On October 3, 2012, Nationwide Mutual Insurance Company and its wholly-owned subsidiary Allied Property & Casualty Insurance Company experienced a data breach when a hacker exploited a vulnerability on the companies’ web application hosting software.  This hack resulted in the compromise of the personal information of 1.27 million consumers, including social security numbers, driver’s license numbers, credit scoring information, and other data used to provide insurance quotes.

Last modified on

Few things have upended the world of cybersecurity regulation in the United States recently more than the new cybersecurity regulations issued by the New York State Department of Financial Services (“DFS”) in March of this year.  Found in 23 N.Y.C.R.R. Part 500, these new regulations are sweeping in scope and reach far beyond the financial services sector in New York, affecting entities that support that sector as well as a number of other entities that may not have thought of themselves as governed, even in part, by DFS.

Last modified on

"When this hits a health care provider or other folks who are on the first line of defense where people's health and safety are concerned, you can certainly understand that decision, but at the end of the day, you have no assurance that the very same ransomware attack isn't going to be recreated the next day and ask for even more money." 

Last modified on

In February 2017, the New York State Department of Financial Services (“DFS”) finalized a new set of cybersecurity regulations that governs New York’s banking, insurance, and financial services industries. Entities in those industries are required to develop and implement cybersecurity programs tailored to their individual risk levels. See Cybersecurity Requirements for Financial Services Companies, 23 N.Y.C.R.R.§ 500.02.

Last modified on

The Federal Communications Commission (“FCC”) adopted rules in 2016 that restricted Internet Service Providers (“ISPs”), such as Verizon, AT&T, and Comcast, from sharing sensitive data, including browsing history and location data, without consumer consent. We discussed these groundbreaking rules in our previous blog post.

Last modified on