SEC settles charges with 4 firms it says downplayed SolarWinds hack exposure

The agency alleged Unisys, Avaya, Check Point Software and Mimecast misled investors about the extent of their respective cyber risks.

By David Jones • Oct. 22, 2024

Where organizations invest after a data breach

Asking customers to foot the bill for data breach remediation will not prevent future data breaches or address the issues that cause costs to increase.

By Sue Poremba • Oct. 22, 2024

Majority of global CISOs want to split roles as regulatory burdens grow

Trellix research shows rising cybersecurity demands from the SEC and other government bodies are pushing CISOs even closer to the edge.

By David Jones • Oct. 15, 2024

Cybersecurity risk called a human issue, not a technical problem

Ransomware and phishing attacks are evolving and an effective cybersecurity approach requires employees to be educated about risks, a panel of experts says. 

By Justin Bachman • Oct. 2, 2024

FCC reaches $31.5M settlement with T-Mobile over rash of data breaches

The company agreed to a major change in board-level governance and will make a series of upgrades to boost its cyber resilience.

By David Jones • Oct. 1, 2024

AT&T settles a 2023 data breach for $13M. Recent incidents are much worse.

Telecom cybersecurity remains a challenge with widespread impacts. AT&T is not alone in experiencing a pattern of extensive breaches exposing customer data.

By Matt Kapko • Sept. 18, 2024

Companies lean on AI in push to curb cyber insurance costs

Half of business leaders responding to a Delinea survey said their organization was able to negotiate a lower cyber insurance rate after using AI.

By Alexei Alexis • Sept. 10, 2024

Halliburton confirms data stolen in August cyberattack

The company continues to incur expenses related to the attack, but does not expect a material impact. 

By David Jones • Sept. 3, 2024

RealPage lawsuit opens a new antitrust front for pricing algorithms

The rise of Big Data across the economy raises antitrust concerns, especially where companies are sharing sensitive proprietary data, legal experts say.

By Justin Bachman • Aug. 28, 2024

Texas sues GM for selling customer driving data

The automaker failed to tell buyers it was selling their driving data to help insurers analyze driving behavior, according to a Texas AG lawsuit.

By Justin Bachman • Aug. 14, 2024

Message alleges TikTok had actual knowledge it was violating child privacy law

The company wouldn't delete children's accounts unless parents submitted a form with information that was already in its possession, a federal lawsuit alleges.

By Robert Freedman • Aug. 5, 2024

Some companies pay ransomware attackers multiple times, survey finds

Robust cybersecurity risk management begins in the boardroom given the costs of disruption and tighter regulatory oversight.

By Justin Bachman • July 30, 2024

Judge deals major blow to SEC’s cybersecurity enforcement stance

“The decision substantially limits the SEC’s authority to challenge a company’s cybersecurity program,” attorney Mark Schonfeld said.

By Alexei Alexis • July 23, 2024

Companies turn to AI contract tools to reduce external risks

Executives often overlook the importance of shrewd third-party contracting when managing their risk profiles, according to a legal tech panel.

By Justin Bachman • July 18, 2024

Majority of SEC civil fraud case against SolarWinds dismissed, but core remains

The court ruling related to claims leading up to and immediately following the 2020 Sunburst supply chain hack.

By David Jones • July 18, 2024

Ransomware leak site posts jumped 20% in Q2

Threat groups claimed attacks on 1,237 organizations during the quarter, marking an increase from Q1. U.S.-based businesses accounted for more than half of all victims, Reliaquest found.

By Matt Kapko • July 16, 2024

Citi to pay $135.6M in new penalties over 2020 orders

The bank has made insufficient progress toward resolving nagging data quality, risk management and internal control issues, the OCC and Federal Reserve said.

By Dan Ennis • July 11, 2024

AI policy, compliance leave lawyers more skeptical than executives: survey

North America has so far adopted an “innovation-friendly” approach to AI regulations compared to countries in Europe and Asia, a report finds.

By Justin Bachman • July 10, 2024

Cyber insurance prices fall amid rising competition: report

The pricing relief comes even as cyberattacks are escalating and businesses are paying more to recover from them.

By Alexei Alexis • July 2, 2024

SEC’s $2.1M fine on RR Donnelly over hack response slammed as overreach

The agency’s assertion that a cybersecurity failure can be punished as an “internal accounting controls” violation is raising eyebrows.

By Alexei Alexis • June 25, 2024

Ransomware victims becoming less likely to pay cyberhackers

Demands jumped in 2023 even as more companies plot better defenses against attacks that can incur deep business interruption costs, a report says. 

By Justin Bachman • June 17, 2024

Chopra raises alarm on ‘financial surveillance’ at Senate hearing

“These plans to monetize sensitive financial transaction data are a reminder that the United States is slowly lurching toward more financial surveillance and even financial censorship,” CFPB Director Rohit Chopra said.

By Rajashree Chakravarty • June 13, 2024

Solution to patchwork of state data-privacy laws shows promise

By mostly preempting state laws, the American Privacy Rights Act would give companies a much-needed roadmap for compliance, privacy specialists say.

By Jessica Mach • April 12, 2024

EU lawmakers pass sweeping AI rules with global reach, stiff penalties

Penalties include up to €35 million or 7% of a company’s total worldwide annual turnover — whichever is higher — for violations of a ban on “emotion recognition” in the workplace.

By Alexei Alexis • March 13, 2024

Visa spends ‘billions’ battling cybersecurity threats

The company is using generative artificial intelligence to thwart account-to-account fraud by way of Visa services.

By Lynne Marek • March 11, 2024