Cyberattack

Subscribe to Cyberattack RSS Feed

UK Sanctions Update: OFSI Releases Financial Services Threat Assessment – Part 2

Last month, the UK’s Office of Financial Sanctions Implementation’s (“OFSI”) published a Threat Assessment analyzing sanctions compliance involving UK financial services firms since February 2022, when Russia invaded Ukraine. In the first of our two-part article (available here), we summarized the six key areas of risk that OFSI identified in its Threat Assessment. In this … Continue Reading

UK Sanctions Update: OFSI Releases Financial Services Threat Assessment – Part 1

In February 2025, the UK’s Office of Financial Sanctions Implementation (“OFSI”) issued a report outlining its assessment of the sanctions-related threats posed to the UK by firms operating in the UK’s financial services sector.  As to be expected, the report focuses on the risks associated with transactions since February 24, 2022, when Russia invaded Ukraine … Continue Reading

DOJ’S False Claims Act Based Civil Cyber-Fraud Initiative in 2024

The start of a new year presents an opportune time to reflect on the past.  We have been tracking and reporting on the U.S. Department of Justice (“DOJ”)’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which former U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in … Continue Reading

To Disclose or Not to Disclose (and how much) – That is the Question

The decision-making process involved in disclosing a cyber incident is a nuanced and delicate dance.  Companies need to consider a myriad of factors, including when to disclose and how much detail to disclose to employees, customers, or regulators, such as the Securities and Exchange Commission (“SEC”).  A New York bank was recently forced to pay … Continue Reading

Who Determines Materiality of Cybersecurity Incidents in Light of Recent SEC Rule Requiring Disclosure of Cybersecurity Incidents?

In December 2023, the U.S. Securities and Exchange Commission’s (“SEC”) new rule requiring disclosure of material cybersecurity incidents became effective. SPB previously analyzed how the new rule applies to incidents affecting third-party vendors and what companies can do to manage reporting risks created by third-party cybersecurity incidents. In the first half of 2024, more than … Continue Reading

Managing and Reporting Third-Party Cybersecurity Incidents Under the New SEC Cyber Risk Regulations

The rules on reporting cybersecurity risks and incidents pose many challenges for companies. Those challenges can be even more difficult when the cybersecurity incident affects third-party systems. With no exceptions for third-party cybersecurity incidents under the new cybersecurity reporting regulations, companies should take proactive steps to assess and respond appropriately to third-party cybersecurity incidents. The … Continue Reading

Yet Another False Claims Act Salvo (now #4) in DOJ’s “Civil Cyber-Fraud Initiative”

We have been tracking and reporting on the U.S. Department of Justice’s Civil Cyber-Fraud Initiative (“CCF Initiative”), which U.S. Deputy Attorney General Lisa O. Monaco announced in October 2021. The CCF Initiative employs the powerful False Claims Act (“FCA”) in an effort to “hold accountable entities or individuals that put U.S. information or systems at … Continue Reading

Live Event:  Avoiding Litigation and Navigating Regulatory Challenges Amid Growing Privacy, Cybersecurity and Artificial Intelligence Scrutiny

Join subject matter experts across policy, litigation, and regulation for an engaging discussion around privacy, cybersecurity, and AI.  This live event will be in our Washington DC office and will include perspectives from in-house leaders, a former FBI agent, an incident response forensic expert, world-class public policy experts, and our privacy and cybersecurity professionals.  The … Continue Reading

Another False Claims Act Salvo in DOJ’s “Civil Cyber-Fraud Initiative”

We previously offered insight into two False Claims Act (“FCA”) enforcement actions brought by the U.S. Department of Justice (“DOJ”) as part of its “Civil Cyber-Fraud Initiative” (“CCF Initiative”).  Deputy Attorney General Lisa O. Monaco announced the CCF Initiative in October 2021, stating that “[t]he initiative will hold accountable entities or individuals that put U.S. … Continue Reading

Corporate and White-Collar Enforcement in 2023–24

As 2022 comes to a close, is it possible to predict a trend for corporate and white-collar enforcement by the U.S. Department of Justice in 2023? Yes: enforcement will increase in 2023, and it will increase yet more in 2024. Understanding the Department as a dispersed, human institution that responds to incentives explains why.… Continue Reading

OFAC Sanctions Virtual Currency Mixer “Tornado Cash”

On August 8, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) sanctioned virtual currency mixer Tornado Cash for having laundered more than USD 7 billion worth of virtual currency since its founding in 2019.  This includes over USD 455 million worth of stolen virtual currency associated with the Lazarus Group, … Continue Reading

Series: Types of Industrial Espionage

Industrial espionage refers to various activities performed to gain an unfair competitive advantage, rather than for national security purposes.  As we discussed in a previous article, the ways in which industrial espionage can affect a company are numerous and include theft of trade secrets and disruption to operation. Section 1832 of the Economic Espionage Act … Continue Reading

New Law Requires 72-Hour Notice for Cyber Incidents

We recently shared a timely post on Consumer Privacy World that, given the focus of, we wanted to call to your attention. “President Biden has recently delivered on a long stated priority of his presidency: requiring the disclosure of cyber security incidents for companies that operate critical infrastructure. After announcing an executive order in May … Continue Reading

4 Compliance Tips Amid Increased Ransomware Scrutiny

In light of two new US Treasury Department advisories signaling increased oversight of ransomware payments, victim companies and their third-party response teams considering making payments should follow certain due diligence and compliance best practices, write Colin Jennings, Ericka Johnson, Dylan Yépez and Elizabeth Weil Shaw in an article for Law360.… Continue Reading

Ransomware Payments can lead to Sanctions and Reporting Obligations for Financial Institutions

With cybercrime on the rise, two U.S. Treasury Department components, the Office of Foreign Assets Control (“OFAC”) and the Financial Crimes Enforcement Network (“FinCEN”), issued advisories on one of the most insidious forms of cyberattack – ransomware.… Continue Reading

Executive Responsibilities and Consequences: A Case Study of Uber’s Data Breaches

Every organization is at risk of a data breach, and can learn something from Uber’s data privacy missteps. In an article for Corporate Compliance Insights, Squire Patton Boggs lawyers Colin Jennings, Ericka Johnson, and Dylan Yépez offer key takeaways from the company’s high-profile data breaches and the criminal charges that followed.… Continue Reading

Lying in Wait: Cybercriminals’ COVID-19 Tactic

As business slowly and cautiously reopens, cybercriminals lie in wait.  A case study into a massive unemployment insurance fraud shows that cybercriminals patiently hunt for  lucrative opportunities to strike.  For that reason, companies reopening should consider conducting a cyber-audit to identify their cyber vulnerabilities and thwart cybercriminals lying in wait.… Continue Reading

Threat of Iranian Cyberattack Matters to Your Organization

The ongoing Iran-US tensions, and potential for retaliatory cyberattacks, alert each organization to prepare to defend against a cyberattack. Iran has a history of sophisticated cyberattacks in response to increased tensions. In a new client alert, our Data Privacy & Cybersecurity team recommends a thorough review of your people, facilities, networks, and data procedures in response … Continue Reading
LexBlog