Month: March 2019

Credential Stuffing Attacks and What they Mean for Businesses

Over the past few months, Cooley’s incident response team has seen an increase in “Credential Stuffing” attacks. Credential Stuffing is an account takeover attack in which actors obtain user names and passwords available on the dark web from prior data breaches, and then attempt to login to various online accounts […]

Cybersecurity Governance for Maturing Companies

With cyber resilience top of mind for investors, shareholders, regulators and the plaintiffs’ bar, growing organizations can no longer afford to put their cybersecurity efforts on the back burner. Building a cybersecurity program has become an essential element in the growth strategy. But where do you begin? Cooley’s cyber/data/privacy lawyers […]

FTC’s Proposed Amendments to the GLBA Safeguards Rule Seek to Incorporate Requirements from NY DFS Cybersecurity Regulations

On March 5, the FTC announced proposed amendments to the Standards for Safeguarding Customer Information under the Gramm-Leach-Bliley Act (“Safeguards Rule” or “Rule”).  The FTC version of the Safeguards Rule applies to financial institutions that are not governed by federal banking regulators (e.g., FDIC, Federal Reserve, OCC, and NCUA) or […]

California Privacy Legislation Update

With the promulgation of the California Consumer Privacy Act of 2018 (“CCPA”), California has continued its role in pushing bleeding edge privacy and data security legislation.  From the first data breach notification law back in 2003, to the first IoT data security law in 2018, it seems that California will […]