Over the last year, the existential risk posed by cyberattacks and data security vulnerabilities has become one of the top concerns for boards of directors, management, government agencies, and the public. 2017 was punctuated by a series of headline-grabbing breaches affecting scores of companies and hundreds of millions of individuals. At the same time, there were fast-moving changes in the regulatory landscape as regulators across the globe tried to respond to the systemic threats and protect their constituents, while not imposing crippling costs on businesses. Of particular note, the New York Department of Financial Services (“DFS”) cybersecurity regulations went into … Read more
In late May, Target Corporation (“Target”) reached an $18.5 million settlement with the Attorneys General (“AGs”) of 47 states and the District of Columbia, resolving the AGs’ investigation into Target’s 2013 data security breach. Target, like other victims of cyber breaches, has faced intense regulatory inquiries based on the incident, along with extensive civil litigation by consumers, shareholders, and financial institutions.
Target’s multistate settlement with regulators – the largest such data breach settlement to date – brings the total amount paid by the company to settle legal claims arising out of the breach to over $130 million, including settlements paid … Read more