On September 25, 2017, the U.S. Securities and Exchange Commission (“SEC” or the “Commission”) announced the creation of a Cyber Unit within the Enforcement Division in order to further the Division’s “substantial expertise in the detection and pursuit of fraudulent conduct in an increasingly technological and data-driven landscape.”1 Commenting on the launch of the new unit, Enforcement Division Co-Director Stephanie Avakian described “[c]yber-related threats and misconduct” as “among the greatest risks facing investors and the securities industry.”2
In the six months since the Cyber Unit was launched, cybersecurity has remained at the forefront of the SEC’s priorities, repeatedly … Read more
Over the last year, the existential risk posed by cyberattacks and data security vulnerabilities has become one of the top concerns for boards of directors, management, government agencies, and the public. 2017 was punctuated by a series of headline-grabbing breaches affecting scores of companies and hundreds of millions of individuals. At the same time, there were fast-moving changes in the regulatory landscape as regulators across the globe tried to respond to the systemic threats and protect their constituents, while not imposing crippling costs on businesses. Of particular note, the New York Department of Financial Services (“DFS”) cybersecurity regulations went into … Read more
On August 7, 2017, the U.S. Court of Appeals for the Seventh Circuit unanimously upheld Michael Coscia’s conviction on spoofing and commodities fraud charges in United States v. Coscia, No. 16-3017 (KFR), 2017 WL 3381433 (7th Cir. Aug. 7, 2017), rejecting Coscia’s constitutional challenge to the anti-spoofing statutory provision and finding Coscia’s conviction adequately supported by the evidence and testimony adduced at trial.
Coscia was the first trader to be convicted under the anti-spoofing provision of the Commodity Exchange Act (“CEA”), 7 U.S.C. § 6c(a)(5). The Seventh Circuit’s decision upholding Coscia’s conviction marks the first time a federal appellate … Read more
In late May, Target Corporation (“Target”) reached an $18.5 million settlement with the Attorneys General (“AGs”) of 47 states and the District of Columbia, resolving the AGs’ investigation into Target’s 2013 data security breach. Target, like other victims of cyber breaches, has faced intense regulatory inquiries based on the incident, along with extensive civil litigation by consumers, shareholders, and financial institutions.
Target’s multistate settlement with regulators – the largest such data breach settlement to date – brings the total amount paid by the company to settle legal claims arising out of the breach to over $130 million, including settlements paid … Read more