Posts Tagged ‘cybersecurity’
Two Companies, Two Cyber Enforcement Actions
These may be the final days of the Biden Administration, but enforcement in cybersecurity still marches onward: two different regulators just sanctioned two different companies for two different types of cybersecurity failure. Let’s take a look. First is GoDaddy.com, one of the largest web hosting businesses in the world. The Federal Trade Commission spanked GoDaddy…
Read MoreMortgage Firms Fined on Cybersecurity Fails
State banking regulators have fined three home mortgage businesses and their corporate parent $20 million for a data breach in 2021 that uncovered a raft of poor cybersecurity practices at the firms. The offending companies will now need to implement an extensive remediation plan, and as usual, the rest of us have numerous lessons to…
Read MoreTwo Insurers Nailed on Data Breaches
Just in time for Thanksgiving, regulators in New York have served up a double helping of cybersecurity enforcement, against two large insurance firms that repeatedly failed to remediate known weaknesses in their IT systems that left customers’ personal data vulnerable to thieves. The New York attorney general and the Department of Financial Services announced their…
Read MoreSEC Hits Four Cos. on Cyber
The Securities and Exchange Commission sanctioned four companies this week for poor disclosure of cybersecurity incidents they suffered, the latest reminder from the agency that it expects companies to be more forthcoming with investors about the cyber issues they have. The sanctions were announced Tuesday against four companies, all of which made inadequate or misleading…
Read MoreJustice Dept. Talks AI Concerns
The Justice Department wants companies tinkering with artificial intelligence to be more open-minded about testing their AI systems and products for vulnerabilities, and specifically wants them to adopt a “vulnerability disclosure program” much the same way tech companies already disclose software bugs. So says Nicole Argentieri, head of the Criminal Division, who delivered a speech…
Read MoreMore Lessons on Cyber Control Failures
We have another glimpse into modern cybersecurity threats and the control weaknesses that allow those threats to happen, courtesy of an enforcement action against a financial services firm that twice was duped by hackers into selling their customers’ assets. The financial services firm is Equiniti Trust Co., a registered transfer agent — that is, a…
Read MoreLast Week’s Cybersecurity Disasters
There are decades when nothing happens, and weeks when decades happen. Last week was definitely one of those latter periods for CISOs, internal auditors, compliance officers, and anyone else charged with worrying about cybersecurity. Just consider what happened last week: On Tuesday, UnitedHealth reported spending nearly $1 billion on recovery costs from a ransomware attack…
Read MoreUnitedHealth’s Big Cyber Compliance Mess
UnitedHealth filed its latest quarterly earnings report today, complete with an update on the staggering costs of a ransomware attack the healthcare giant suffered earlier this year — and if anyone needs a fresh example of how cyber attacks can tie your company into compliance knots, pull up a chair. The attack itself happened in…
Read MoreInternal Accounting Controls and Cyber Risk
Today I want to return to that recent enforcement action against RR Donnelley, where the Securities and Exchange Commission cited faulty internal accounting controls at Donnelley as grounds to impose a $2.1 million sanction over the company’s poor handling of a cybersecurity incident. What are internal control professionals supposed to make of an enforcement action…
Read MoreSEC Advice on Ransomware Disclosure
The Securities and Exchange Commission has published fresh advice about when companies need to disclose a ransomware incident to investors, warning that companies will need to perform materiality assessments and be prepared to disclose the attack even if the attack is small and the company returns to normal operations quickly. The agency released five compliance…
Read More