In a recent lawsuit filed this month in the United States District Court for the Southern District of New York, Delta Airlines brought suit against its website chat services provider, 7, stemming from a 2017 data breach suffered by 7 that affected approximately 800,000 of Delta’s customers. Specifically, Delta alleges in its complaint that an attacker gained access to 7’s networks and modified the source code of its chat services so that the attacker could “scrape” payment card information from customers as they used the chat feature available on Delta’s website.
Large business data breaches - like the one affecting 100 million Capital One credit card customers and applicants - remain commonplace, so much so that they are becoming accepted as the new normal in today’s climate of consumer dealings. They shouldn’t be.
Following up on our post from June 7, Governor Cuomo has now signed the SHIELD Act into law. New section 899-bb of the General Business Law, which creates substantive security obligations for all persons or businesses that own or license the defined “private information” of New Yorkers, goes into effect in 240 days, with the rest of the law taking effect within 90 days.
The Department of Defense (“DoD”) recently announced that a new cybersecurity standard and certification program for defense contractors, the Cybersecurity Capability Model Certification program (“CCMC”), is currently under development and nearly ready for deployment.
Cybersecurity law moves quickly and what may have been dead in one legislative session can come back in another to change the regulatory landscape in unexpected ways. Case in point, the NY SHIELD Act, S5575A, which passed in the New York Senate this week.