Tag Archives: Steven C. Herzog

The Year That Was: Key Cybersecurity and Privacy Developments in 2023 and Issues for 2024

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog

From left to right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Peter Carey, and Steven C. Herzog. Photos courtesy of Paul, Weiss, Rifkind, Wharton & Garrison LLP.

At the beginning of the year, we predicted that the use of personal information and the protection of data in an evolving threat environment would be the focus of increased legislation, regulation, and regulatory enforcement. And 2023 delivered, with both threat actors and regulators presenting new challenges for technology and legal teams. At the same time, these teams are navigating how to harness the burgeoning potential of rapidly evolving artificial intelligence applications while mitigating associated security, legal, and related risks. Amidst all of the noise, we break down below ten key developments of 2023 that contributed to an increasingly complex legal and data security landscape and prompted business leaders to increase resources and attention to bolster their defenses and ensure compliance with their growing list of legal obligations. We predict a continued flurry of activity in 2024. Continue reading

Theft of Federal Funds Highlights Expanding Cyber Threat from Foreign Actors

by John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

Photos of the authors

From Left to Right: John P. Carlin, Jeh Charles Johnson, Jeannie S. Rhee, Steven C. Herzog, and David Kessler

The Secret Service has reported that APT41, a hacking organization, stole roughly $20 million in federal COVID-19 relief funds by obtaining access to the computer systems of a number of U.S. states beginning in mid-2020.[1]  According to the Secret Service, APT41 is a “Chinese state-sponsored, cyberthreat group that is highly adept at conducting espionage missions and financial crimes for personal gain.”[2]  While experts are uncertain regarding whether the breach by APT41 was ordered by the PRC government or merely tolerated, the Secret Service announcement marks the first public confirmation by a federal agency of a state-affiliated hacking group breaching U.S. cyber defenses to steal federal funds. According to the government, the hackers obtained unemployment insurance funds and Small Business Administration loans from more than a dozen states.[3]  The true scope of the breach remains unclear, with officials speculating that government networks in all 50 states were likely targeted.[4]  The Secret Service has further linked the APT41 intrusion to the organization’s broader efforts to access and interrogate state networks.[5]

Continue reading

NYDFS Fines First Unum and Paul Revere Insurance Companies $1.8 Million for Violations Arising Out of Data Breaches

by H. Christopher Boehning, Michael E. Gertzman, Roberto J. Gonzalez, Jeannie S. Rhee, Richard C. Tarlowe, Steven C. Herzog, and Cole A. Rabinowitz 

On May 13, 2021, the New York Department of Financial Services (“NYDFS”) announced a consent order with First Unum Life Insurance Company of America (“First Unum”) and Paul Revere Life Insurance Company (“Paul Revere”) (collectively the “Companies”), which imposed a $1.8 million penalty for violations of NYDFS’s Cybersecurity Regulation (23 NYCRR 500) (“Part 500”), including false certifications of compliance under 23 NYCRR 500.17. Continue reading

VinDAX Is the Seventh Cryptocurrency Exchange Hacked This Year: What Should Investors Be Considering?

by Mark S. Bergman, Roberto Finzi, Christopher D. Frey, Manuel S. Frey, David S. Huntington, Jeannie S. Rhee, Raphael M. Russo, Jonathan H. Ashtor, Steven C. Herzog, Daniel J. Klein, and Apeksha S. Vora

On November 5, 2019, Vietnam-based cryptocurrency exchange VinDAX was hacked, losing half a million U.S. dollars’ worth of funds spread across 23 different cryptocurrencies.[1] The VinDAX hack marks the latest in a series of cryptocurrency exchange hacks and data breaches that have taken place this year, and is part of a larger and growing trend of digital currency heists that have occurred since Bitcoin, the first cryptocurrency, was introduced in 2008.[2] In July of this year, Japan-based cryptocurrency exchange Bitpoint was also hacked, losing about $32 million in cryptocurrency,[3] and earlier this year, hackers stole $16 million worth of cryptocurrency from New Zealand-based Cryptopia.[4]  Losses from cryptocurrency hacks this year alone are reported to have totaled around $1.39 billion worth of assets.[5] Continue reading