaint Center (IC3) during the pandemic.

Cybercriminals are exploiting the vulnerability of the healthcare community affected by COVID-19, an increase in teleworking and the need by medical professionals to stay current on coronavirus information.

The California Consumer Privacy Act (“CCPA”) came into effect on January 1, 2020, significantly altering the data privacy landscape for businesses across the nation. As a result, many businesses have been waiting to finalize their compliance procedures to ensure consistency with those regulations, which are still subject to revision.

Unfortunately, cyber criminals see the chaos caused by the COVID-19 pandemic as an opportunity to send phishing emails which seem like they are delivered from the email domains associated with the Centers for Disease Control, the World Health Organization, the National Institutes of Health, state/local agencies, service providers and even company HR departments.

Ransomware—malicious software that locks or alters computer data and demands a ransom payment to unlock or restore the data—is not a new phenomenon. Recently, though, ransomware attacks have become increasingly common and increasingly sophisticated, with hackers not only locking but also stealing the data.

Wire transfer fraud is rampant. FINRA member firms and their employees must be diligent in the detection of scams and the prevention of client losses. In addition, adherence to the member firm’s wire transfer policies and procedures is important for the avoidance of losses and potential regulatory sanctions.

Cybersecurity attorneys Doug DePeppe, Hilary Wells, Bill Nelson and Ed Barkel explore why businesses must start paying attention to their 'Cyber Hygiene' on the latest episode of the Business Leaders Podcast.

The Colorado Department of Regulatory Agencies recently published a notice regarding proposed changes to the Colorado Securities Act (the “Proposal”).  This Proposal seeks to add two new rules to the Securities Act (Rule 51-4.8 and 51-4.14), each of which impose various cybersecurity requirements on broker-dealers and investment advisers, respectively.  A redline showing the proposed amendments can be […]

The Internet of Things (or “IoT”) is a hot topic in privacy circles, given its rapid expansion among everyday consumer products.  Broadly referring to Internet-connected-devices, the IoT encompasses a variety of consumer goods, such as kitchen appliances (smart ovens and refrigerators), home security, window blinds, light bulbs, and lawn care equipment.  Many personal devices are […]

The Federal Trade Commission (FTC) is the government agency primarily responsible for imposing penalties on companies that fail to protect consumer data.  It does so under Section 5 of the Federal Trade Commission Act, which prohibits “unfair and deceptive acts or practices in or affecting commerce.” This case began in 2008, when someone found a […]

As data breaches increase in profile and frequency, lawmakers are struggling to protect their citizens from cybercrime.  Within the past year, at least four states have beefed up their data security statutes to provide greater consumer protection.   According to a May 2016 summary by the National Conference of State Legislatures, more than 25 states in 2016 […]

According to a recent Federal Trade Commission (“FTC”) blog post, consumers should think twice before connecting their cell phones to a rental car.   The FTC warns that the vehicle could record all kinds of data, including your personal contacts, location, web browsing, and even your text messages. This blog post written by an FTC staff attorney […]