Cybersecurity & Data Privacy Update

The Federal Trade Commission (FTC) announced on October 27th that it has expanded the scope of its financial data security rule, which will now require nonbank financial institutions – like vehicle dealers and mortgage brokers – to report data breaches. This new amendment to the FTC Safeguards Rule imposes similar reporting requirements to those already applicable to banks. Specifically, the amendment will require nonbank financial institutions to report to the FTC any data breach affecting 500 or more consumers’ data. The rule gives financial institutions 30 days to report the breach, however the FTC encourages reporting as soon as possible. […]

The Securities and Exchange Commission (SEC) announced charges against SolarWinds Corp. and its chief information security officer (CISO), accusing the publicly traded company of misleading investors as to its vulnerability to cyberattacks. SolarWinds is accused of defrauding investors by overstating its cybersecurity practices, while failing to implement appropriate internal digital safeguards and ignoring red flags for years before announcing that it was the victim of a two-year long cyber attack in December 2020. This landmark lawsuit represents the first time in an SEC cyber case that the commission has alleged that an organization intended to deceive investors. Perhaps even more […]